Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde Or Vundo


  • This topic is locked This topic is locked
37 replies to this topic

#1 jaerre

jaerre

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 11 September 2008 - 07:40 PM

:thumbsup: My PC has been infected with I believe the Vundo and/or Virtumonde problems. I no longer can log into my user accounts, can not copy or paste anything, can't open IE or get on the internet, can not change services, etc, etc... I have attempted all the steps recommended before finally posting my info from HijackThis. Please help!

I have tried to load and run the following programs without success:

AdAware 2008 (error with Windows Installer) tried several fixes with no luck. Can not install
SpyBot 1.6 will not install due to no internet connection (server error)
Malwarebytes will not install due to "Run-time error '372' dealing with vbalGrid from vbalsgrid6.ocx version outdated
McAfee Stinger ran sucessfully with nothing found

Tried CCleaner 2.0, Microsoft windows kb890830-v2.2, and Spyware Doctor with no luck

Please HELP!!!!

I have successfully completed the HijackThis and here is my info:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:19:53 PM, on 9/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nicitdl5.exe
C:\WINDOWS\system32\RTProxy.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {878F8BE9-964E-46D8-9AB5-985C4D871200} - C:\WINDOWS\system32\ssqOEWPF.dll (file missing)
O2 - BHO: (no name) - {92294A34-5287-4B06-B349-2D2F7B0B21B7} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-860058152-2078134388-2103317717-500\..\Run: [Sonic RecordNow!] (User '?')
O4 - HKUS\S-1-5-21-860058152-2078134388-2103317717-500\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-860058152-2078134388-2103317717-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...76/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: National Instruments Citadel (NICitadel5Service) - National Instruments, Inc. - C:\WINDOWS\system32\nicitdl5.exe
O23 - Service: nidevldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: niRTProxy - National Instruments - C:\WINDOWS\system32\RTProxy.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10780 bytes

BC AdBot (Login to Remove)

 


m

#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:38 AM

Posted 21 September 2008 - 12:43 AM

Hello, jaerre.
:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)

I want to apologise that it has taken so long to get back to you. We on the HJT Team are working as fast as possible to get your log answered.

If you would still like help, please post a new HiJack This log below, as things may have changed on your system.

If you do not still need help, please let me know, so that I can move on to other users who still need help.

Please take note of the following:
  • While a HJT Team member is working with you, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Please reply using the Posted Image button in the lower left hand corner of your screen.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" :).
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 jaerre

jaerre
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 23 September 2008 - 04:20 PM

Hi Billy,

Thanks for your reply. I have not changed anything on my PC since I posted for help. As a matter of fact, my machine has not even been turned back on. I am working from my laptop. Do you still require a new Hijack This log?

Thanks in advance for your help.

Jeff

#4 jaerre

jaerre
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 23 September 2008 - 04:36 PM

Billy,

I decided it was better to just re-run what you ask for :thumbsup: . Here is the latest HiJack This file from my broken PC.

Thanks,
Jeff


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:39:18 PM, on 9/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\WINDOWS\system32\nicitdl5.exe
C:\WINDOWS\system32\RTProxy.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\DELLSU~1\DSBrws.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {878F8BE9-964E-46D8-9AB5-985C4D871200} - C:\WINDOWS\system32\ssqOEWPF.dll (file missing)
O2 - BHO: (no name) - {92294A34-5287-4B06-B349-2D2F7B0B21B7} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-860058152-2078134388-2103317717-500\..\Run: [Sonic RecordNow!] (User '?')
O4 - HKUS\S-1-5-21-860058152-2078134388-2103317717-500\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-860058152-2078134388-2103317717-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...76/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: National Instruments Citadel (NICitadel5Service) - National Instruments, Inc. - C:\WINDOWS\system32\nicitdl5.exe
O23 - Service: nidevldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: niRTProxy - National Instruments - C:\WINDOWS\system32\RTProxy.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11012 bytes

#5 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:38 AM

Posted 23 September 2008 - 06:29 PM

Hello, jaerre.
Viewpoint is considered foistware instead of malware because it is installed without users approval, but doesn't spy or do anything "bad". You may like to read this article about the potential of this Viewpoint software here:
http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on Start > Run... > and then paste the following into the "Open" field: "appwiz.cpl" and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, and/or Viewpoint Media Player.

We need to run OTScanIt
Before running a new scan let's clean out the temporary folders.
Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • In the Rootkit Search area select Yes
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - Disabled MS Config Items
      Reg - File Associations
      Reg - Uninstall List
      File - Additional Folder Scans
  • Check the "Scan All Users" and "Include MD5" checkboxes at the top of the window.
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Save the file to your desktop or other location where you can find it back.
Use the Add Reply button and attach the file in your next post.

In your next reply, please include the following:
  • OTScanIt Report

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#6 jaerre

jaerre
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 23 September 2008 - 08:44 PM

Hey Billy,
I completed the steps you asked for and have attached the OTScan It file below (very large file). I also removed the Viewpoint software as you suggested.

Let me know what is next.

