Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Desktop & Taskbar Come And Go......


  • Please log in to reply
11 replies to this topic

#1 mitchshin

mitchshin

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:15 PM

Posted 02 September 2008 - 05:51 PM

Hello,

Recently my desktop and taskbar began disappearing. I can only get it back temporarily by opening Explorer with Task Manager. I last used you guys a few years ago, so let me know if you need any other info. Thanks in advance for any assistance. Below is my HiJackThis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:45:46 PM, on 9/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Gamevance\gamevance32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\verizon\McciBrowser.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=20011&l=dis
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Gamevance Text - {7370F91F-6994-4595-9949-601FA2261C8D} - C:\Program Files\Gamevance\gvtl.dll
O2 - BHO: (no name) - {7D01342A-C68E-42F5-BC4D-97E1B1A1CF30} - C:\WINDOWS\system32\hgGvstSJ.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {E6E8BEE5-3075-4DF1-993D-BEF6343024B0} - C:\WINDOWS\system32\mlJCVlJA.dll (file missing)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [zzz_ImInstaller_IncrediMail] C:\Documents and Settings\Joe\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install(2).exe -startup -product IncrediMail
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O4 - Global Startup: NETGEAR WG311T Wireless Assistant.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Search - ?p=ZRfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer001\MathMLMimer.dll
O18 - Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer001\MathMLMimer.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer001\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer001\MathMLMimer.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: mlJCVlJA - mlJCVlJA.dll (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\SYSTEM32\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Unknown owner - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11622 bytes

BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:15 PM

Posted 02 September 2008 - 07:23 PM

Hello mitchshin

Welcome to BleepingComputer :thumbsup:
========================
Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
===================


Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 mitchshin

mitchshin
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:15 PM

Posted 03 September 2008 - 04:23 PM

OTScanIt logfile created on: 9/3/2008 4:59:16 PM

OTScanIt by OldTimer - Version 1.0.19.0	 Folder = C:\Documents and Settings\Joe\Desktop\OTScanIt

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

510.09 Mb Total Physical Memory | 45.48 Mb Available Physical Memory | 8.92% Memory free

1.22 Gb Paging File | 0.66 Gb Available in Paging File | 54.22% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 145.49 Gb Total Space | 14.37 Gb Free Space | 9.88% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded



Computer Name: FAMILY

Current User Name: Joe

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Whitelist: On



[Processes - Non-Microsoft Only]

ati2evxx.exe -> %SystemRoot%\SYSTEM32\ati2evxx.exe ->  [Ver =  | Size = 397312 bytes | Modified Date = 5/26/2004 12:15:48 AM | Attr =	]

acs.exe -> %SystemRoot%\SYSTEM32\acs.exe ->  [Ver =  | Size = 36864 bytes | Modified Date = 4/6/2005 12:56:22 PM | Attr =	]

isafe.exe -> %ProgramFiles%\Yahoo!\Antivirus\iSafe.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 259184 bytes | Modified Date = 9/9/2005 5:54:20 PM | Attr =	]

guard.exe -> %ProgramFiles%\ewido anti-spyware 4.0\guard.exe -> Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 172032 bytes | Modified Date = 6/16/2006 10:38:44 AM | Attr =	]

mozybackup.exe -> %ProgramFiles%\MozyHome\mozybackup.exe ->  [Ver =  | Size = 87344 bytes | Modified Date = 11/19/2007 5:53:34 PM | Attr =	]

vetmsg.exe -> %ProgramFiles%\Yahoo!\Antivirus\VetMsg.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 201840 bytes | Modified Date = 9/9/2005 5:54:20 PM | Attr =	]

viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 5:38:08 PM | Attr =	]

viewmgr.exe -> %ProgramFiles%\Viewpoint\Viewpoint Manager\ViewMgr.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 42 | Size = 111816 bytes | Modified Date = 11/11/2004 12:15:31 AM | Attr =	]

firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.9.0.1 | Size = 307712 bytes | Modified Date = 9/2/2008 7:16:00 PM | Attr =	]



[Win32 Services - Non-Microsoft Only]

(ACS) Atheros Configuration Service [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\acs.exe ->  [Ver =  | Size = 36864 bytes | Modified Date = 4/6/2005 12:56:22 PM | Attr =	]

(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\ati2evxx.exe ->  [Ver =  | Size = 397312 bytes | Modified Date = 5/26/2004 12:15:48 AM | Attr =	]

(CAISafe) CAISafe [Win32_Own | Auto | Running] -> %ProgramFiles%\Yahoo!\Antivirus\iSafe.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 259184 bytes | Modified Date = 9/9/2005 5:54:20 PM | Attr =	]

(DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe ->  [Ver = 1, 0, 0, 8 | Size = 76848 bytes | Modified Date = 3/7/2007 4:47:46 PM | Attr =	]

(ewido anti-spyware 4.0 guard) ewido anti-spyware 4.0 guard [Win32_Own | Auto | Running] -> %ProgramFiles%\ewido anti-spyware 4.0\guard.exe -> Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 172032 bytes | Modified Date = 6/16/2006 10:38:44 AM | Attr =	]

(GoogleDesktopManager-061008-081103) Google Desktop Manager 5.7.806.10245 [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> File not found

(KodakCCS) Kodak Camera Connection Software [Win32_Own | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\KodakCCS.exe -> Eastman Kodak Company [Ver = 1.1.4700.0 | Size = 282684 bytes | Modified Date = 3/31/2003 3:34:14 PM | Attr =	]

(mozybackup) MozyHome Backup Service [Win32_Own | Auto | Running] -> %ProgramFiles%\MozyHome\mozybackup.exe ->  [Ver =  | Size = 87344 bytes | Modified Date = 11/19/2007 5:53:34 PM | Attr =	]

(VETMSGNT) VET Message Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Yahoo!\Antivirus\VetMsg.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 201840 bytes | Modified Date = 9/9/2005 5:54:20 PM | Attr =	]

(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 5:38:08 PM | Attr =	]



[Driver Services - Non-Microsoft Only]

(adxapie) adxapie [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\Joe\LOCALS~1\Temp\adxapie.sys -> File not found

(AR5211) NETGEAR WG311T V1H3 Wireless Adapter Service [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\WG311T13.sys -> Atheros Communications, Inc. [Ver = 4.0.0.167 | Size = 456384 bytes | Modified Date = 4/6/2005 12:55:38 PM | Attr =	]

(Aspi32) Aspi32 [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\ASPI32.SYS -> Adaptec [Ver = 4.71 (0001) | Size = 17005 bytes | Modified Date = 8/14/2002 3:03:36 PM | Attr =	]

(BANTExt) Belarc SMBios Access [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\BANTExt.sys ->  [Ver =  | Size = 3840 bytes | Modified Date = 3/6/2003 3:48:08 PM | Attr =	]

(Belkin Belkin 11Mbps Wireless USB Network Adapter(R)) Belkin Belkin 11Mbps Wireless USB Network Adapter(R) Service for Belkin 11Mbps Wireless USB Network Adapter [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\bkusbxp.sys -> File not found

(DcCam) Kodak Camera Proxy [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\DcCam.sys -> Eastman Kodak Company [Ver = 1.5.0300.0 | Size = 36730 bytes | Modified Date = 3/31/2003 3:34:14 PM | Attr =	]

(DcFpoint) DcFpoint [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\DcFpoint.sys -> Eastman Kodak Company [Ver = 1.5.0300.0 | Size = 61568 bytes | Modified Date = 3/31/2003 3:34:14 PM | Attr =	]

(DCFS2K) Kodak DCFS2K Driver [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\DCFS2k.sys -> Eastman Kodak Company [Ver = 1.0.3900.0 | Size = 37941 bytes | Modified Date = 2/21/2003 12:57:56 PM | Attr =	]

(DcLps) Legacy Polling Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\DcLps.sys -> Eastman Kodak Company [Ver = 1.5.0300.0 | Size = 8058 bytes | Modified Date = 3/31/2003 3:34:14 PM | Attr =	]

(DcPTP) DcPTP [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\DcPtp.sys -> Eastman Kodak Company [Ver = 1.5.0400.0 | Size = 61114 bytes | Modified Date = 3/31/2003 3:34:14 PM | Attr =	]

(EUSBMSD) eUSB Mass Storage Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\EUSBMSD.SYS -> SCM Microsystems Inc., [Ver = 1.01		| Size = 49235 bytes | Modified Date = 3/20/2000 7:31:18 PM | Attr = R  ]

(ewido anti-spyware 4.0 driver) ewido anti-spyware 4.0 driver [Kernel | System | Running] -> %ProgramFiles%\ewido anti-spyware 4.0\guard.sys ->  [Ver =  | Size = 3968 bytes | Modified Date = 6/16/2006 10:38:54 AM | Attr =	]

(Exportit) Exportit [Kernel | System | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ExportIt.sys -> Eastman Kodak Company [Ver = 1.0.8700.0 | Size = 134421 bytes | Modified Date = 3/31/2003 3:34:14 PM | Attr =	]

(iAimTV2) iAimTV2 [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\wATV03nt.sys -> File not found

(lgatbus) LG USB Composite Device driver (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\lgatbus.sys -> MCCI [Ver = V3.35f | Size = 43024 bytes | Modified Date = 10/15/2002 4:03:34 PM | Attr =	]

(lgatmdm) LG CDMA USB Modem Drivers [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\lgatmdm.sys -> MCCI [Ver = V3.35f | Size = 77104 bytes | Modified Date = 10/15/2002 7:05:00 PM | Attr = R  ]

(lgatserd) LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\lgatserd.sys -> MCCI [Ver = V3.35f | Size = 60816 bytes | Modified Date = 10/15/2002 4:07:30 PM | Attr =	]

(mozyFilter) mozyFilter [File_System | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\mozy.sys -> Mozy, Inc. [Ver = 1,8,6,15 | Size = 52728 bytes | Modified Date = 11/19/2007 5:53:20 PM | Attr =	]

(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\MRAID35X.SYS -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 2:52:12 PM | Attr =	]

(MREMPR5) MREMPR5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Motive\MREMPR5.sys -> Motive, Inc. [Ver = 503.1658.1 | Size = 19345 bytes | Modified Date = 3/11/2007 5:37:19 PM | Attr =	]

(MRENDIS5) MRENDIS5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Motive\MRENDIS5.sys -> Motive, Inc. [Ver = 503.1658.0 | Size = 18003 bytes | Modified Date = 3/11/2007 5:37:20 PM | Attr =	]

(PCAMPR5) PCAMPR5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\PCAMPR5.SYS -> File not found

(PCANDIS5) PCANDIS5 Protocol Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\PCANDIS5.SYS -> File not found

(pcouffin) VSO Software pcouffin [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\pcouffin.sys -> VSO Software [Ver = 1.37 | Size = 47360 bytes | Modified Date = 4/26/2008 12:09:45 PM | Attr =	]

(PLCNDIS5) PLCNDIS5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\PLCNDIS5.SYS -> Intellon, Inc. [Ver = 5.03.16.54 | Size = 17018 bytes | Modified Date = 9/9/2002 2:53:50 PM | Attr =	]

(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SPARROW.SYS -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 3:07:44 PM | Attr =	]

(SVKP) SVKP [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\SVKP.sys -> AntiCracking [Ver = 4.00 | Size = 2368 bytes | Modified Date = 12/3/2004 6:11:17 PM | Attr =	]

(TIEHDUSB) TIEHDUSB [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\tiehdusb.sys -> Texas Instruments Incorporated [Ver = 1.5 | Size = 49536 bytes | Modified Date = 2/4/2004 11:27:56 AM | Attr =	]

(VET-FILT) VET File System Filter [Kernel | System | Running] -> %SystemRoot%\System32\drivers\Vet-Filt.sys -> Computer Associates International, Inc. [Ver = 11.0.7.8 | Size = 21031 bytes | Modified Date = 9/9/2005 5:54:19 PM | Attr =	]

(VET-REC) VET File System Recognizer [Kernel | System | Running] -> %SystemRoot%\System32\drivers\Vet-Rec.sys -> Computer Associates International, Inc. [Ver = 11.0.7.8 | Size = 15478 bytes | Modified Date = 9/9/2005 5:54:19 PM | Attr =	]

(VETEBOOT) VET Boot Scan Engine [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\VetEBoot.sys -> Computer Associates International, Inc. [Ver = 12.4.1.0 | Size = 102398 bytes | Modified Date = 2/2/2006 6:01:16 AM | Attr =	]