Thanks,
Jeff

OTScanIt logfile created on: 9/23/2008 9:33:19 PM
OTScanIt by OldTimer - Version 1.0.19.0	 Folder = E:\Bleeping Computer Fixes\OTScanIt
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
511.00 Mb Total Physical Memory | 180.47 Mb Available Physical Memory | 35.32% Memory free
1.22 Gb Paging File | 0.95 Gb Available in Paging File | 77.79% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 7.17 Gb Free Space | 19.28% Space Free | Partition Type: NTFS
Drive D: | 499.16 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 121.39 Mb Total Space | 36.12 Mb Free Space | 29.75% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JAERRE
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On

[Processes - Non-Microsoft Only]
nimxs.exe -> %ProgramFiles%\National Instruments\MAX\nimxs.exe -> MD5 = 028E3BE58A83E671A349F84704F80387 | National Instruments Corporation [Ver = 2.1.0f0 | Size = 5728 bytes | Modified Date = 10/3/2005 9:52:40 PM | Attr =	]
nicitdl5.exe -> %SystemRoot%\SYSTEM32\nicitdl5.exe -> MD5 = 3C3A62A212A46DD183E153168AE39202 | National Instruments, Inc. [Ver = 5.2.0.783 | Size = 1150976 bytes | Modified Date = 11/13/2005 8:31:16 PM | Attr =	]
rtproxy.exe -> %SystemRoot%\SYSTEM32\RTProxy.exe -> MD5 = AC33169425BACCDC234A9F3FA9D7FFA6 | National Instruments [Ver = 8.0.0.10664 | Size = 77824 bytes | Modified Date = 5/23/2005 9:31:12 PM | Attr =	]
nisvcloc.exe -> %SystemRoot%\SYSTEM32\nisvcloc.exe -> MD5 = 44C898CA05D4DAA83EAEA9708F87DCFB | National Instruments Corp. [Ver = 8, 0, 0, 3 | Size = 49152 bytes | Modified Date = 10/10/2005 1:08:32 PM | Attr =	]
nipalsm.exe -> %SystemRoot%\SYSTEM32\nipalsm.exe -> MD5 = 028E3BE58A83E671A349F84704F80387 | National Instruments Corporation [Ver = 2.1.0f0 | Size = 5728 bytes | Modified Date = 9/22/2005 4:16:08 PM | Attr =	]
nipalsm.exe -> %SystemRoot%\SYSTEM32\nipalsm.exe -> MD5 = 028E3BE58A83E671A349F84704F80387 | National Instruments Corporation [Ver = 2.1.0f0 | Size = 5728 bytes | Modified Date = 9/22/2005 4:16:08 PM | Attr =	]
lkads.exe -> %SystemRoot%\SYSTEM32\lkads.exe -> MD5 = 405F1B0B939D362736A7F6583FB057C4 | National Instruments, Inc. [Ver = 4.6.0.1046 | Size = 45056 bytes | Modified Date = 11/11/2005 9:46:56 AM | Attr =	]
lktsrv.exe -> %SystemRoot%\SYSTEM32\lktsrv.exe -> MD5 = 8A18F0674712F9D99848875666A0E599 | National Instruments, Inc. [Ver = 4.6.0.1046 | Size = 53248 bytes | Modified Date = 11/11/2005 9:46:58 AM | Attr =	]
dsentry.exe -> %SystemRoot%\SYSTEM32\DSentry.exe -> MD5 = D9EE81715CC700CAC1C552C247D78D8C | Dell - Advanced Desktop Engineering [Ver = 1, 0, 5, 0 | Size = 28672 bytes | Modified Date = 8/13/2003 11:27:40 AM | Attr =	]
easyshare.exe -> %ProgramFiles%\Kodak\Kodak EasyShare software\bin\EasyShare.exe -> MD5 = FBB5B5B4D8C96624C7D57C5FB25F387D | Eastman Kodak Company [Ver = 6, 40, 53, 95 | Size = 282624 bytes | Modified Date = 9/19/2007 4:33:46 AM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(ADVService) Amazon Unbox Video Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -> MD5 = E111E51C5FB8627A61E76BDE63B5D810 | Amazon.com [Ver = 2.0.0.59 | Size = 25640 bytes | Modified Date = 7/11/2007 5:25:20 PM | Attr = R  ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\ati2evxx.exe -> MD5 = AA75C4649D5AAAE17320D1BC78BF80E2 |  [Ver =  | Size = 397312 bytes | Modified Date = 12/12/2003 8:40:50 AM | Attr =	]
(DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe -> MD5 = FE80901578E7E3DA70299A5AEB2B7FBD |  [Ver = 1, 0, 0, 8 | Size = 76848 bytes | Modified Date = 3/7/2007 3:47:46 PM | Attr =	]
(LkCitadelServer) Lookout Citadel Server [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\lkcitdl.exe -> MD5 = 47A111A4DC0D67DA431DF9F91EE09682 | National Instruments, Inc. [Ver = 4.5.2.0 | Size = 688190 bytes | Modified Date = 8/25/2005 12:43:14 PM | Attr =	]
(lkClassAds) National Instruments PSP Server Locator [Win32_Own | On_Demand | Running] -> %SystemRoot%\SYSTEM32\lkads.exe -> MD5 = 405F1B0B939D362736A7F6583FB057C4 | National Instruments, Inc. [Ver = 4.6.0.1046 | Size = 45056 bytes | Modified Date = 11/11/2005 9:46:56 AM | Attr =	]
(lkTimeSync) National Instruments Time Synchronization [Win32_Own | On_Demand | Running] -> %SystemRoot%\SYSTEM32\lktsrv.exe -> MD5 = 8A18F0674712F9D99848875666A0E599 | National Instruments, Inc. [Ver = 4.6.0.1046 | Size = 53248 bytes | Modified Date = 11/11/2005 9:46:58 AM | Attr =	]
(mxssvr) NI Configuration Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\National Instruments\MAX\nimxs.exe -> MD5 = 028E3BE58A83E671A349F84704F80387 | National Instruments Corporation [Ver = 2.1.0f0 | Size = 5728 bytes | Modified Date = 10/3/2005 9:52:40 PM | Attr =	]
(NICitadel5Service) National Instruments Citadel [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\nicitdl5.exe -> MD5 = 3C3A62A212A46DD183E153168AE39202 | National Instruments, Inc. [Ver = 5.2.0.783 | Size = 1150976 bytes | Modified Date = 11/13/2005 8:31:16 PM | Attr =	]
(nidevldu) nidevldu [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\nipalsm.exe -> MD5 = 028E3BE58A83E671A349F84704F80387 | National Instruments Corporation [Ver = 2.1.0f0 | Size = 5728 bytes | Modified Date = 9/22/2005 4:16:08 PM | Attr =	]
(NIDomainService) National Instruments Domain Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\National Instruments\Shared\Security\nidmsrv.exe -> MD5 = 046609D2DF2A399AB05D17959243930A | National Instruments, Inc. [Ver = 1.1.0.1046 | Size = 204800 bytes | Modified Date = 11/11/2005 9:49:50 AM | Attr =	]
(nipxirmu) nipxirmu [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\nipalsm.exe -> MD5 = 028E3BE58A83E671A349F84704F80387 | National Instruments Corporation [Ver = 2.1.0f0 | Size = 5728 bytes | Modified Date = 9/22/2005 4:16:08 PM | Attr =	]
(niRTProxy) niRTProxy [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\RTProxy.exe -> MD5 = AC33169425BACCDC234A9F3FA9D7FFA6 | National Instruments [Ver = 8.0.0.10664 | Size = 77824 bytes | Modified Date = 5/23/2005 9:31:12 PM | Attr =	]
(niSvcLoc) NI Service Locator [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\nisvcloc.exe -> MD5 = 44C898CA05D4DAA83EAEA9708F87DCFB | National Instruments Corp. [Ver = 8, 0, 0, 3 | Size = 49152 bytes | Modified Date = 10/10/2005 1:08:32 PM | Attr =	]
(NITaggerService) National Instruments Variable Engine [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\National Instruments\Shared\Tagger\tagsrv.exe -> MD5 = 748D66B8F133B7C650BCE469ADCF432D | National Instruments, Inc. [Ver = 1.1.0.1046 | Size = 659456 bytes | Modified Date = 11/11/2005 10:00:04 AM | Attr =	]