(VETEFILE) VET File Scan Engine [Kernel | System | Running] -> %SystemRoot%\System32\drivers\VetEFile.sys -> Computer Associates International, Inc. [Ver = 12.4.1.0 | Size = 590190 bytes | Modified Date = 2/2/2006 6:01:16 AM | Attr =	]

(VETFDDNT) VET Floppy Boot Sector Monitor [Kernel | System | Running] -> %SystemRoot%\System32\drivers\VetFDDNT.sys -> Computer Associates International, Inc. [Ver = 11.0.7.8 | Size = 15735 bytes | Modified Date = 9/9/2005 5:54:19 PM | Attr =	]

(VETMONNT) VET File Monitor [Kernel | System | Running] -> %SystemRoot%\System32\drivers\vetmonnt.sys -> Computer Associates International, Inc. [Ver = 7.1.7.3 | Size = 26099 bytes | Modified Date = 2/27/2006 6:20:49 AM | Attr =	]

(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\wanatw4.sys -> File not found



[Registry - Non-Microsoft Only]

< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe ["C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"] -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 6/6/2005 11:46:24 PM | Attr =	]

AppleSyncNotifier -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe] -> Apple Inc. [Ver = 1, 0, 0, 9 | Size = 116040 bytes | Modified Date = 7/10/2008 9:47:28 AM | Attr =	]

ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe [C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe] -> ATI Technologies, Inc. [Ver = 6.14.10.5103 | Size = 335872 bytes | Modified Date = 5/25/2004 11:35:00 PM | Attr =	]

AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe [C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP] -> GRISOFT, s.r.o. [Ver = 7.5.0.522 | Size = 579584 bytes | Modified Date = 4/15/2008 8:21:23 AM | Attr =	]

CTDVDDet -> %ProgramFiles%\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe [C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE] -> Creative Technology Ltd [Ver = 1.0.2.0 | Size = 45056 bytes | Modified Date = 9/30/2002 2:00:00 AM | Attr =	]

CTHelper -> %SystemRoot%\SYSTEM32\CTHELPER.EXE [CTHELPER.EXE] -> Creative Technology Ltd [Ver = 1, 0, 0, 11 | Size = 28672 bytes | Modified Date = 2/20/2003 5:45:40 PM | Attr =	]

CTSysVol -> %ProgramFiles%\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe [C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe] -> Creative Technology Ltd [Ver = 1.1.3.0 | Size = 49152 bytes | Modified Date = 10/29/2002 10:18:24 AM | Attr =	]

Gamevance -> %ProgramFiles%\Gamevance\gamevance32.exe [C:\Program Files\Gamevance\gamevance32.exe] ->  [Ver =  | Size = 91648 bytes | Modified Date = 8/28/2008 8:23:29 PM | Attr =	]

Google Desktop Search -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe ["C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup] -> File not found

IAAnotif -> %ProgramFiles%\Intel\Intel Application Accelerator\IAAnotif.exe [C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe] -> Intel Corporation [Ver = 4.0.0.6211 | Size = 135168 bytes | Modified Date = 3/23/2004 1:16:16 PM | Attr =	]

iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.7.0.43 | Size = 289064 bytes | Modified Date = 7/10/2008 10:51:32 AM | Attr =	]

PCMService -> %ProgramFiles%\Dell\Media Experience\PCMService.exe ["C:\Program Files\Dell\Media Experience\PCMService.exe"] -> CyberLink Corp. [Ver = 1.0.1611  | Size = 290816 bytes | Modified Date = 4/11/2004 9:15:14 PM | Attr =	]

QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.5 (861) | Size = 413696 bytes | Modified Date = 5/27/2008 10:50:30 AM | Attr =	]

UpdReg -> %SystemRoot%\Updreg.EXE [C:\WINDOWS\UpdReg.EXE] -> Creative Technology Ltd. [Ver = 1.0.2 | Size = 90112 bytes | Modified Date = 5/11/2000 2:00:00 AM | Attr =	]

Verizon_McciTrayApp -> %ProgramFiles%\verizon\McciTrayApp.exe [C:\Program Files\Verizon\McciTrayApp.exe] -> Motive Communications, Inc. [Ver = 5,0,2,56 | Size = 936960 bytes | Modified Date = 3/11/2007 5:37:14 PM | Attr =	]

zzz_ImInstaller_IncrediMail -> %UserProfile%\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install(2).exe [C:\Documents and Settings\Joe\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install(2).exe -startup -product IncrediMail] -> File not found

< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

Skype -> %ProgramFiles%\Skype\Phone\Skype.exe ["C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized] -> Skype Technologies S.A. [Ver = 3.8.0.154 | Size = 21741864 bytes | Modified Date = 8/12/2008 5:13:00 PM | Attr = R  ]

< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 

%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.1.0.2008042300 | Size = 29696 bytes | Modified Date = 4/23/2008 3:38:16 AM | Attr =	]

%AllUsersProfile%\Start Menu\Programs\Startup\MozyHome Status.lnk -> %ProgramFiles%\MozyHome\mozystat.exe ->  [Ver =  | Size = 2311472 bytes | Modified Date = 7/14/2008 11:26:02 AM | Attr =	]

%AllUsersProfile%\Start Menu\Programs\Startup\NETGEAR WG311T Wireless Assistant.lnk -> %ProgramFiles%\NETGEAR\WG311T\wlancfg5.exe ->  [Ver = 4, 1, 4, 306 | Size = 4517888 bytes | Modified Date = 5/9/2005 12:47:22 PM | Attr =	]

%AllUsersProfile%\Start Menu\Programs\Startup\ymetray.lnk -> %ProgramFiles%\Yahoo!\Yahoo! Music Engine\ymetray.exe -> Yahoo! Inc. [Ver = 2.2.2.056 (Build 056) | Size = 54512 bytes | Modified Date = 10/3/2007 2:56:10 PM | Attr =	]

< Joe Startup Folder > -> C:\Documents and Settings\Joe\Start Menu\Programs\Startup -> 

< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 

*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 

C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -> %SystemDrive%\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -> File not found

*MultiFile Done* -> -> 

< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 

{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ewido anti-spyware 4.0\shellexecutehook.dll [ewido anti-spyware 4.0] -> Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 73728 bytes | Modified Date = 6/16/2006 10:38:50 AM | Attr =	]

{E6E8BEE5-3075-4DF1-993D-BEF6343024B0} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mlJCVlJA.dll [] -> File not found

< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 

< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 

explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 6:23:07 AM | Attr =	]

*MultiFile Done* -> -> 

*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 

c:\windows\system32\userinit.exe -> %SystemRoot%\SYSTEM32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/4/2004 3:56:57 AM | Attr =	]

*MultiFile Done* -> -> 

*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 

logonui.exe -> %SystemRoot%\SYSTEM32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 8/4/2004 3:56:50 AM | Attr =	]

*MultiFile Done* -> -> 

*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 

rundll32 shell32 -> %SystemRoot%\SYSTEM32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 11:34:01 PM | Attr =	]

Control_RunDLL "sysdm.cpl" -> %SystemRoot%\SYSTEM32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 8/4/2004 3:56:57 AM | Attr =	]

*MultiFile Done* -> -> 

< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 

mlJCVlJA ->  -> File not found

< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\AllowLegacyWebView -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\AllowUnhashedWebView -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveSearch -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> 

< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 223 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo -> 0 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\_NoDriveTypeAutoRun -> 0 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\Shell\ -> -> 

< CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->

*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 

SCSI miniport ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\SYSTEM32\DRIVERS\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/4/2004 1:59:52 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 

*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 

NEC	 MBR-7	->  -> File not found

NEC	 MBR-7.4  ->  -> File not found

PIONEER CHANGR DRM-1804X ->  -> File not found

PIONEER CD-ROM DRM-6324X ->  -> File not found

PIONEER CD-ROM DRM-624X  ->  -> File not found

TORiSAN CD-ROM CDR_C36 ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 

< Drives with AutoRun files > ->  -> 

autorun.inf [[autorun] | icon=icon.ico | open=FreeMusic.exe | action=Open folder to browse files. | label=USB Device | shell\open\command=FreeMusic.exe | shell\open=Open folder to browse files. | ] -> %SystemDrive%\autorun.inf [ NTFS ] ->  [Ver =  | Size = 169 bytes | Modified Date = 7/12/2008 8:22:33 AM | Attr =  H ]

< HOSTS File > (734 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 

127.0.0.1	   localhost

< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm -> 

HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 

HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 

HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 

< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 

HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm -> 

HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_CURRENT_USER\: Main\\Start Page -> http://www.ask.com/?o=20011&l=dis -> 

HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> 

HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 

HKEY_CURRENT_USER\: ProxyOverride -> localhost;*.local -> 

< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 

1 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1775 domain(s) found. -> 

//@install.mar@ .[msni] -> My Computer -> 

//@mail.mar@ .[msni] -> Local intranet -> 

turbotax.com .[https] -> Trusted sites -> 

30 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 16 range(s) found. -> 

< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 

{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 11/4/2005 7:29:58 PM | Attr =	]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> File not found

{201f27d4-3704-41d6-89c1-aa35e39143ed} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AskBarDis\bar\bin\askBar.dll [AskBar BHO] -> Ask.com [Ver = 4.1.0.2 | Size = 279944 bytes | Modified Date = 7/17/2008 5:20:16 PM | Attr =	]

{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> RealPlayer [Ver = 1.0.1.45 | Size = 370296 bytes | Modified Date = 1/25/2008 6:11:28 PM | Attr =	]

{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Reg Error: Value  does not exist or could not be read.] -> Safer Networking Limited [Ver = 1, 3, 0, 12 | Size = 744960 bytes | Modified Date = 5/12/2004 2:03:00 AM | Attr =	]

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [UberButton Class] -> Yahoo! [Ver = 2005, 5, 26, 1 | Size = 181352 bytes | Modified Date = 5/26/2005 11:39:14 AM | Attr =	]

{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SYSTEM32\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.07b | Size = 118836 bytes | Modified Date = 3/15/2004 2:04:00 AM | Attr =	]

{65D886A2-7CA7-479B-BB95-14D1EFB7946A} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\YIeTagBm.dll [YahooTaggedBM Class] -> Yahoo! Inc. [Ver = 2005, 1, 24, 1 | Size = 115832 bytes | Modified Date = 1/24/2005 9:55:32 AM | Attr =	]

{7370F91F-6994-4595-9949-601FA2261C8D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Gamevance\gvtl.dll [Gamevance Text] ->  [Ver =  | Size = 337408 bytes | Modified Date = 8/28/2008 8:23:34 PM | Attr =	]

{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

{E6E8BEE5-3075-4DF1-993D-BEF6343024B0} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mlJCVlJA.dll [Reg Error: Value  does not exist or could not be read.] -> File not found

{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\browser\YSidebarIEBHO.dll [SidebarAutoLaunch Class] -> Yahoo! Inc. [Ver = 2004, 8, 3, 1 | Size = 124032 bytes | Modified Date = 2/3/2005 5:07:08 PM | Attr =	]

< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 

{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 

{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 

{3041d03e-fd4b-44e0-b742-2d9b88305f98} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AskBarDis\bar\bin\askBar.dll [Ask Toolbar] -> Ask.com [Ver = 4.1.0.2 | Size = 279944 bytes | Modified Date = 7/17/2008 5:20:16 PM | Attr =	]

< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 

WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

WebBrowser\\{5BED3930-2E9E-76D8-BACC-80DF2188D455} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 11/4/2005 7:29:58 PM | Attr =	]

< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Verizon Yahoo! Services] -> Yahoo! [Ver = 2005, 5, 26, 1 | Size = 181352 bytes | Modified Date = 5/26/2005 11:39:14 AM | Attr =	]

{85d1f590-48f4-11d9-9669-0800200c9a66}:Exec -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> File not found

{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.3690 | Size = 66672 bytes | Modified Date = 9/1/2004 12:26:48 PM | Attr =	]

{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}:Exec -> %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [PartyPoker.com] -> File not found

{d81ca86b-ef63-42af-bee3-4502d9a03c2d}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [MUSICMATCH MX Web Player] -> File not found

< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 

CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [UberButton Class] -> Yahoo! [Ver = 2005, 5, 26, 1 | Size = 181352 bytes | Modified Date = 5/26/2005 11:39:14 AM | Attr =	]

CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> File not found

CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.3690 | Size = 66672 bytes | Modified Date = 9/1/2004 12:26:48 PM | Attr =	]

CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [PartyPoker.com] -> File not found

< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 

&eBay Search -> %ProgramFiles%\eBay\eBay Toolbar2\eBayTb.dll -> File not found

&Search ->  -> File not found

< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 

PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 

PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 

< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 

MathPlayer 2.10b ->  -> 

< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 

{0062D423-D41E-44B0-9015-7B07DCEE806B} ->	() -> 

{A4EA9E2E-1033-4A2E-A9C8-FBBB78EFAA72} ->	(NETGEAR 108 Mbps Wireless PCI Adapter WG311T) -> 

{E38D077D-6ED2-4D41-B078-42D0BF7C257E} ->	(1394 Net Adapter) -> 

{E5001223-5D40-46E0-A2BB-26D9B7242E2A} ->	(Broadcom NetXtreme 57xx Gigabit Controller) -> 

{EC57911C-93C4-4042-B6D2-A42C44594CD8} ->	(Belkin 11Mbps Wireless USB Network Adapter) -> 

< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 

NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,4,12 | Size = 147456 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000001 -> %SystemRoot%\SYSTEM32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/9/2005 5:54:20 PM | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000002 -> %SystemRoot%\SYSTEM32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/9/2005 5:54:20 PM | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000003 -> %SystemRoot%\SYSTEM32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/9/2005 5:54:20 PM | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000004 -> %SystemRoot%\SYSTEM32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/9/2005 5:54:20 PM | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000005 -> %SystemRoot%\SYSTEM32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/9/2005 5:54:20 PM | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000006 -> %SystemRoot%\SYSTEM32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/9/2005 5:54:20 PM | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000007 -> %SystemRoot%\SYSTEM32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/9/2005 5:54:20 PM | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000008 -> %SystemRoot%\SYSTEM32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/9/2005 5:54:20 PM | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000009 -> %SystemRoot%\SYSTEM32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/9/2005 5:54:20 PM | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000010 -> %SystemRoot%\SYSTEM32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/9/2005 5:54:20 PM | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000011 -> %SystemRoot%\SYSTEM32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/9/2005 5:54:20 PM | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000012 -> %SystemRoot%\SYSTEM32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/9/2005 5:54:20 PM | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000013 -> %SystemRoot%\SYSTEM32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/9/2005 5:54:20 PM | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000014 -> %SystemRoot%\SYSTEM32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/9/2005 5:54:20 PM | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000015 -> %SystemRoot%\SYSTEM32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/9/2005 5:54:20 PM | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000016 -> %SystemRoot%\SYSTEM32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/9/2005 5:54:20 PM | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000017 -> %SystemRoot%\SYSTEM32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/9/2005 5:54:20 PM | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000018 -> %SystemRoot%\SYSTEM32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/9/2005 5:54:20 PM | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000019 -> %SystemRoot%\SYSTEM32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/9/2005 5:54:20 PM | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000020 -> %SystemRoot%\SYSTEM32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/9/2005 5:54:20 PM | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000021 -> %SystemRoot%\SYSTEM32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/9/2005 5:54:20 PM | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000022 -> %SystemRoot%\SYSTEM32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/9/2005 5:54:20 PM | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000023 -> %SystemRoot%\SYSTEM32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/9/2005 5:54:20 PM | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000024 -> %SystemRoot%\SYSTEM32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/9/2005 5:54:20 PM | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000025 -> %SystemRoot%\SYSTEM32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/9/2005 5:54:20 PM | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000026 -> %SystemRoot%\SYSTEM32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/9/2005 5:54:20 PM | Attr =	]

Protocol_Catalog9\Catalog_Entries\000000000027 -> %SystemRoot%\SYSTEM32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/9/2005 5:54:20 PM | Attr =	]

< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 

belarc:{6318E0AB-2E93-11D1-B8ED-00608CC9A71F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Belarc\Advisor\System\BAVoilaX.dll[VoilaXctl Class] -> Belarc, Inc. [Ver = 6.1 | Size = 33280 bytes | Modified Date = 1/22/2004 8:44:20 PM | Attr =	]

ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value

msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value

skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 29, 0 | Size = 1942864 bytes | Modified Date = 8/12/2008 5:13:00 PM | Attr = R  ]

< Protocol Filters [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ -> 

application/xhtml+xml:{32F66A26-7614-11D4-BD11-00104BD3F987}[HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Design Science\MathPlayer001\MathMLMimer.dll[MathPlayer Mime Filter Class] -> Design Science, Inc. [Ver = 2007.05.09.00 | Size = 133584 bytes | Modified Date = 5/9/2007 9:41:32 AM | Attr =	]

application/xhtml+xml; charset=iso-8859-1:{32F66A26-7614-11D4-BD11-00104BD3F987}[HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Design Science\MathPlayer001\MathMLMimer.dll[MathPlayer Mime Filter Class] -> Design Science, Inc. [Ver = 2007.05.09.00 | Size = 133584 bytes | Modified Date = 5/9/2007 9:41:32 AM | Attr =	]

application/xhtml+xml; charset=utf-8:{32F66A26-7614-11D4-BD11-00104BD3F987}[HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Design Science\MathPlayer001\MathMLMimer.dll[MathPlayer Mime Filter Class] -> Design Science, Inc. [Ver = 2007.05.09.00 | Size = 133584 bytes | Modified Date = 5/9/2007 9:41:32 AM | Attr =	]

text/xml:{32F66A26-7614-11D4-BD11-00104BD3F987}[HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Design Science\MathPlayer001\MathMLMimer.dll[MathPlayer Mime Filter Class] -> Design Science, Inc. [Ver = 2007.05.09.00 | Size = 133584 bytes | Modified Date = 5/9/2007 9:41:32 AM | Attr =	]

text/xml; charset=iso-8859-1:{32F66A26-7614-11D4-BD11-00104BD3F987}[HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Design Science\MathPlayer001\MathMLMimer.dll[MathPlayer Mime Filter Class] -> Design Science, Inc. [Ver = 2007.05.09.00 | Size = 133584 bytes | Modified Date = 5/9/2007 9:41:32 AM | Attr =	]

text/xml; charset=utf-8:{32F66A26-7614-11D4-BD11-00104BD3F987}[HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Design Science\MathPlayer001\MathMLMimer.dll[MathPlayer Mime Filter Class] -> Design Science, Inc. [Ver = 2007.05.09.00 | Size = 133584 bytes | Modified Date = 5/9/2007 9:41:32 AM | Attr =	]

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 

{D719897A-B07A-4C0C-AEA9-9B663A28DFCB}[HKEY_LOCAL_MACHINE] -> http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab[iTunesDetector Class] -> 

Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> 

< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AktiveSekurity.ocx\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AktiveSekurity.ocx\\.Owner -> {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AktiveSekurity.ocx\\{0F9B4CA4-A30F-480A-841D-69B45C50A8F8} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/dmx.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/dmx.dll\\.Owner -> {6D3CED33-9C0A-44BA-AAB9-252EE67A436C} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/dmx.dll\\{6D3CED33-9C0A-44BA-AAB9-252EE67A436C} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ConnectorLauncher.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ConnectorLauncher.dll\\.Owner -> {70647AB5-18FD-4142-82B0-5852478DD0D4} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ConnectorLauncher.dll\\{70647AB5-18FD-4142-82B0-5852478DD0D4} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/dmx.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/dmx.dll\\.Owner -> {6D3CED33-9C0A-44BA-AAB9-252EE67A436C} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/dmx.dll\\{6D3CED33-9C0A-44BA-AAB9-252EE67A436C} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/minigolf_affiliate.exe\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/minigolf_affiliate.exe\\.Owner -> {FF65677A-8977-48CA-916A-DFF81B037DF3} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/minigolf_affiliate.exe\\{FF65677A-8977-48CA-916A-DFF81B037DF3} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\\.Owner -> {17492023-C23A-453E-A040-C7C580BBF700} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/hsrb.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/hsrb.dll\\.Owner -> {DE910060-8EFB-44B9-B492-75180696643F} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/hsrb.dll\\{DE910060-8EFB-44B9-B492-75180696643F} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> {17492023-C23A-453E-A040-C7C580BBF700} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/msvcp60.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/msvcp60.dll\\.Owner -> Unknown Owner -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/msvcp60.dll\\{6D3CED33-9C0A-44BA-AAB9-252EE67A436C} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/WildApp.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/WildApp.dll\\.Owner -> {FF65677A-8977-48CA-916A-DFF81B037DF3} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/WildApp.dll\\{FF65677A-8977-48CA-916A-DFF81B037DF3} ->  -> 





[Registry - Additional Scans - Non-Microsoft Only]

< BotCheck > -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> N -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\\DisableMonitoring -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\\DoNotAllowXPSP2 -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\\EnableFirewall -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->

*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 

msv1_0 -> %SystemRoot%\SYSTEM32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 3:56:43 AM | Attr =	]

C:\WINDOWS\system32\hgGvstSJ -> %SystemRoot%\SYSTEM32\hgGvstSJ.dll ->  [Ver =  | Size = 312832 bytes | Modified Date = 8/29/2008 6:55:23 PM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0  [binary data] -> 

*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 

kerberos -> %SystemRoot%\SYSTEM32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 1:49:30 PM | Attr =	]

msv1_0 -> %SystemRoot%\SYSTEM32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 3:56:43 AM | Attr =	]

schannel -> %SystemRoot%\SYSTEM32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 10:21:15 AM | Attr =	]

wdigest -> %SystemRoot%\SYSTEM32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/24/2006 12:37:50 AM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 880 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing ->  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 

*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 

scecli -> %SystemRoot%\SYSTEM32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 3:56:44 AM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 

*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 

Windows NT Access Provider ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\SYSTEM32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 3:56:44 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 56 44 E4 06 6C B1 08 59 15 7F AD 89 8A 91 E3 22 38 37 34 61 36 65 35 32 00 00 00 00 01 00 00 00 C4 01 00 00 C8 01 00 00 34 CA 06 00 45 9D BF 71 04 00 00 00 10 00 00 00 00 00 00 00 1E 3B 7E 4C  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 99 01 FB 24 87 9A A8 6F 21  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 6B 06 88 D6 81 0F  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 7F AA 48 05 0F BC D8 ED 41 11 0E E2 BC 9B 56 A3  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 64 3B 2D F0 DD D0 C4 01  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 D9 4A 94 F8 79 C4 01  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 D9 4A 94 F8 79 C4 01  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 80 6F E3 94 F8 79 C4 01  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\SYSTEM32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:56:57 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 76098 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\SYSTEM32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 3:56:42 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\S\ -> -> 

-> Reg Error: Key does not exist or could not be opened. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> [Binary data over 100 bytes] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{E5001223-5D40-46E0-A2BB-26D9B7242E2A} -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{E38D077D-6ED2-4D41-B078-42D0BF7C257E} -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{9E51437E-0C86-466D-BFBB-548E8E65E268} -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{8D552D79-72CA-424B-A369-3390416C950B} -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{BE7B3417-D91C-44E6-BBDF-13667247C49A} -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\SYSTEM32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:56:57 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\SYSTEM32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 3:56:46 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 4 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 





[Files/Folders - Created Within 30 days]

mozy.sys -> %SystemRoot%\System32\drivers\mozy.sys -> Mozy, Inc. [Ver = 1,8,6,15 | Size = 52728 bytes | Created Date = 9/1/2008 6:56:15 AM | Attr =	]

acLoonpo.ini2 -> %SystemRoot%\System32\acLoonpo.ini2 ->  [Ver =  | Size = 347 bytes | Created Date = 8/30/2008 3:31:04 AM | Attr =  HS]

dfgfLkkj.ini2 -> %SystemRoot%\System32\dfgfLkkj.ini2 ->  [Ver =  | Size = 347 bytes | Created Date = 8/30/2008 12:17:38 AM | Attr =  HS]

ezsidmv.dat -> %SystemRoot%\System32\ezsidmv.dat ->  [Ver =  | Size = 56 bytes | Created Date = 8/31/2008 10:54:12 PM | Attr =  H ]

fccdArRj.dll -> %SystemRoot%\System32\fccdArRj.dll ->  [Ver =  | Size = 311296 bytes | Created Date = 9/1/2008 12:00:48 AM | Attr =	]

hgGvstSJ.dll -> %SystemRoot%\System32\hgGvstSJ.dll ->  [Ver =  | Size = 312832 bytes | Created Date = 8/29/2008 6:55:20 PM | Attr =	]

jRrAdccf.ini -> %SystemRoot%\System32\jRrAdccf.ini ->  [Ver =  | Size = 703358 bytes | Created Date = 9/1/2008 12:00:59 AM | Attr =  HS]

jRrAdccf.ini2 -> %SystemRoot%\System32\jRrAdccf.ini2 ->  [Ver =  | Size = 347 bytes | Created Date = 9/1/2008 12:01:15 AM | Attr =  HS]