[Driver Services - Non-Microsoft Only]
(cvintdrv) cvintdrv [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\cvintdrv.sys -> MD5 = DBD89BC0DBE00DCD245BE8F61DBEE291 |  [Ver =  | Size = 4096 bytes | Modified Date = 10/18/2005 9:00:00 AM | Attr =	]
(ENTECH) ENTECH [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\ENTECH.SYS -> File not found
(FTD2XX) Flashpaq FTD2XX.SYS FT8U2XX device driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\FTD2XX.sys -> MD5 = 07A83A2E070357075C2056810C67C9E4 | FTDI Ltd. [Ver = 3.01.04.1 | Size = 34639 bytes | Modified Date = 12/15/2005 3:27:52 PM | Attr =	]
(gpib420) GPIB Analyzer [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\gpib420.sys -> MD5 = D220B8EBC4149E266AD9157B5A981AC0 | National Instruments Corporation [Ver = 02.04.00.3055 | Size = 31334 bytes | Modified Date = 7/18/2005 12:45:44 AM | Attr =	]
(GpibPrtK) Gpib Port [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\GpibPrtK.sys -> MD5 = DE10DC1E0E954FCCFA61B6C92C83A091 | National Instruments Corporation [Ver = 02.04.00.3055 | Size = 199783 bytes | Modified Date = 7/18/2005 12:25:40 AM | Attr =	]
(iAimTV2) iAimTV2 [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\wATV03nt.sys -> File not found
(Lkintpt) Lkintpt [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\Lkintpt.sys -> MD5 = 0346CB654ED04DFE83A27887C88B2EED |  [Ver =  | Size = 7392 bytes | Modified Date = 11/28/2002 3:57:08 PM | Attr =	]
(Lkphysio) Lkphysio [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\Lkphysio.sys -> MD5 = C0C6B8868D501CE2B1E11AD89B8F1BF1 |  [Ver =  | Size = 5984 bytes | Modified Date = 11/28/2002 3:57:08 PM | Attr =	]
(lvalarmk) lvalarmk [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\lvalarmk.dll -> MD5 = AD1A428085F6499AFC085DB14E6C2EBC | National Instruments [Ver = 7, 1, 0, 27 | Size = 10829 bytes | Modified Date = 7/27/2005 7:58:56 AM | Attr =	]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\MRAID35X.SYS -> MD5 = 3F4BB95E5A44F3BE34824E8E7CAF0737 | American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 2:52:12 PM | Attr =	]
(niarbk) niarbk [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\niarbk.dll -> MD5 = 5D249C5365F819F70882570A1746C9D2 | National Instruments Corporation [Ver = 1.0.0f1 | Size = 37376 bytes | Modified Date = 10/13/2005 8:29:32 AM | Attr =	]
(nibffrk) nibffrk [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\nibffrk.dll -> MD5 = EC11F3561E9EF42B515839C5FEED393B | National Instruments Corporation [Ver = 1.0.0f11 | Size = 21504 bytes | Modified Date = 10/13/2005 8:29:34 AM | Attr =	]
(nicanpk) nicanpk [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\NICANpk.dll -> MD5 = 1093A51BCF319482CFB69DA8B340B0A5 | National Instruments Corporation [Ver = 2.3.1.3004 | Size = 136791 bytes | Modified Date = 10/14/2005 5:02:34 AM | Attr =	]
(nicdrk) nicdrk [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\nicdrk.dll -> MD5 = 45D9C1DC06FAD0395E0861CC89700FBC | National Instruments Corporation [Ver = 1.2.1f0 | Size = 170496 bytes | Modified Date = 10/6/2005 10:56:28 AM | Attr =	]
(Nidaq32k) Nidaq32k [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\nidaq32k.sys -> MD5 = 6DEB11476814065B9A59434F266FC69D | National Instruments Corporation [Ver = 7.4.1f4 | Size = 674304 bytes | Modified Date = 10/13/2005 9:17:26 AM | Attr =	]
(nidimk) nidimk [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\nidimk.dll -> MD5 = 07AF1E1DD9AA923CD3F3D5CF5EF5E27B | National Instruments Corporation [Ver = 1.3.0f0 | Size = 141824 bytes | Modified Date = 9/28/2005 8:14:02 PM | Attr =	]
(nidmmk) NI DMM and Data Logger Kernel Driver [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\nidmmk.dll -> MD5 = D87CF93416AD39647F47F69E527C9507 | National Instruments Corporation [Ver = 1.1.0f102 | Size = 50688 bytes | Modified Date = 10/13/2005 9:18:50 AM | Attr =	]
(nidmxfk) nidmxfk [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\nidmxfk.dll -> MD5 = 89662F827524A030EF10BDF1EA00D74A | National Instruments Corporation [Ver = 1.4.0f4 | Size = 166912 bytes | Modified Date = 10/13/2005 6:27:56 AM | Attr =	]
(nidsark) nidsark [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\nidsark.dll -> MD5 = 19ED03F78107F2776796FA5C7AAB8835 | National Instruments Corporation [Ver = 1.5.0f0 | Size = 714752 bytes | Modified Date = 10/6/2005 11:14:50 AM | Attr =	]
(nidwgk) nidwgk [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\nidwgk.dll -> MD5 = 243539C91EF531C73C4CF40C9E49FE21 | National Instruments Corporation [Ver = 1.4.0f4 | Size = 979456 bytes | Modified Date = 9/20/2005 7:48:50 PM | Attr =	]
(niembrtk) niembrtk [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\niembrtk.sys -> MD5 = 23D8891AB70CB1B6004AED1602554B16 | National Instruments [Ver = 1.0.1f0 | Size = 30720 bytes | Modified Date = 7/8/2004 9:24:36 AM | Attr =	]
(niemrk) niemrk [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\niemrk.dll -> MD5 = 73CBA5BE1EE9801118DB76C88E241FD5 | National Instruments Corporation [Ver = 1.7.0f1 | Size = 346624 bytes | Modified Date = 10/6/2005 11:19:54 PM | Attr =	]
(niesrk) niesrk [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\niesrk.dll -> MD5 = C6A616068A91BE726F391EDF5DBB712E | National Instruments Corporation [Ver = 1.7.0f1 | Size = 489984 bytes | Modified Date = 10/6/2005 11:19:58 PM | Attr =	]
(nifslk) nifslk [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\nifslk.dll -> MD5 = E3A20952DEF1A835A8D41D31B1E23FAA | National Instruments Corporation [Ver = 1.1.0f0 | Size = 35328 bytes | Modified Date = 10/6/2005 10:32:18 AM | Attr =	]
(nigplk) nigplk [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\nigplk.dll -> MD5 = 8CD4C73E3E14F1C339214BDA702B67F2 | National Instruments Corporation [Ver = 1.0.4f0 | Size = 100352 bytes | Modified Date = 9/20/2005 5:17:58 PM | Attr =	]
(nihsdrk) nihsdrk [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\nihsdrk.dll -> MD5 = 15A5FF7BE3412E34164734F29C9FFC97 | National Instruments Corporation [Ver = 1.4.1f0 | Size = 534016 bytes | Modified Date = 9/20/2005 7:45:14 PM | Attr =	]
(nimdbgk) nimdbgk [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\nimdbgk.dll -> MD5 = 7FFC2CA3E678D05D3B22C5DB9846F3D8 | National Instruments Corporation [Ver = 1.3.0f0 | Size = 170496 bytes | Modified Date = 9/28/2005 7:07:04 PM | Attr =	]
(nimdsk) nimdsk [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\nimdsk.dll -> MD5 = DD4B89019AB1ECA5C04757E2F7D8A9E4 | National Instruments Corporation [Ver = 1.0.0f5 | Size = 30208 bytes | Modified Date = 10/13/2005 8:30:18 AM | Attr =	]
(nimru2k) nimru2k [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\nimru2k.dll -> MD5 = 17293237E455E79F5B15FC262EC44647 | National Instruments Corporation [Ver = 2.4.0f0 | Size = 231936 bytes | Modified Date = 9/28/2005 8:54:50 PM | Attr =	]
(nimsdrk) nimsdrk [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\nimsdrk.dll -> MD5 = 11A086D764C8B7B46AEFAC0A5A85B3CF | National Instruments Corporation [Ver = 1.4.1f0 | Size = 131072 bytes | Modified Date = 10/6/2005 11:19:44 AM | Attr =	]
(nimslk) nimslk [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\nimslk.dll -> MD5 = 99521722C0858AB23E06855E1069C725 | National Instruments Corporation [Ver = 1.1.1f0 | Size = 14464 bytes | Modified Date = 10/6/2005 12:00:30 AM | Attr =	]
(nimsrlk) nimsrlk [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\nimsrlk.dll -> MD5 = ACFD05455DF010E85E0C8A56E9C255C3 | National Instruments Corporation [Ver = 1.1.1f0 | Size = 151683 bytes | Modified Date = 10/6/2005 12:00:32 AM | Attr =	]
(nimstsk) nimstsk [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\nimstsk.dll -> MD5 = 3B42DFBD8EF619C788477DEEF36D5BD3 | National Instruments Corporation [Ver = 1.4.0f0 | Size = 51200 bytes | Modified Date = 10/6/2005 11:25:30 AM | Attr =	]
(nimxdfk) nimxdfk [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\nimxdfk.dll -> MD5 = 87B956CBD9B360D46D0D5B8936ABAF8F | National Instruments Corporation [Ver = 1.4.0f0 | Size = 212480 bytes | Modified Date = 9/28/2005 7:52:50 PM | Attr =	]
(nimxpk) nimxpk [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\nimxpk.dll -> MD5 = 5F903BC1B9F9E956414BBDDBA16FAC2A | National Instruments Corporation [Ver = 1.4.0f0 | Size = 19456 bytes | Modified Date = 10/6/2005 11:31:52 AM | Attr =	]
(niorbk) niorbk [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\niorbk.dll -> MD5 = 4D2D48CA86BD80AE4A6E449910201EEF | National Instruments Corporation [Ver = 1.3.0f2 | Size = 38912 bytes | Modified Date = 10/6/2005 3:22:48 PM | Attr =	]
(NIPALK) NIPALK [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\nipalk.sys -> MD5 = 9E596685B0FE0EB78D429B066196F461 | National Instruments Corporation [Ver = 1.10.0f0 | Size = 531968 bytes | Modified Date = 9/22/2005 8:12:08 PM | Attr =	]
(nipxirmk) nipxirmk [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\nipxirmk.dll -> MD5 = D91EB361C2FC2253719D4F653320FDD1 | National Instruments Corporation [Ver = 1.5.1f0 | Size = 55296 bytes | Modified Date = 9/21/2005 10:30:46 AM | Attr =	]
(niscdk) niscdk [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\niscdk.dll -> MD5 = 011786A34D27187AD3ABBD8805D57B5D | National Instruments Corporation [Ver = 1.5.0f0 | Size = 497664 bytes | Modified Date = 10/6/2005 11:07:16 AM | Attr =	]
(nisdigk) nisdigk [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\nisdigk.dll -> MD5 = 363CB4CB12FC75EACF9B5F88ED80F51A | National Instruments Corporation [Ver = 1.5.0f1 | Size = 233472 bytes | Modified Date = 10/6/2005 11:06:38 PM | Attr =	]
(nisftk) nisftk [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\nisftk.dll -> MD5 = 2039B087947B5ACA8C84DF59258CBEE6 | National Instruments Corporation [Ver = 1.5.0f0 | Size = 163328 bytes | Modified Date = 10/6/2005 10:48:30 AM | Attr =	]
(nisldk) nisldk [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\niSLDk.dll -> MD5 = 01B7543E24734AB41C254D57ED3E404D | National Instruments Corporation [Ver = 1.2.1f6 | Size = 373863 bytes | Modified Date = 9/20/2005 7:32:00 PM | Attr =	]
(nispdk) nispdk [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\nispdk.dll -> MD5 = B3727737C07311A76B21864EAAD5E662 |  [Ver =  | Size = 42496 bytes | Modified Date = 10/6/2005 11:07:18 AM | Attr =	]
(nisrcdk) nisrcdk [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\nisrcdk.dll -> MD5 = 809E7C28F267A275391181CA1C5128A7 | National Instruments Corporation [Ver = 1.3.0f0 | Size = 677486 bytes | Modified Date = 9/20/2005 7:04:14 PM | Attr =	]
(nissrk) nissrk [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\nissrk.dll -> MD5 = 9FA3FF402715EF0F99CB574CAC1CDBB3 | National Instruments Corporation [Ver = 1.7.0f1 | Size = 1058304 bytes | Modified Date = 10/6/2005 11:20:04 PM | Attr =	]
(nistc2k) nistc2k [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\nistc2k.dll -> MD5 = 26B93D94209352D239000D1B177C1D01 | National Instruments Corporation [Ver = 2.2.0f0 | Size = 163328 bytes | Modified Date = 10/6/2005 11:03:36 AM | Attr =	]