JStsvGgh.ini -> %SystemRoot%\System32\JStsvGgh.ini ->  [Ver =  | Size = 345 bytes | Created Date = 8/29/2008 6:55:25 PM | Attr =  HS]

JStsvGgh.ini2 -> %SystemRoot%\System32\JStsvGgh.ini2 ->  [Ver =  | Size = 345 bytes | Created Date = 8/29/2008 6:55:26 PM | Attr =  HS]

scripting -> %SystemRoot%\System32\scripting ->  [Folder | Created Date = 8/22/2008 11:01:31 PM | Attr =	]

25 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 

hpoins28.dat -> %SystemRoot%\hpoins28.dat ->  [Ver =  | Size = 157529 bytes | Created Date = 8/24/2008 12:42:18 PM | Attr =	]

hpoins28.dat.temp -> %SystemRoot%\hpoins28.dat.temp ->  [Ver =  | Size = 156895 bytes | Created Date = 8/15/2008 11:16:03 PM | Attr =	]

hpomdl28.dat -> %SystemRoot%\hpomdl28.dat ->  [Ver =  | Size = 932 bytes | Created Date = 8/24/2008 12:42:18 PM | Attr =	]

hpomdl28.dat.temp -> %SystemRoot%\hpomdl28.dat.temp ->  [Ver =  | Size = 932 bytes | Created Date = 8/15/2008 11:16:02 PM | Attr =	]

l2schemas -> %SystemRoot%\l2schemas ->  [Folder | Created Date = 8/22/2008 11:01:29 PM | Attr =	]

28 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 

LastGood(2) -> %SystemRoot%\LastGood(2) ->  [Folder | Created Date = 8/25/2008 6:50:15 PM | Attr =	]

Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Created Date = 8/22/2008 11:14:29 PM | Attr =	]

[Files Created - Additional Folder Scans - Non-Microsoft Only]

Skype -> %AllUsersProfile%\Application Data\Skype ->  [Folder | Created Date = 8/31/2008 10:49:43 PM | Attr =	]

WEBREG -> %AllUsersProfile%\Application Data\WEBREG ->  [Folder | Created Date = 8/12/2008 4:13:07 PM | Attr =	]

Skype -> %AppData%\Skype ->  [Folder | Created Date = 8/31/2008 10:53:02 PM | Attr =	]

skypePM -> %AppData%\skypePM ->  [Folder | Created Date = 8/31/2008 10:54:10 PM | Attr =	]

IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 7018718 bytes | Created Date = 8/28/2008 8:57:28 PM | Attr =  H ]

The Weather Channel -> %UserProfile%\Local Settings\Application Data\The Weather Channel ->  [Folder | Created Date = 8/28/2008 11:32:47 PM | Attr =	]

Caroline 1 BD.hmk -> %UserProfile%\My Documents\Caroline 1 BD.hmk ->  [Ver =  | Size = 837632 bytes | Created Date = 8/24/2008 12:41:02 PM | Attr =	]

ezcamUSB_W2K -> %UserProfile%\My Documents\ezcamUSB_W2K ->  [Folder | Created Date = 8/31/2008 11:02:03 PM | Attr =	]

6 C:\Documents and Settings\Joe\My Documents\*.tmp files -> C:\Documents and Settings\Joe\My Documents\*.tmp -> 

ezcamUSB_W2K1 -> %UserProfile%\My Documents\ezcamUSB_W2K1 ->  [Folder | Created Date = 8/31/2008 11:04:04 PM | Attr =	]

Invoice38948.pub -> %UserProfile%\My Documents\Invoice38948.pub ->  [Ver =  | Size = 71168 bytes | Created Date = 8/11/2008 5:43:10 PM | Attr =	]

Invoice3898.pub -> %UserProfile%\My Documents\Invoice3898.pub ->  [Ver =  | Size = 71168 bytes | Created Date = 8/11/2008 5:25:21 PM | Attr =	]

Invoice3949.pub -> %UserProfile%\My Documents\Invoice3949.pub ->  [Ver =  | Size = 71168 bytes | Created Date = 8/21/2008 8:44:41 AM | Attr =	]

My Scans -> %UserProfile%\My Documents\My Scans ->  [Folder | Created Date = 8/12/2008 4:24:54 PM | Attr =	]

PO3898.pub -> %UserProfile%\My Documents\PO3898.pub ->  [Ver =  | Size = 70656 bytes | Created Date = 8/5/2008 7:27:21 PM | Attr =	]

PO3998.pub -> %UserProfile%\My Documents\PO3998.pub ->  [Ver =  | Size = 70656 bytes | Created Date = 8/4/2008 9:53:10 PM | Attr =	]

Skype.lnk -> %AllUsersProfile%\Desktop\Skype.lnk ->  [Ver =  | Size = 1870 bytes | Created Date = 8/31/2008 10:50:11 PM | Attr =	]

College Info.doc -> %UserProfile%\Desktop\College Info.doc ->  [Ver =  | Size = 36352 bytes | Created Date = 8/22/2008 9:42:51 PM | Attr =	]

Dell Media Experience.lnk -> %UserProfile%\Desktop\Dell Media Experience.lnk ->  [Ver =  | Size = 1681 bytes | Created Date = 8/21/2008 7:20:25 AM | Attr =	]

HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Created Date = 9/2/2008 5:44:43 PM | Attr =	]

Kane Klan Kuestions.doc -> %UserProfile%\Desktop\Kane Klan Kuestions.doc ->  [Ver =  | Size = 23040 bytes | Created Date = 8/22/2008 9:42:41 PM | Attr =	]

n39900064_31238790_948.jpg -> %UserProfile%\Desktop\n39900064_31238790_948.jpg ->  [Ver =  | Size = 64239 bytes | Created Date = 8/22/2008 6:32:14 PM | Attr =	]

n39902722_31091737_4945.jpg -> %UserProfile%\Desktop\n39902722_31091737_4945.jpg ->  [Ver =  | Size = 47708 bytes | Created Date = 8/22/2008 5:50:24 PM | Attr =	]

n39903076_30965215_8368.jpg -> %UserProfile%\Desktop\n39903076_30965215_8368.jpg ->  [Ver =  | Size = 51199 bytes | Created Date = 8/22/2008 5:46:40 PM | Attr =	]

n39903076_31214431_483.jpg -> %UserProfile%\Desktop\n39903076_31214431_483.jpg ->  [Ver =  | Size = 74269 bytes | Created Date = 8/22/2008 5:42:48 PM | Attr =	]

n39904486_30887016_8536.jpg -> %UserProfile%\Desktop\n39904486_30887016_8536.jpg ->  [Ver =  | Size = 60092 bytes | Created Date = 8/22/2008 5:50:52 PM | Attr =	]

n39904486_30887027_1511.jpg -> %UserProfile%\Desktop\n39904486_30887027_1511.jpg ->  [Ver =  | Size = 54537 bytes | Created Date = 8/22/2008 5:51:48 PM | Attr =	]

n39904486_31092040_4899.jpg -> %UserProfile%\Desktop\n39904486_31092040_4899.jpg ->  [Ver =  | Size = 53971 bytes | Created Date = 8/22/2008 5:46:09 PM | Attr =	]

n39904486_31226668_2945.jpg -> %UserProfile%\Desktop\n39904486_31226668_2945.jpg ->  [Ver =  | Size = 54906 bytes | Created Date = 8/22/2008 5:48:48 PM | Attr =	]

n39904486_31354204_6392.jpg -> %UserProfile%\Desktop\n39904486_31354204_6392.jpg ->  [Ver =  | Size = 54893 bytes | Created Date = 8/22/2008 5:49:26 PM | Attr =	]

n39904993_30925612_2410.jpg -> %UserProfile%\Desktop\n39904993_30925612_2410.jpg ->  [Ver =  | Size = 70830 bytes | Created Date = 8/22/2008 5:47:30 PM | Attr =	]

n39904993_31391110_1602.jpg -> %UserProfile%\Desktop\n39904993_31391110_1602.jpg ->  [Ver =  | Size = 69787 bytes | Created Date = 8/22/2008 6:31:39 PM | Attr =	]

n39904993_31391115_3394.jpg -> %UserProfile%\Desktop\n39904993_31391115_3394.jpg ->  [Ver =  | Size = 68199 bytes | Created Date = 8/22/2008 5:44:11 PM | Attr =	]

n39905146_31202452_9758.jpg -> %UserProfile%\Desktop\n39905146_31202452_9758.jpg ->  [Ver =  | Size = 51420 bytes | Created Date = 8/22/2008 5:45:58 PM | Attr =	]

n39905193_31189868_8527.jpg -> %UserProfile%\Desktop\n39905193_31189868_8527.jpg ->  [Ver =  | Size = 49163 bytes | Created Date = 8/22/2008 5:42:24 PM | Attr =	]

OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Created Date = 9/3/2008 4:57:39 PM | Attr =	]

OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 576581 bytes | Created Date = 9/3/2008 4:39:09 PM | Attr =	]

phimu_scrapbook.psd -> %UserProfile%\Desktop\phimu_scrapbook.psd ->  [Ver =  | Size = 37907682 bytes | Created Date = 8/22/2008 7:00:39 PM | Attr =	]

Thumbs.db -> %UserProfile%\Desktop\Thumbs.db ->  [Ver =  | Size = 95232 bytes | Created Date = 8/23/2008 10:42:51 AM | Attr =  HS]

@Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\Thumbs.db:encryptable

wallpaperviews.vbs -> %UserProfile%\Desktop\wallpaperviews.vbs ->  [Ver =  | Size = 262 bytes | Created Date = 9/1/2008 9:38:56 PM | Attr =	]

Skype -> %CommonProgramFiles%\Skype ->  [Folder | Created Date = 8/31/2008 10:50:06 PM | Attr =	]

AskBarDis -> %ProgramFiles%\AskBarDis ->  [Folder | Created Date = 8/28/2008 8:31:50 PM | Attr =	]

Gamevance -> %ProgramFiles%\Gamevance ->  [Folder | Created Date = 8/28/2008 11:32:47 PM | Attr =	]

MSECache -> %ProgramFiles%\MSECache ->  [Folder | Created Date = 8/11/2008 11:18:00 PM | Attr =	]

Skype -> %ProgramFiles%\Skype ->  [Folder | Created Date = 8/31/2008 10:50:07 PM | Attr =	]

The Weather Channel FW -> %ProgramFiles%\The Weather Channel FW ->  [Folder | Created Date = 8/28/2008 8:23:54 PM | Attr =	]

Trend Micro -> %ProgramFiles%\Trend Micro ->  [Folder | Created Date = 9/2/2008 5:44:42 PM | Attr =	]



[Files/Folders - Modified Within 30 days]

1 C:\*.tmp files -> C:\*.tmp -> 

NTLDR -> %SystemDrive%\NTLDR ->  [Ver =  | Size = 250048 bytes | Modified Date = 8/22/2008 10:54:50 PM | Attr = RHS]

acLoonpo.ini2 -> %SystemRoot%\System32\acLoonpo.ini2 ->  [Ver =  | Size = 347 bytes | Modified Date = 8/30/2008 3:31:04 AM | Attr =  HS]

25 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 

BMXBkpCtrlState-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx -> %SystemRoot%\System32\BMXBkpCtrlState-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx ->  [Ver =  | Size = 29760 bytes | Modified Date = 9/3/2008 10:49:55 AM | Attr =	]

BMXCtrlState-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx -> %SystemRoot%\System32\BMXCtrlState-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx ->  [Ver =  | Size = 29760 bytes | Modified Date = 9/3/2008 10:49:55 AM | Attr =	]

BMXState-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx -> %SystemRoot%\System32\BMXState-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx ->  [Ver =  | Size = 30036 bytes | Modified Date = 9/3/2008 10:49:55 AM | Attr =	]

BMXStateBkp-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx -> %SystemRoot%\System32\BMXStateBkp-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx ->  [Ver =  | Size = 30036 bytes | Modified Date = 9/3/2008 10:49:55 AM | Attr =	]

dfgfLkkj.ini2 -> %SystemRoot%\System32\dfgfLkkj.ini2 ->  [Ver =  | Size = 347 bytes | Modified Date = 8/30/2008 12:17:38 AM | Attr =  HS]