(nistck) nistck [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\niSTCk.dll -> MD5 = 45BFFAED056B917407CC2D52A520A582 | National Instruments Corporation [Ver = 1.0.0f3 | Size = 111616 bytes | Modified Date = 10/13/2005 8:30:36 AM | Attr =	]
(nistcrk) nistcrk [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\nistcrk.dll -> MD5 = C48BDF1B1EEF9FD086302194C8D928EA | National Instruments Corporation [Ver = 1.4.0f1 | Size = 110080 bytes | Modified Date = 10/10/2005 7:07:02 PM | Attr =	]
(niswdk) niswdk [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\niswdk.dll -> MD5 = C89E56ECA46FDDB251D303AFE1BD61B5 | National Instruments Corporation [Ver = 1.6.0f2 | Size = 476160 bytes | Modified Date = 10/8/2005 12:08:24 AM | Attr =	]
(nitiork) nitiork [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\nitiork.dll -> MD5 = 3806925CA9B1654404837B664139E2B0 | National Instruments Corporation [Ver = 1.4.0f1 | Size = 692736 bytes | Modified Date = 10/6/2005 11:54:24 PM | Attr =	]
(NiViFWK) NI-VISA FireWire Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\NiViFWK.sys -> MD5 = A4C4BFDDCAB8E54FC716284289B4DDB3 | National Instruments Corporation [Ver = 3.4.0f0 | Size = 8704 bytes | Modified Date = 10/12/2005 4:13:56 PM | Attr =	]
(NiViPciK) NI-VISA PCI Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\NiViPciK.sys -> MD5 = 00830F80DAD4A25D1C81635B523F8492 | National Instruments Corporation [Ver = 3.4.0f0 | Size = 37376 bytes | Modified Date = 10/12/2005 4:04:26 PM | Attr =	]
(NiViPxiK) NI-VISA PXI Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\NiViPxiK.sys -> MD5 = 0DC80DB7CE9CA2951F94392AB5B026A7 | National Instruments Corporation [Ver = 3.4.0f0 | Size = 10752 bytes | Modified Date = 10/12/2005 4:04:28 PM | Attr =	]
(niwdk) niwdk [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\niwdk.sys -> MD5 = 9D42E04768F46DEFF0F618420FC31097 | National Instruments [Ver = 2.1.4f0 | Size = 18432 bytes | Modified Date = 10/5/2005 4:34:04 PM | Attr =	]
(niwfrk) niwfrk [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\niwfrk.dll -> MD5 = AF3915B82B4A1596C2BD238F2AA7D412 | National Instruments Corporation [Ver = 1.7.0f1 | Size = 422400 bytes | Modified Date = 10/6/2005 11:20:12 PM | Attr =	]
(nixsrk) nixsrk [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\nixsrk.dll -> MD5 = 60701781EF0DBEB2DD2037E7BC247995 | National Instruments Corporation [Ver = 1.7.0f1 | Size = 926720 bytes | Modified Date = 10/6/2005 11:20:20 PM | Attr =	]
(PCASp50) PCASp50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\PCASp50.sys -> File not found
(RimVSerPort) RIM Virtual Serial Port v2 [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\RimSerial.sys -> MD5 = D9B34325EE5DF78B8F28A3DE9F577C7D | Research in Motion Ltd [Ver = 2.1.0.4 | Size = 26496 bytes | Modified Date = 1/18/2007 10:24:58 AM | Attr = R  ]
(SDDMI2) SDDMI2 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DDMI2.sys -> File not found
(SMNDIS5) SMNDIS5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Verizon Wireless\VZAccess Manager\SMNDIS5.sys -> MD5 = 4EF5EA44583C37383C289D4B8C354698 | Smith Micro Software, Inc. [Ver = 5.04 | Size = 16936 bytes | Modified Date = 11/26/2002 2:54:58 PM | Attr =	]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SPARROW.SYS -> MD5 = 83C0F71F86D3BDAF915685F3D568B20E | Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 3:07:44 PM | Attr =	]
(Stltrk2k) Stltrk2k [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\StlTrk2k.Sys -> MD5 = 12AB16135E1C02D5878A9957E4C99E7D | SCM Microsystems Inc. [Ver = 3.00.03 | Size = 13229 bytes | Modified Date = 5/24/2001 9:14:34 AM | Attr =	]
(usb6xxxk) usb6xxxk [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\usb6xxxk.dll -> MD5 = 473224D785649D95FE77FEF008DEB794 | National Instruments Corporation [Ver = 1.0.1f0 | Size = 19968 bytes | Modified Date = 10/6/2005 11:06:48 PM | Attr =	]
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\wanatw4.sys -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
 ->  [] -> File not found
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> MD5 = 8B9145D229D4E89D15ACB820D4A3A90F | Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 1/11/2008 10:16:38 PM | Attr =	]
ATIModeChange -> %SystemRoot%\SYSTEM32\Ati2mdxx.exe [Ati2mdxx.exe] -> MD5 = FAE95D6D7651B5629C4E19ADBC9A3863 | ATI Technologies, Inc. [Ver = 4.13.3 | Size = 28672 bytes | Modified Date = 9/4/2001 12:24:26 PM | Attr =	]
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe [C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe] -> MD5 = 700F77FB173E19B7F42426B1FCA05F02 | ATI Technologies, Inc. [Ver = 6.14.10.4032 | Size = 315392 bytes | Modified Date = 2/20/2003 10:00:00 PM | Attr =	]
Dell AIO Printer A940 -> %ProgramFiles%\Dell AIO Printer A940\dlbabmgr.exe ["C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"] -> MD5 = 4B5D22BD0A11E1C97ECFA5A45A529FCB | Dell Computer Corporation [Ver = 0.1.1.1 | Size = 86102 bytes | Modified Date = 2/17/2003 6:00:36 PM | Attr =	]
diagent -> %ProgramFiles%\Creative\SBLive\Diagnostics\diagent.exe ["C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup] -> MD5 = 8EB2419F6228651874B99A338696A77D | Creative Technology Ltd [Ver = 1, 1, 4, 0 | Size = 135264 bytes | Modified Date = 4/3/2002 2:01:00 AM | Attr =	]
dla -> %SystemRoot%\SYSTEM32\dla\tfswctrl.exe [C:\WINDOWS\system32\dla\tfswctrl.exe] -> MD5 = 2BFF8A443334A034DF73D2C8D808D2A7 | Sonic Solutions [Ver = 1.04.05b | Size = 114741 bytes | Modified Date = 8/6/2003 2:04:00 AM | Attr =	]