DVCState-{00000004-00000000-00000002-00001102-00000004-10031102}.dat -> %SystemRoot%\System32\DVCState-{00000004-00000000-00000002-00001102-00000004-10031102}.dat ->  [Ver =  | Size = 288 bytes | Modified Date = 9/3/2008 10:49:55 AM | Attr =	]

DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-10031102}.dat -> %SystemRoot%\System32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-10031102}.dat ->  [Ver =  | Size = 288 bytes | Modified Date = 9/3/2008 10:49:55 AM | Attr =	]

ezsidmv.dat -> %SystemRoot%\System32\ezsidmv.dat ->  [Ver =  | Size = 56 bytes | Modified Date = 8/31/2008 10:54:12 PM | Attr =  H ]

fccdArRj.dll -> %SystemRoot%\System32\fccdArRj.dll ->  [Ver =  | Size = 311296 bytes | Modified Date = 9/1/2008 12:00:52 AM | Attr =	]

FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 557232 bytes | Modified Date = 8/23/2008 7:46:46 AM | Attr =	]

hgGvstSJ.dll -> %SystemRoot%\System32\hgGvstSJ.dll ->  [Ver =  | Size = 312832 bytes | Modified Date = 8/29/2008 6:55:23 PM | Attr =	]

jRrAdccf.ini -> %SystemRoot%\System32\jRrAdccf.ini ->  [Ver =  | Size = 703358 bytes | Modified Date = 9/1/2008 12:03:14 AM | Attr =  HS]

jRrAdccf.ini2 -> %SystemRoot%\System32\jRrAdccf.ini2 ->  [Ver =  | Size = 347 bytes | Modified Date = 9/1/2008 12:01:15 AM | Attr =  HS]

JStsvGgh.ini -> %SystemRoot%\System32\JStsvGgh.ini ->  [Ver =  | Size = 345 bytes | Modified Date = 9/3/2008 4:56:58 PM | Attr =  HS]

JStsvGgh.ini2 -> %SystemRoot%\System32\JStsvGgh.ini2 ->  [Ver =  | Size = 345 bytes | Modified Date = 9/3/2008 4:57:02 PM | Attr =  HS]

PERFC009.DAT -> %SystemRoot%\System32\PERFC009.DAT ->  [Ver =  | Size = 64200 bytes | Modified Date = 8/22/2008 11:17:41 PM | Attr =	]

PERFH009.DAT -> %SystemRoot%\System32\PERFH009.DAT ->  [Ver =  | Size = 407670 bytes | Modified Date = 8/22/2008 11:17:41 PM | Attr =	]

settings.sfm -> %SystemRoot%\System32\settings.sfm ->  [Ver =  | Size = 1080 bytes | Modified Date = 9/3/2008 10:49:55 AM | Attr =	]

settingsbkup.sfm -> %SystemRoot%\System32\settingsbkup.sfm ->  [Ver =  | Size = 1080 bytes | Modified Date = 9/3/2008 10:49:55 AM | Attr =	]

WPA.DBL -> %SystemRoot%\System32\WPA.DBL ->  [Ver =  | Size = 1170 bytes | Modified Date = 9/2/2008 7:53:30 PM | Attr =	]

28 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 

BOOTSTAT.DAT -> %SystemRoot%\BOOTSTAT.DAT ->  [Ver =  | Size = 2048 bytes | Modified Date = 9/2/2008 7:29:41 PM | Attr =   S]

hpoins28.dat -> %SystemRoot%\hpoins28.dat ->  [Ver =  | Size = 157529 bytes | Modified Date = 8/24/2008 1:06:39 PM | Attr =	]

hpoins28.dat.temp -> %SystemRoot%\hpoins28.dat.temp ->  [Ver =  | Size = 156895 bytes | Modified Date = 8/23/2008 7:29:22 AM | Attr =	]

mozver.dat -> %SystemRoot%\mozver.dat ->  [Ver =  | Size = 6457 bytes | Modified Date = 8/30/2008 12:02:33 AM | Attr =	]

mozy.blk -> %SystemRoot%\mozy.blk ->  [Ver =  | Size = 4722 bytes | Modified Date = 9/2/2008 6:54:31 AM | Attr =	]

mozy.flt -> %SystemRoot%\mozy.flt ->  [Ver =  | Size = 2136 bytes | Modified Date = 9/2/2008 6:54:30 AM | Attr =	]

WIN.INI -> %SystemRoot%\WIN.INI ->  [Ver =  | Size = 702 bytes | Modified Date = 8/24/2008 1:03:49 PM | Attr =	]

WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 9/1/2008 9:39:25 PM | Attr = RH ]

wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 953 bytes | Modified Date = 8/31/2008 10:33:04 PM | Attr =	]

wpd99.drv -> %SystemRoot%\wpd99.drv ->  [Ver =  | Size = 48 bytes | Modified Date = 8/31/2008 10:36:13 PM | Attr =	]

{00000004-00000000-00000002-00001102-00000004-10031102}.CDF -> %SystemRoot%\{00000004-00000000-00000002-00001102-00000004-10031102}.CDF ->  [Ver =  | Size = 4481358 bytes | Modified Date = 9/2/2008 7:28:31 PM | Attr =	]

AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 8/28/2008 8:45:06 PM | Attr =	]

SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 9/2/2008 7:29:47 PM | Attr =  H ]

Symantec NetDetect.job -> %SystemRoot%\tasks\Symantec NetDetect.job ->  [Ver =  | Size = 360 bytes | Modified Date = 9/3/2008 6:54:00 AM | Attr =	]

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 8/18/2004 11:46:21 PM | Attr =	]

qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 5306 bytes | Modified Date = 8/25/2008 6:32:33 PM | Attr =	]

qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 8/25/2008 6:32:33 PM | Attr =	]

C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data ->  [Folder | Modified Date = 8/24/2004 6:16:58 PM | Attr =	]

data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat ->  [Ver =  | Size = 1560 bytes | Modified Date = 8/24/2004 6:17:01 PM | Attr =	]

C:\Documents and Settings\All Users\Application Data\Microsoft\Plus! Digital Media Edition\data\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Plus! Digital Media Edition\data ->  [Folder | Modified Date = 8/24/2004 9:14:37 PM | Attr =	]

data.data -> C:\Documents and Settings\All Users\Application Data\Microsoft\Plus! Digital Media Edition\data\data.data ->  [Ver =  | Size = 13174 bytes | Modified Date = 8/24/2004 9:15:45 PM | Attr =	]

C:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works ->  [Folder | Modified Date = 5/20/2008 12:00:30 AM | Attr =	]

wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 11/30/2004 12:22:21 PM | Attr =	]

wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat ->  [Ver =  | Size = 191031 bytes | Modified Date = 7/22/2008 6:36:19 PM | Attr =	]

C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp ->  [Folder | Modified Date = 9/3/2008 4:37:54 PM | Attr =	]

Perflib_Perfdata_7c8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_7c8.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 9/15/2007 10:03:06 AM | Attr =	]

3 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 

[Files Modified - Additional Folder Scans - Non-Microsoft Only]

GDIPFONTCACHEV1.DAT -> %AppData%\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 187288 bytes | Modified Date = 8/7/2008 9:56:11 PM | Attr =	]

wklnhst.dat -> %AppData%\wklnhst.dat ->  [Ver =  | Size = 36324 bytes | Modified Date = 9/1/2008 7:07:58 PM | Attr =	]

IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 7018718 bytes | Modified Date = 9/1/2008 9:40:17 PM | Attr =  H ]

Caroline 1 BD.hmk -> %UserProfile%\My Documents\Caroline 1 BD.hmk ->  [Ver =  | Size = 837632 bytes | Modified Date = 8/24/2008 12:41:03 PM | Attr =	]

6 C:\Documents and Settings\Joe\My Documents\*.tmp files -> C:\Documents and Settings\Joe\My Documents\*.tmp -> 

Invoice38948.pub -> %UserProfile%\My Documents\Invoice38948.pub ->  [Ver =  | Size = 71168 bytes | Modified Date = 8/11/2008 6:24:37 PM | Attr =	]

Invoice3898.pub -> %UserProfile%\My Documents\Invoice3898.pub ->  [Ver =  | Size = 71168 bytes | Modified Date = 8/11/2008 5:43:11 PM | Attr =	]

Invoice3949.pub -> %UserProfile%\My Documents\Invoice3949.pub ->  [Ver =  | Size = 71168 bytes | Modified Date = 8/22/2008 9:41:49 PM | Attr =	]

PO3898.pub -> %UserProfile%\My Documents\PO3898.pub ->  [Ver =  | Size = 70656 bytes | Modified Date = 8/5/2008 7:27:42 PM | Attr =	]

PO3998.pub -> %UserProfile%\My Documents\PO3998.pub ->  [Ver =  | Size = 70656 bytes | Modified Date = 8/4/2008 9:56:11 PM | Attr =	]

Thumbs.db -> %UserProfile%\My Documents\Thumbs.db ->  [Ver =  | Size = 187392 bytes | Modified Date = 8/7/2008 9:38:22 PM | Attr =  HS]

@Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable

USECAR.DOC -> %UserProfile%\My Documents\USECAR.DOC ->  [Ver =  | Size = 43809 bytes | Modified Date = 9/1/2008 1:49:32 PM | Attr =	]

Skype.lnk -> %AllUsersProfile%\Desktop\Skype.lnk ->  [Ver =  | Size = 1870 bytes | Modified Date = 8/31/2008 10:50:11 PM | Attr =	]

College Info.doc -> %UserProfile%\Desktop\College Info.doc ->  [Ver =  | Size = 36352 bytes | Modified Date = 8/22/2008 9:42:46 PM | Attr =	]

Dell Media Experience.lnk -> %UserProfile%\Desktop\Dell Media Experience.lnk ->  [Ver =  | Size = 1681 bytes | Modified Date = 8/21/2008 7:20:25 AM | Attr =	]

DVDFab 5.lnk -> %UserProfile%\Desktop\DVDFab 5.lnk ->  [Ver =  | Size = 618 bytes | Modified Date = 9/1/2008 9:28:07 PM | Attr =	]

HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Modified Date = 9/2/2008 5:44:43 PM | Attr =	]

Kane Klan Kuestions.doc -> %UserProfile%\Desktop\Kane Klan Kuestions.doc ->  [Ver =  | Size = 23040 bytes | Modified Date = 8/22/2008 9:59:11 PM | Attr =	]

n39900064_31238790_948.jpg -> %UserProfile%\Desktop\n39900064_31238790_948.jpg ->  [Ver =  | Size = 64239 bytes | Modified Date = 8/22/2008 6:32:14 PM | Attr =	]

n39902722_31091737_4945.jpg -> %UserProfile%\Desktop\n39902722_31091737_4945.jpg ->  [Ver =  | Size = 47708 bytes | Modified Date = 8/22/2008 5:50:24 PM | Attr =	]

n39903076_30965215_8368.jpg -> %UserProfile%\Desktop\n39903076_30965215_8368.jpg ->  [Ver =  | Size = 51199 bytes | Modified Date = 8/22/2008 5:46:40 PM | Attr =	]

n39903076_31214431_483.jpg -> %UserProfile%\Desktop\n39903076_31214431_483.jpg ->  [Ver =  | Size = 74269 bytes | Modified Date = 8/22/2008 5:42:48 PM | Attr =	]

n39904486_30887016_8536.jpg -> %UserProfile%\Desktop\n39904486_30887016_8536.jpg ->  [Ver =  | Size = 60092 bytes | Modified Date = 8/22/2008 5:50:52 PM | Attr =	]

n39904486_30887027_1511.jpg -> %UserProfile%\Desktop\n39904486_30887027_1511.jpg ->  [Ver =  | Size = 54537 bytes | Modified Date = 8/22/2008 5:51:48 PM | Attr =	]

n39904486_31092040_4899.jpg -> %UserProfile%\Desktop\n39904486_31092040_4899.jpg ->  [Ver =  | Size = 53971 bytes | Modified Date = 8/22/2008 5:46:09 PM | Attr =	]

n39904486_31226668_2945.jpg -> %UserProfile%\Desktop\n39904486_31226668_2945.jpg ->  [Ver =  | Size = 54906 bytes | Modified Date = 8/22/2008 5:48:48 PM | Attr =	]

n39904486_31354204_6392.jpg -> %UserProfile%\Desktop\n39904486_31354204_6392.jpg ->  [Ver =  | Size = 54893 bytes | Modified Date = 8/22/2008 5:49:26 PM | Attr =	]

n39904993_30925612_2410.jpg -> %UserProfile%\Desktop\n39904993_30925612_2410.jpg ->  [Ver =  | Size = 70830 bytes | Modified Date = 8/22/2008 5:47:30 PM | Attr =	]

n39904993_31391110_1602.jpg -> %UserProfile%\Desktop\n39904993_31391110_1602.jpg ->  [Ver =  | Size = 69787 bytes | Modified Date = 8/22/2008 6:31:40 PM | Attr =	]

n39904993_31391115_3394.jpg -> %UserProfile%\Desktop\n39904993_31391115_3394.jpg ->  [Ver =  | Size = 68199 bytes | Modified Date = 8/22/2008 5:44:11 PM | Attr =	]

n39905146_31202452_9758.jpg -> %UserProfile%\Desktop\n39905146_31202452_9758.jpg ->  [Ver =  | Size = 51420 bytes | Modified Date = 8/22/2008 5:45:58 PM | Attr =	]

n39905193_31189868_8527.jpg -> %UserProfile%\Desktop\n39905193_31189868_8527.jpg ->  [Ver =  | Size = 49163 bytes | Modified Date = 8/22/2008 5:42:24 PM | Attr =	]

OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 576581 bytes | Modified Date = 9/3/2008 4:39:09 PM | Attr =	]

phimu_scrapbook.psd -> %UserProfile%\Desktop\phimu_scrapbook.psd ->  [Ver =  | Size = 37907682 bytes | Modified Date = 8/22/2008 7:00:41 PM | Attr =	]

Thumbs.db -> %UserProfile%\Desktop\Thumbs.db ->  [Ver =  | Size = 95232 bytes | Modified Date = 8/23/2008 10:42:59 AM | Attr =  HS]

@Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\Thumbs.db:encryptable

wallpaperviews.vbs -> %UserProfile%\Desktop\wallpaperviews.vbs ->  [Ver =  | Size = 262 bytes | Modified Date = 9/1/2008 9:38:54 PM | Attr =	]

MozyHome Status.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\MozyHome Status.lnk ->  [Ver =  | Size = 642 bytes | Modified Date = 9/1/2008 6:55:35 AM | Attr =	]



< End of report >


#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:15 PM

Posted 03 September 2008 - 07:44 PM

Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YN -> {E6E8BEE5-3075-4DF1-993D-BEF6343024B0} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mlJCVlJA.dll []
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {E6E8BEE5-3075-4DF1-993D-BEF6343024B0} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mlJCVlJA.dll [Reg Error: Value  does not exist or could not be read.]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
YY -> C:\WINDOWS\system32\hgGvstSJ -> %SystemRoot%\SYSTEM32\hgGvstSJ.dll
< BotCheck > -> 
[Files/Folders - Created Within 30 days]
NY -> acLoonpo.ini2 -> %SystemRoot%\System32\acLoonpo.ini2
NY -> dfgfLkkj.ini2 -> %SystemRoot%\System32\dfgfLkkj.ini2
NY -> ezsidmv.dat -> %SystemRoot%\System32\ezsidmv.dat
NY -> fccdArRj.dll -> %SystemRoot%\System32\fccdArRj.dll
NY -> hgGvstSJ.dll -> %SystemRoot%\System32\hgGvstSJ.dll
NY -> jRrAdccf.ini -> %SystemRoot%\System32\jRrAdccf.ini
NY -> jRrAdccf.ini2 -> %SystemRoot%\System32\jRrAdccf.ini2
NY -> JStsvGgh.ini -> %SystemRoot%\System32\JStsvGgh.ini
NY -> JStsvGgh.ini2 -> %SystemRoot%\System32\JStsvGgh.ini2
[Files/Folders - Modified Within 30 days]
NY -> acLoonpo.ini2 -> %SystemRoot%\System32\acLoonpo.ini2
NY -> ezsidmv.dat -> %SystemRoot%\System32\ezsidmv.dat
NY -> fccdArRj.dll -> %SystemRoot%\System32\fccdArRj.dll
NY -> hgGvstSJ.dll -> %SystemRoot%\System32\hgGvstSJ.dll
NY -> jRrAdccf.ini -> %SystemRoot%\System32\jRrAdccf.ini
NY -> jRrAdccf.ini2 -> %SystemRoot%\System32\jRrAdccf.ini2
NY -> JStsvGgh.ini -> %SystemRoot%\System32\JStsvGgh.ini
NY -> JStsvGgh.ini2 -> %SystemRoot%\System32\JStsvGgh.ini2
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed either a message box will popup telling you that it is finished or you will be asked to reboot to finish the fix. If it is finished, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.
If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that information back here.
I will review the information when it comes back in.
Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 mitchshin

mitchshin
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:15 PM

Posted 04 September 2008 - 05:10 AM

Thank you very much.
Here is Final log...


Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{E6E8BEE5-3075-4DF1-993D-BEF6343024B0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6E8BEE5-3075-4DF1-993D-BEF6343024B0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E6E8BEE5-3075-4DF1-993D-BEF6343024B0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6E8BEE5-3075-4DF1-993D-BEF6343024B0}\ not found.
[Registry - Additional Scans - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\hgGvstSJ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\hgGvstSJ.dll
C:\WINDOWS\SYSTEM32\hgGvstSJ.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\hgGvstSJ.dll moved successfully.
[Files/Folders - Created Within 30 days]
C:\WINDOWS\System32\acLoonpo.ini2 moved successfully.
C:\WINDOWS\System32\dfgfLkkj.ini2 moved successfully.
C:\WINDOWS\System32\ezsidmv.dat moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\fccdArRj.dll
C:\WINDOWS\System32\fccdArRj.dll NOT unregistered.
C:\WINDOWS\System32\fccdArRj.dll moved successfully.
File C:\WINDOWS\System32\hgGvstSJ.dll not found!
C:\WINDOWS\System32\jRrAdccf.ini moved successfully.
C:\WINDOWS\System32\jRrAdccf.ini2 moved successfully.
C:\WINDOWS\System32\JStsvGgh.ini moved successfully.
C:\WINDOWS\System32\JStsvGgh.ini2 moved successfully.
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\System32\acLoonpo.ini2 not found!
File C:\WINDOWS\System32\ezsidmv.dat not found!
File C:\WINDOWS\System32\fccdArRj.dll not found!
File C:\WINDOWS\System32\hgGvstSJ.dll not found!
File C:\WINDOWS\System32\jRrAdccf.ini not found!
File C:\WINDOWS\System32\jRrAdccf.ini2 not found!
File C:\WINDOWS\System32\JStsvGgh.ini not found!
File C:\WINDOWS\System32\JStsvGgh.ini2 not found!
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Joe\Local Settings\Temp\etilqs_ElsUqy7r8G0CXHYS8C7K scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Joe\Local Settings\Temp\~DF7B4E.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7c8.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Joe\Local Settings\Application Data\Mozilla\Firefox\Profiles\d59kwaj7.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Joe\Local Settings\Application Data\Mozilla\Firefox\Profiles\d59kwaj7.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Joe\Local Settings\Application Data\Mozilla\Firefox\Profiles\d59kwaj7.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Joe\Local Settings\Application Data\Mozilla\Firefox\Profiles\d59kwaj7.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Joe\Local Settings\Application Data\Mozilla\Firefox\Profiles\d59kwaj7.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.19.0 fix logfile created on 09032008_232014

Files moved on Reboot...
File C:\Documents and Settings\Joe\Local Settings\Temp\etilqs_ElsUqy7r8G0CXHYS8C7K not found!
File C:\Documents and Settings\Joe\Local Settings\Temp\~DF7B4E.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_7c8.dat not found!
C:\Documents and Settings\Joe\Local Settings\Application Data\Mozilla\Firefox\Profiles\d59kwaj7.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Joe\Local Settings\Application Data\Mozilla\Firefox\Profiles\d59kwaj7.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Joe\Local Settings\Application Data\Mozilla\Firefox\Profiles\d59kwaj7.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Joe\Local Settings\Application Data\Mozilla\Firefox\Profiles\d59kwaj7.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Joe\Local Settings\Application Data\Mozilla\Firefox\Profiles\d59kwaj7.default\urlclassifier3.sqlite moved successfully.

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:15 PM

Posted 04 September 2008 - 05:19 AM

Please go to Start> Control Panel> Add\Remove programs:
Then uninstall these below:
Gamevance
Viewpoint


Then exit out of the Add\Remove programs list.
==================================
Reboot and delete these folders:
C:\ProgramFiles\Gamevance
C:\ProgamFiles\Viewpoint

=======================
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 mitchshin

mitchshin
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:15 PM

Posted 04 September 2008 - 08:24 PM

Malwarebytes' Anti-Malware 1.26
Database version: 1116
Windows 5.1.2600 Service Pack 2

9/4/2008 9:23:46 PM
mbam-log-2008-09-04 (21-23-46).txt

Scan type: Quick Scan
Objects scanned: 59937
Time elapsed: 25 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\MyWay (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\SrchAstt (Adware.MyWay) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:15 PM

Posted 05 September 2008 - 04:42 AM

Looks better let's see another set of logs please:
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 mitchshin

mitchshin
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:15 PM

Posted 05 September 2008 - 04:57 PM

info.txt logfile of random's system information tool 2008-09-05 17:54:24

Uninstall list

-->"C:\Program Files\Creative\SBAudigy2\Program\Ctzapxx.EXE" /U /S
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Yahoo!\Yahoo! Music Engine\oggcodecs\uninst.exe
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->MsiExec.exe /X{8548A86C-3FCE-4019-88EE-A52820207988}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF00C6-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF00D1-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF03FD-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2008 Hallmark Mother's/Father's Day Card Pack-->MsiExec.exe /X{D72458FA-A768-4721-BE97-6E03BC1B5041}
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 2.0-->MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe Illustrator 10.0.3-->"C:\Program Files\InstallShield Installation Information\{412033BC-44CF-48D9-B813-4B835101F4D3}\setup.exe"
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Premiere Elements 1.0-->msiexec /I {6CCDF4E6-D2AE-4DD8-80FD-F9AFF951AEAE}
Adobe Premiere Elements 2.0-->msiexec /I {11C98E1A-EC91-4B38-B44C-C562292D8453}
Adobe Reader 7.0.5 Language Support-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Advanced WindowsCare 2.55 Personal-->"C:\Program Files\IObit\Advanced WindowsCare V2\unins000.exe"
AIM 6-->C:\Program Files\AIM6\uninst.exe
Alt-Tab Task Switcher Powertoy for Windows XP-->MsiExec.exe /I{A7050037-F0EA-4BAB-BCD5-FC05507D6147}
American Greetings CreataCard Platinum 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9770A25C-45A7-478E-AF50-4FDE53EED270}\setup.exe" anything
American McGee's Alice™-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77B5AD60-8F14-11D4-9BC9-0050041A1090}\Setup.exe"
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support-->MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Ask Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 7.5-->C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Belarc Advisor 6.1-->C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
BitPim 0.9.07-->"C:\Program Files\BitPim\unins000.exe"
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Broadcom Advanced Control Suite 2-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2E086814-7392-4E0F-ADB8-54A81E47406C} /l1033
CCHelp-->MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Citrix Endpoint Analysis Client-->MsiExec.exe /I{329A3C81-7884-4A64-B8F6-078795C31506}
ClearType Tuning Control Panel Applet-->MsiExec.exe /I{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}
Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Corel Uninstaller-->C:\WINDOWS\COREL\UNINST32.EXE
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\setup.exe" -l0x9 /remove
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Media Experience-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell Solution Center-->MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.8.5-->"C:\Program Files\DVDFab 5\unins000.exe"
DVDFab Platinum 4.1.2.0-->"C:\Program Files\DVDFab Platinum 4\unins000.exe"
EAX Unified-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\EAX Unified\Uninst.isu"
ewido anti-spyware 4.0-->C:\Program Files\ewido anti-spyware 4.0\Uninstall.exe
Family Tree Maker 7.0-->C:\WINDOWS\IsUninst.exe -fC:\FTW\Uninst.isu
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Hallmark Card Studio 2005-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F033B55E-54FA-46AD-8B7E-3EF65A6E9D7A}\setup.exe" -l0x9
Hallmark Card Studio 2007 Deluxe-->MsiExec.exe /X{5D0DF1BB-D82E-4FB2-B98E-4FDE42EF7EBB}
Hallmark Comedy Card Studio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{20E674AD-8ECC-4680-92D6-18ABE4FC1DE0}\setup.exe"
Hallmark Mother's/Father's Day Card Pack-->MsiExec.exe /X{D76BED01-214C-4AD6-B9E5-C49724ED7C87}
Hijackthis 1.99.1-->"C:\Program Files\Hijackthis\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel Application Accelerator-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\setup.exe" -l0409 -INTELUNINST
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
iPod for Windows 2005-09-23-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC} /l1033
iTunes-->MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A}
J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Jasc Paint Shop Photo Album-->MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition-->MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java 2 Runtime Environment, SE v1.4.2_06-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142060}
Kai's SuperGOO-->C:\WINDOWS\uninst.exe -f"C:\Program Files\SuperGOO\DeIsL2.isu"
Keynote Connector-->C:\WINDOWS\DOWNLO~1\CONNEC~1.EXE /Uninstall
KSU-->MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Lara Croft Tomb Raider: The Angel Of Darkness-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{93656878-FF8B-4935-99BB-F3F260037C57}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
LGUsbDriver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EB866374-B705-4749-83D9-997AC77146B3}\setup.exe"
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
LiveUpdate 2.6 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MathPlayer-->C:\Program Files\Design Science\MathPlayer001\Setup.exe -u
MediaFACE II-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC1F2687-6922-43E9-A6A5-73D750A8C8CE}\Setup.exe"
MetaFrame Presentation Server Web Client for Win32-->C:\WINDOWS\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Encarta Encyclopedia Standard 2004-->MsiExec.exe /I{04410044-9149-45C6-A806-F2BF9CFCE762}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Disc 2-->MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Picture It! Library 9-->C:\WINDOWS\system32\msiexec.exe /i {9F7FC79B-3059-4264-9450-39EB368E3220}
Microsoft Picture It! Photo Premium 9-->C:\WINDOWS\System32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0903}
Microsoft Plus! Digital Media Edition-->MsiExec.exe /I{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}
Microsoft Plus! for Windows XP-->MsiExec.exe /I{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Microsoft Word 2002-->MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 2004 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2004\Setup\Launcher.exe D:\
Microsoft Works Suite Add-in for Microsoft Word-->MsiExec.exe /I{33BEE6F3-9987-4F98-A069-97A64EC8321A}
Microsoft Works-->MsiExec.exe /I{B9966F27-9678-4620-9579-925E3084647E}
MicroStaff WINASPI-->C:\MWASPI\uninst.exe
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MozyHome 1.8.10.0-->"C:\Program Files\MozyHome\uninstall\unins000.exe"
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
msxml4SP2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{24F009D2-7A41-4534-BA08-160E1E7E0DDB}
Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst
NETGEAR Wireless Adapter WG311T-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FC321AD2-48B4-4013-B997-A65D5FBBD006}
Network Play System (Patching)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Electronic Arts\Network Play System\NPSPatch.isu"
Norton WMI Update-->MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
OmniFormat-->c:\omniformat\thinsetup.exe - uninstall
Pdf995-->c:\pdf995\setup.exe uninstall
PdfEdit995-->c:\pdf995\res\utilities\thinsetup.exe - uninstall
PerformanceTest v6.1-->"C:\Program Files\PerformanceTest\unins000.exe"
PowerDVD 5.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine-->MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
RootsMagic 3.2.5.0-->"C:\Program Files\RootsMagic\unins000.exe"
Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB883939)-->"C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB903235)-->"C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Shockwave-->C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SmartSound Quicktracks Plugin-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Sound Blaster Audigy 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E82BF103-904F-49C0-B77F-6EC110B71E87}\setup.exe" -l0x9
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
The Sims 2-->C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
The Sims Vacation -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3D9231F6-A287-4222-9EBC-519BB206F590}\setup.exe" -l0009
TI Connect 1.5-->MsiExec.exe /I{A8B94669-8654-4126-BD28-D0D2412CDED6}
Titanic-->C:\Program Files\CyberFlix\Titanic\TITANIC.EXE -U
TurboTax Deluxe 2007-->C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
TurboTax Deluxe Deduction Maximizer 2006-->C:\Program Files\TurboTax\Deluxe 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2006\Uninstall.log" -NoGui
TurboTax ItsDeductible 2006-->MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB896727)-->"C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
USB MassStorage CardReader-->C:\Program Files\Kodak\040a_5005\Remove.exe
Verizon Broadband Toolbar-->C:\Program Files\Belarc\Advisor\Uninstall.exe
Verizon Online Help & Support-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF03E6-F17B-11D6-88EA-000476CD2443}\setup.exe" -l0x9 UNINSTALL -removeonly
Verizon Online Help and Support-->C:\PROGRA~1\verizon\UNWISE.EXE C:\PROGRA~1\verizon\INSTALL.LOG
Verizon Online-->C:\WINDOWS\system32\VerizonUninstaller.exe
Verizon Yahoo! Applications-->C:\PROGRA~1\Yahoo!\Common\uninstall.exe
Verizon Yahoo! Music Jukebox-->MsiExec.exe /X{433AF48D-1FB7-47DD-9784-93E7291C85AE}
VideoLAN VLC media player 0.8.5-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Virtual Earth 3D (Beta)-->MsiExec.exe /I{D76D1828-BBA0-4BD9-8181-5ACC617DC5F2}
WinAce Archiver-->C:\Program Files\WinAce\SXUNINST.EXE C:\Program Files\WinAce\SXUNINST.INI
Windows Backup Utility-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB834707-->C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe
Windows XP Hotfix - KB867282-->C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890047-->C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB890923-->"C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB893066-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Windows XP Hotfix - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
ZIP Reader 8.00.0018-->MsiExec.exe /I{856C155E-4A74-4041-B026-04F96FFD1BCD}

Security center information

AV: Anti-Virus - Verizon Yahoo! Online Protection (outdated)
AV: AVG 7.5.524

Environment variables

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------




Logfile of random's system information tool (written by random/random)
Run by Joe at 2008-09-05 17:52:10
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 820 MB (1%) free of 149 GB
Total RAM: 510 MB (9% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:54:04 PM, on 9/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Joe\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Joe.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=20011&l=dis
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [zzz_ImInstaller_IncrediMail] C:\Documents and Settings\Joe\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install(2).exe -startup -product IncrediMail
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O4 - Global Startup: NETGEAR WG311T Wireless Assistant.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Search - ?p=ZRfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer001\MathMLMimer.dll
O18 - Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer001\MathMLMimer.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer001\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer001\MathMLMimer.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: mlJCVlJA - mlJCVlJA.dll (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\SYSTEM32\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Unknown owner - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11410 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\ISP signup reminder 1.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2005-11-04 399352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-07-17 279944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-01-25 370296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2004-05-12 744960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
UberButton Class - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2005-05-26 181352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-03-15 118836]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65D886A2-7CA7-479B-BB95-14D1EFB7946A}]
YahooTaggedBM Class - C:\Program Files\Yahoo!\Common\YIeTagBm.dll [2005-01-24 115832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}]
SidebarAutoLaunch Class - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll [2005-02-03 124032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-07-17 279944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"=C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe [2004-03-23 135168]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-05-25 335872]
"CTSysVol"=C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe [2002-10-29 49152]
"CTDVDDet"=C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE [2002-09-30 45056]
"CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2003-02-20 28672]
"AsioReg"=C:\WINDOWS\system32\REGSVR32.EXE [2004-08-04 11776]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2004-04-11 290816]
"Verizon_McciTrayApp"=C:\Program Files\Verizon\McciTrayApp.exe [2007-03-11 936960]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup []
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe [2008-04-15 579584]
"zzz_ImInstaller_IncrediMail"=C:\Documents and Settings\Joe\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install(2).exe -startup -product IncrediMail []
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-10 289064]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-08-12 21741864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A Verizon App]
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE [2005-05-23 50744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe [2004-09-01 66672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Program Files\SlySoft1\AnyDVD\AnyDVD.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray]
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe [2005-09-09 230512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe [2005-09-09 185456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch]
C:\WINDOWS\system32\taskswitch.exe [2002-03-19 45632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\Dell Support\DSAgnt.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe [2004-03-15 122933]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-04-11 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1141572182\ee\AOLSoftware.exe [2006-05-09 50760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
C:\Program Files\IncrediMail\bin\IncMail.exe /c []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-07-10 289064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2003-12-05 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe [2005-03-15 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe [2005-03-15 135168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe]
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe [2008-01-25 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\\NeroCheck.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
C:\Program Files\Plaxo\2.6.2.9\PlaxoHelper.exe -a []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ReminderApp]
C:\Program Files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBC Yahoo! Connection Manager]
C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe [2002-06-19 700416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]
C:\Program Files\AIM\aim.exe [2004-09-01 66672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyDawn]
C:\Program Files\SpyDawn\SpyDawn.exe /h []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe [2005-04-13 36975]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5746\GoogleToolbarNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-01-25 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
C:\Program Files\AWS\WeatherBug\Weather.exe 1 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe [2005-08-15 3092480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe [2003-12-09 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ymetray]
C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe [2007-10-03 6190320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
C:\PROGRA~1\Yahoo!\YOP\yop.exe [2005-06-16 401408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2000-08-24 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
C:\PROGRA~1\DIGITA~1\DLG.exe [2003-10-29 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Planner Reminders Tray Icon.lnk]
C:\Sierra\Planner\PLNRnote.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HPAiODevice(hp psc 900 series) - 1.lnk]
C:\PROGRA~1\HEWLET~1\AiO\HPPSC9~1\Bin\hpobrt07.exe -DeviceID 1115847483 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PKZIP Attachments Status.lnk]
C:\PROGRA~1\PKWARE\PKZIPM\900~1.001\PKTray.exe -tray []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
C:\PROGRA~1\WinZip\WZQKPICK.EXE [2006-11-21 389120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Joe^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2000-08-24 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Joe^Start Menu^Programs^Startup^reminder-ScanSoft Product Registration.lnk]
C:\PROGRA~1\SuperGOO\EREG\US\REMIND32.EXE [1999-08-03 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Joe^Start Menu^Programs^Startup^Sonic INSTALLit! Setup.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3
"KodakCCS"=2
"Fax"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
MozyHome Status.lnk - C:\Program Files\MozyHome\mozystat.exe
NETGEAR WG311T Wireless Assistant.lnk - C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mlJCVlJA]
mlJCVlJA.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll [2006-06-16 73728]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Disabled:backWeb-7288971"
"C:\Program Files\WinMX\WinMX.exe"="C:\Program Files\WinMX\WinMX.exe:*:Enabled:WinMX Application"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\PROGRA~1\Yahoo!\MESSEN~1\Yserver.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe"="C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe:*:Enabled:Verizon Yahoo! Music Engine"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1141572182\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1141572182\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1141572182\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1141572182\ee\aim6.exe:*:Enabled:AIM"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\WINDOWS\SYSTEM32\dpvsetup.exe"="C:\WINDOWS\SYSTEM32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\SYSTEM32\rundll32.exe"="C:\WINDOWS\SYSTEM32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\EA GAMES\American McGee's Alice\alice.exe"="C:\Program Files\EA GAMES\American McGee's Alice\alice.exe:*:Enabled:American McGee's Alice"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Documents and Settings\Joe\My Documents\My Music\LimeWire\LimeWire.exe"="C:\Documents and Settings\Joe\My Documents\My Music\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Documents and Settings\Joe\Desktop\incredimail_install(2).exe"="C:\Documents and Settings\Joe\Desktop\incredimail_install(2).exe:*:Enabled:IncrediMail Installer"
"C:\Documents and Settings\Joe\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install(2).exe"="C:\Documents and Settings\Joe\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install(2).exe:*:Enabled:IncrediMail Installer"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea53edde-b309-11dc-9085-00146c31aee6}]
shell\AutoRun\command - F:\LaunchU3.exe -a