DVDSentry -> %SystemRoot%\SYSTEM32\DSentry.exe [C:\WINDOWS\System32\DSentry.exe] -> MD5 = D9EE81715CC700CAC1C552C247D78D8C | Dell - Advanced Desktop Engineering [Ver = 1, 0, 5, 0 | Size = 28672 bytes | Modified Date = 8/13/2003 11:27:40 AM | Attr =	]
KernelFaultCheck ->  [%systemroot%\system32\dumprep 0 -k] -> File not found
mcagent_exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe [C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey] -> MD5 = 9405B452064BFA6A0F78E2F177A988A4 | McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 8/3/2007 10:33:14 PM | Attr =	]
UpdateManager -> %CommonProgramFiles%\Sonic\Update Manager\sgtray.exe ["C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r] -> MD5 = 22FD4E58D69969A9165721C797D54931 | Sonic Solutions [Ver = 1.01.32a | Size = 110592 bytes | Modified Date = 8/19/2003 12:01:00 AM | Attr =	]
UpdReg -> %SystemRoot%\Updreg.EXE [C:\WINDOWS\UpdReg.EXE] -> MD5 = C419DF63E0121D72411285780C2FC6CC | Creative Technology Ltd. [Ver = 1.0.2 | Size = 90112 bytes | Modified Date = 5/11/2000 2:00:00 AM | Attr =	]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
DellSupport -> %ProgramFiles%\DellSupport\DSAgnt.exe ["C:\Program Files\DellSupport\DSAgnt.exe" /startup] -> MD5 = B75FDBF14073D72C50624CC8338DD534 | Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 460784 bytes | Modified Date = 3/15/2007 11:09:36 AM | Attr =	]
Sonic RecordNow! ->  [] -> File not found
< Run [HKEY_USERS\S-1-5-21-860058152-2078134388-2103317717-500\] > -> HKEY_USERS\S-1-5-21-860058152-2078134388-2103317717-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
DellSupport -> %ProgramFiles%\DellSupport\DSAgnt.exe ["C:\Program Files\DellSupport\DSAgnt.exe" /startup] -> MD5 = B75FDBF14073D72C50624CC8338DD534 | Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 460784 bytes | Modified Date = 3/15/2007 11:09:36 AM | Attr =	]
Sonic RecordNow! ->  [] -> File not found
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> 
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Kodak EasyShare software.lnk -> %ProgramFiles%\Kodak\Kodak EasyShare software\bin\EasyShare.exe -> MD5 = FBB5B5B4D8C96624C7D57C5FB25F387D | Eastman Kodak Company [Ver = 6, 40, 53, 95 | Size = 282624 bytes | Modified Date = 9/19/2007 4:33:46 AM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\ymetray.lnk -> %ProgramFiles%\Yahoo!\Yahoo! Music Jukebox\ymetray.exe -> MD5 = BFDD1F0370BAED5FD654A84207BEF2E3 | Yahoo! Inc. [Ver = 2.2.2.056 (Build 056) | Size = 54512 bytes | Modified Date = 10/3/2007 1:56:10 PM | Attr =	]
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
< Jeff Startup Folder > -> C:\Documents and Settings\Jeff\Start Menu\Programs\Startup -> 
< Roxanne Startup Folder > -> C:\Documents and Settings\Roxanne\Start Menu\Programs\Startup -> 
%SystemDrive%\Documents and Settings\Roxanne\Start Menu\Programs\Startup\Event Reminder.lnk -> %ProgramFiles%\Mindscape\PrintMaster\PMREMIND.EXE -> MD5 = ADBE446D216D51CA2A9FDED13EDD4C2D |  [Ver = 1, 0, 0, 1 | Size = 325632 bytes | Modified Date = 6/6/1998 10:33:30 AM | Attr =	]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> %SystemRoot%\explorer.exe -> MD5 = 97BD6515465659FF8F3B7BE375B2EA87 | Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 5:23:07 AM | Attr =	]
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\SYSTEM32\userinit.exe -> MD5 = 39B1FFB03C2296323832ACBAE50D2AFF | Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/4/2004 2:56:57 AM | Attr =	]
*MultiFile Done* -> -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
logonui.exe -> %SystemRoot%\SYSTEM32\logonui.exe -> MD5 = 7DB59FFF2AF32C27EB2276424FA5EDDB | Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 8/4/2004 2:56:50 AM | Attr =	]
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> %SystemRoot%\SYSTEM32\shell32.dll -> MD5 = 3BE4C2E84D99889685FE2B68E5FA2A9D | Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 10:34:01 PM | Attr =	]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\SYSTEM32\sysdm.cpl -> MD5 = 60881F813BA450A2EC6F0A9C6F42BF63 | Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 8/4/2004 2:56:57 AM | Attr =	]
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_USERS\S-1-5-21-860058152-2078134388-2103317717-500] > -> HKEY_USERS\S-1-5-21-860058152-2078134388-2103317717-500\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
AtiExtEvent -> %SystemRoot%\SYSTEM32\ati2evxx.dll -> MD5 = 4809E8373D421BCC5FD60656EE7B777B |  [Ver =  | Size = 86016 bytes | Modified Date = 12/12/2003 8:42:14 AM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> _ [binary data] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
Reg Error: Key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> 
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
Reg Error: Key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
Reg Error: Key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-860058152-2078134388-2103317717-500] > -> HKEY_USERS\S-1-5-21-860058152-2078134388-2103317717-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_USERS\S-1-5-21-860058152-2078134388-2103317717-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-21-860058152-2078134388-2103317717-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
Reg Error: Key HKEY_USERS\S-1-5-21-860058152-2078134388-2103317717-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> 
< CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\SYSTEM32\DRIVERS\cdrom.sys [System32\DRIVERS\cdrom.sys] -> MD5 = AF9C19B3100FE010496B1A27181FBF72 | Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/4/2004 12:59:52 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC	 MBR-7	->  -> File not found