File associations

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

List of files/folders created in the last three months

2008-09-05 17:52:10 ----D---- C:\rsit
2008-09-04 20:49:04 ----D---- C:\Documents and Settings\Joe\Application Data\Malwarebytes
2008-09-04 20:48:55 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-04 20:48:55 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-03 23:20:14 ----D---- C:\_OTScanIt
2008-09-02 17:44:42 ----D---- C:\Program Files\Trend Micro
2008-08-31 22:54:10 ----D---- C:\Documents and Settings\Joe\Application Data\skypePM
2008-08-31 22:53:02 ----D---- C:\Documents and Settings\Joe\Application Data\Skype
2008-08-31 22:50:07 ----D---- C:\Program Files\Skype
2008-08-31 22:50:06 ----D---- C:\Program Files\Common Files\Skype
2008-08-31 22:49:43 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2008-08-29 18:56:53 ----A---- C:\WINDOWS\system32\27b7dc04-.txt
2008-08-28 20:31:50 ----D---- C:\Program Files\AskBarDis
2008-08-28 20:23:54 ----D---- C:\Program Files\The Weather Channel FW
2008-08-25 18:50:15 ----D---- C:\WINDOWS\LastGood(2)
2008-08-22 23:14:29 ----D---- C:\WINDOWS\Prefetch
2008-08-22 23:11:08 ----DC---- C:\WINDOWS\$NtUninstallKB952954$(2)
2008-08-22 23:10:45 ----DC---- C:\WINDOWS\$NtUninstallKB952287$(2)
2008-08-22 23:10:20 ----DC---- C:\WINDOWS\$NtUninstallKB951748$(2)
2008-08-22 23:09:56 ----DC---- C:\WINDOWS\$NtUninstallKB951698$(2)
2008-08-22 23:09:33 ----DC---- C:\WINDOWS\$NtUninstallKB951376-v2$(2)
2008-08-22 23:09:09 ----DC---- C:\WINDOWS\$NtUninstallKB951376$(2)
2008-08-22 23:08:44 ----DC---- C:\WINDOWS\$NtUninstallKB951066$(2)
2008-08-22 23:08:21 ----DC---- C:\WINDOWS\$NtUninstallKB950974$(2)
2008-08-22 23:07:58 ----DC---- C:\WINDOWS\$NtUninstallKB950762$(2)
2008-08-22 23:07:31 ----DC---- C:\WINDOWS\$NtUninstallKB946648$(2)
2008-08-22 23:01:31 ----D---- C:\WINDOWS\system32\scripting
2008-08-22 23:01:29 ----D---- C:\WINDOWS\l2schemas
2008-08-17 22:06:51 ----A---- C:\WINDOWS\005675_.tmp
2008-08-14 23:00:44 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-14 23:00:35 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-14 23:00:24 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-14 23:00:10 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-14 22:57:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-14 22:56:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-14 22:56:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-12 16:14:16 ----D---- C:\Documents and Settings\Joe\Application Data\HP
2008-08-12 16:13:07 ----D---- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-08-12 15:55:05 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2008-08-12 15:54:05 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2008-08-12 10:43:41 ----D---- C:\Program Files\HP
2008-08-11 23:18:00 ----D---- C:\Program Files\MSECache
2008-07-12 11:24:25 ----A---- C:\FreeMusic.exe
2008-07-10 23:17:36 ----D---- C:\Program Files\iTunes
2008-07-10 23:13:08 ----D---- C:\Program Files\Bonjour
2008-07-10 23:08:20 ----D---- C:\Program Files\Common Files\Apple
2008-07-09 03:01:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-07-07 17:09:35 ----D---- C:\Carnevalee Freakshow
2008-07-07 17:09:03 ----D---- C:\Program Files\PKWARE
2008-07-07 17:09:03 ----D---- C:\Program Files\Common Files\PKWARE
2008-07-07 14:12:15 ----D---- C:\Documents and Settings\All Users\Application Data\acccore
2008-06-21 03:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-06-17 17:42:33 ----D---- C:\Program Files\DVDFab 5
2008-06-11 03:01:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-06-11 03:01:25 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-06-11 03:01:14 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-06-11 03:00:59 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$

List of drivers

R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\system32\System32\Drivers\avg7core.sys []
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\system32\System32\Drivers\avg7rsw.sys []
R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\system32\System32\Drivers\avg7rsxp.sys []
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\system32\System32\Drivers\avgclean.sys []
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\system32\System32\Drivers\BANTExt.sys []
R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\System32\DRIVERS\DcCam.sys [2003-03-31 36730]
R1 ewido anti-spyware 4.0 driver;ewido anti-spyware 4.0 driver; \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 mozyFilter;mozyFilter; C:\WINDOWS\system32\DRIVERS\mozy.sys [2007-11-19 52728]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-11-08 17217]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-01-14 5621]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-01-14 23219]
R1 VETEFILE;VET File Scan Engine; C:\WINDOWS\system32\drivers\VETEFILE.sys [2006-02-02 590190]
R1 VETFDDNT;VET Floppy Boot Sector Monitor; C:\WINDOWS\system32\drivers\VETFDDNT.sys [2005-09-09 15735]
R1 VET-FILT;VET File System Filter; C:\WINDOWS\system32\drivers\VET-FILT.sys [2005-09-09 21031]
R1 VETMONNT;VET File Monitor; C:\WINDOWS\system32\drivers\VETMONNT.sys [2006-02-27 26099]
R1 VET-REC;VET File System Recognizer; C:\WINDOWS\system32\drivers\VET-REC.sys [2005-09-09 15478]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-12-14 17801]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-08-14 17005]
R2 DCFS2K;Kodak DCFS2K Driver; C:\WINDOWS\system32\drivers\dcfs2k.sys [2003-02-21 37941]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-02-27 40480]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 MASPINT;MASPINT; C:\WINDOWS\system32\drivers\MASPINT.sys [2000-03-29 8096]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\drivers\PfModNT.sys []
R2 SVKP;SVKP; \??\C:\WINDOWS\system32\SVKP.sys []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-03-15 25685]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-03-15 34837]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-03-15 4117]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-03-15 2233]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-03-15 85972]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-03-15 14229]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-03-15 6357]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-03-15 98580]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-03-15 100597]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 AR5211;NETGEAR WG311T V1H3 Wireless Adapter Service; C:\WINDOWS\system32\DRIVERS\WG311T13.sys [2005-04-06 456384]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-05-26 729600]
R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2004-05-29 186112]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2003-02-20 135040]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2003-03-26 498688]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2003-02-20 6144]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2003-02-20 135248]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2003-02-20 116000]
R3 EUSBMSD;eUSB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\EUSBMSD.SYS [2000-03-20 49235]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\System32\drivers\ha10kx2k.sys [2003-03-26 823616]
R3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\System32\drivers\hap16v2k.sys [2003-03-26 141536]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2003-03-26 189504]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-04-26 47360]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 VETEBOOT;VET Boot Scan Engine; C:\WINDOWS\system32\drivers\VETEBOOT.sys [2006-02-02 102398]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S1 Exportit;Exportit; C:\WINDOWS\System32\DRIVERS\exportit.sys [2003-03-31 134421]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-04 42496]
S3 61883;61883 Unit Device; C:\WINDOWS\System32\DRIVERS\61883.sys [2004-08-04 48128]
S3 adxapie;adxapie; \??\C:\DOCUME~1\Joe\LOCALS~1\Temp\adxapie.sys []
S3 Avc;AVC Device; C:\WINDOWS\System32\DRIVERS\avc.sys [2004-08-04 38912]
S3 Belkin Belkin 11Mbps Wireless USB Network Adapter®;Belkin Belkin 11Mbps Wireless USB Network Adapter® Service for Belkin 11Mbps Wireless USB Network Adapter; C:\WINDOWS\system32\DRIVERS\bkusbxp.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\System32\drivers\ctdvda2k.sys [2003-03-27 287920]
S3 DcFpoint;DcFpoint; C:\WINDOWS\System32\DRIVERS\DcFpoint.sys [2003-03-31 61568]
S3 DcLps;Legacy Polling Service; C:\WINDOWS\System32\DRIVERS\DcLps.sys [2003-03-31 8058]
S3 DcPTP;dcptp; C:\WINDOWS\System32\DRIVERS\DcPTP.sys [2003-03-31 61114]
S3 dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\System32\DRIVERS\Dot4.sys [2004-08-04 207360]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\WINDOWS\System32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-04 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-04 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-04 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-04 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-04 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-04 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-04 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-04 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-04 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615]
S3 lgatbus;LG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\lgatbus.sys [2002-10-15 43024]
S3 lgatmdm;LG CDMA USB Modem Drivers; C:\WINDOWS\system32\DRIVERS\lgatmdm.sys [2002-10-15 77104]
S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM); C:\WINDOWS\system32\DRIVERS\lgatserd.sys [2002-10-15 60816]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\System32\DRIVERS\msdv.sys [2004-08-04 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\SYSTEM32\PCANDIS5.SYS []
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PLCNDIS5.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 TIEHDUSB;TIEHDUSB; C:\WINDOWS\system32\drivers\tiehdusb.sys [2004-02-04 49536]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\System32\DRIVERS\agp440.sys []
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\System32\DRIVERS\agpCPQ.sys []
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\System32\DRIVERS\alim1541.sys []
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\System32\DRIVERS\amdagp.sys []
S4 cbidf;cbidf; C:\WINDOWS\system32\System32\DRIVERS\cbidf2k.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\System32\DRIVERS\intelide.sys []
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\System32\DRIVERS\sisagp.sys []
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\System32\DRIVERS\viaagp.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\system32\System32\drivers\ws2ifsl.sys []

List of services

R2 ACS;Atheros Configuration Service; C:\WINDOWS\SYSTEM32\acs.exe [2005-04-06 36864]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-10 116040]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2004-05-26 397312]
R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe [2007-12-15 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe [2007-12-15 49664]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 CAISafe;CAISafe; C:\Program Files\Yahoo!\Antivirus\ISafe.exe [2005-09-09 259184]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-13 44032]
R2 ewido anti-spyware 4.0 guard;ewido anti-spyware 4.0 guard; C:\Program Files\ewido anti-spyware 4.0\guard.exe [2006-06-16 172032]
R2 IAANTMon;IAA Event Monitor; C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe [2004-03-23 73852]
R2 mozybackup;MozyHome Backup Service; C:\Program Files\MozyHome\mozybackup.exe [2007-11-19 87344]
R2 VETMSGNT;VET Message Service; C:\Program Files\Yahoo!\Antivirus\VetMsg.exe [2005-09-09 201840]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-10 532264]
S2 SymWSC;SymWMI Service; C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S4 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe [2003-03-31 282684]

-----------------EOF-----------------

#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:15 PM

Posted 05 September 2008 - 08:09 PM

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove both AVG7 and Yahoo Antivirus.

Avg is soon to be discontinued and it is now up to version 8.0 whaich also includes antispware shields as well as anti-virus.
You can download it Here and install it.
===========
After that please go to add/remove in the control panel and remove these items below:

Ask Toolbar
ewido anti-spyware 4.0
J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_06
Viewpoint


then exit out of add\remove programs.
============================
After that please re-open Hijackthis and click on "Do a system scan only"
Then place a check mark next to these entries below:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=20011&l=dis
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O20 - Winlogon Notify: mlJCVlJA - mlJCVlJA.dll (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe



Now click on Fix Checked and then close Hijackthis.
===============
Then reboot and then using Windows Explorer (to get there right-click your Start button and go to "Explore")
Delete these folders listed below:

C:\Program Files\AskBarDis
C:\Program Files\Viewpoint

Now close Windows Explorer.
======================
After doing all of that let me know how things are running?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#11 mitchshin

mitchshin
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:15 PM

Posted 14 September 2008 - 11:41 AM

Everything has been running great!

Thank you very much for all of your time and assistance.

Sending a donation now.

#12 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:15 PM

Posted 14 September 2008 - 12:43 PM

Thanks for your donation and you are certainly welcome :)
========================================
Cleanup:

Please download OT CLeanit from Here save it to your desktop.
Double click on OT Clean it to run it.
Then click on Clean up.
Restart your computer when prompted.
This will remove what tools we used.
===============
Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 7.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 7 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.
======================
Use a Firewall:

Install and use a firewall with outbound protection
While the firewall built into Windows XP is adequate to protect you from incoming attacks, it will not be much help in alerting you to programs already on your PC attempting to connect to remote servers
I therefore strongly recommend that you install one of the following free firewalls: Sunbelt Free Firewall or Zonealarm
See Bleepingcomputer's excellent tutorial to help using and understanding a firewall here
Note: You should only have one firewall installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.


=============================
Delete\uninstall anything else that we have used.

System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link > http://www.bleepingcomputer.com/tutorials/...143.html#manual
=====================================
After that your log is clean. :thumbsup:

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Tony Klein article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users