NEC	 MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
< Drives with AutoRun files > ->  -> 
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> MD5 = D41D8CD98F00B204E9800998ECF8427E |  [Ver =  | Size = 0 bytes | Modified Date = 9/3/2002 2:36:02 PM | Attr =	]
AUTORCD.EXE [MZ | ] -> D:\AUTORCD.EXE [ CDFS ] -> MD5 = 0CCDECE900D09D9C985C0FD122AB7B74 | Dell Computer Corporation [Ver = 1.01.00 | Size = 180224 bytes | Modified Date = 7/25/2001 5:14:48 PM | Attr = R  ]
AUTORUN.INF [[autorun] | open = autoRcd.exe | icon = autoRcd.exe | ] -> D:\AUTORUN.INF [ CDFS ] -> MD5 = B89C93499D36CAA0363469A59DE053FC |  [Ver =  | Size = 49 bytes | Modified Date = 1/11/2000 5:51:40 PM | Attr = RH ]
Autoruns.zip [PK | ] -> E:\Autoruns.zip [ FAT32 ] -> MD5 = 1317DD09C81B4B8056E07F888C285AD9 |  [Ver =  | Size = 575943 bytes | Modified Date = 9/10/2008 8:23:04 PM | Attr =	]
Autoruns [] -> E:\Autoruns [ FAT32 ] ->  [Folder | Modified Date = 9/10/2008 8:24:02 PM | Attr =	]
Hosts file not found -> -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Default_Page_URL -> http://www.dellnet.com -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.dellnet.com -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: Main\\Default_Page_URL -> http://www.dellnet.com -> 
HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.dellnet.com -> 
HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: Main\\Default_Page_URL -> http://www.dellnet.com -> 
HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.dellnet.com -> 
HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-860058152-2078134388-2103317717-500\] > -> -> 
HKEY_USERS\S-1-5-21-860058152-2078134388-2103317717-500\: Main\\Default_Page_URL -> http://www.dellnet.com -> 
HKEY_USERS\S-1-5-21-860058152-2078134388-2103317717-500\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_USERS\S-1-5-21-860058152-2078134388-2103317717-500\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\S-1-5-21-860058152-2078134388-2103317717-500\: Main\\Start Page -> http://www.dellnet.com -> 
HKEY_USERS\S-1-5-21-860058152-2078134388-2103317717-500\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4703 domain(s) found. -> 
online_musicmatch.com [https] -> Trusted sites -> 
44 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4701 domain(s) found. -> 
42 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4712 domain(s) found. -> 
43 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 78 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4712 domain(s) found. -> 
43 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 78 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-860058152-2078134388-2103317717-500\] > -> HKEY_USERS\S-1-5-21-860058152-2078134388-2103317717-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-860058152-2078134388-2103317717-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4701 domain(s) found. -> 
42 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-860058152-2078134388-2103317717-500\] > -> HKEY_USERS\S-1-5-21-860058152-2078134388-2103317717-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-860058152-2078134388-2103317717-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{878F8BE9-964E-46D8-9AB5-985C4D871200} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\ssqOEWPF.dll [Reg Error: Value  does not exist or could not be read.] -> File not found
{92294A34-5287-4B06-B349-2D2F7B0B21B7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_USERS\S-1-5-21-860058152-2078134388-2103317717-500\] > -> HKEY_USERS\S-1-5-21-860058152-2078134388-2103317717-500\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\System32\msjava.dll [Sun Java Console] -> File not found
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}:Exec -> %ProgramFiles%\PartyPoker\PartyPoker.exe [PartyPoker.com] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\System32\msjava.dll [Web Browser Applet Control] -> File not found
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\System32\msjava.dll [Web Browser Applet Control] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\System32\msjava.dll [Web Browser Applet Control] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-860058152-2078134388-2103317717-500\] > -> HKEY_USERS\S-1-5-21-860058152-2078134388-2103317717-500\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\System32\msjava.dll [Web Browser Applet Control] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{EDC0D81C-08CA-4C56-822C-79F2253B1934} ->	(Intel(R) PRO/100 VE Network Connection) -> 
< Default Protocols [HKEY_USERS\.DEFAULT\] - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 
shell -> shell protocol not assigned -> 
< Default Protocols [HKEY_USERS\S-1-5-18\] - Select to Repair > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> 
shell -> shell protocol not assigned -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://active.macromedia.com/director/cabs/sw.cab[Shockwave ActiveX Control] -> 
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}[HKEY_LOCAL_MACHINE] -> http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab[McAfee.com Operating System Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2] -> 
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}[HKEY_LOCAL_MACHINE] -> http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab[DwnldGroupMgr Class] -> 
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->


[Registry - Additional Scans - Non-Microsoft Only]
< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ -> 
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> MD5 = D59B254A0D0D3456C9E522E65D662777 | BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 9/12/2002 10:28:14 AM | Attr =	]
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> 
iTunesHelper hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\iTunes\iTunesHelper.exe -> MD5 = BE4D3D5423B364C54A66E86673D57F08 | Apple Inc. [Ver = 7.4.2.4 | Size = 267064 bytes | Modified Date = 9/14/2007 10:00:06 AM | Attr =	]
QuickTime Task hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\QuickTime\QTTask.exe -> MD5 = 45E5DB49800F1BF5BD39BDB8CC501E66 | Apple Inc. [Ver = 7.3 | Size = 286720 bytes | Modified Date = 11/14/2007 11:43:10 PM | Attr =	]
RoxWatchTray hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe -> MD5 = CAA8F928EFAE7E713C29B7814B820396 | Sonic Solutions [Ver = 9.1.1.32 | Size = 228088 bytes | Modified Date = 3/26/2007 7:07:24 AM | Attr =	]
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.bat [@ = batfile] -> "%1" %* -> 
.cmd [@ = cmdfile] -> "%1" %* -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
.pif [@ = piffile] -> "%1" %* -> 
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
{01610E8F-5F6A-4D9A-AFC4-3FE1AC19C488} -> NI-653x Support
{03EDED24-8375-407D-A721-4643D9768BE1} -> kgchlwn
{061AE98B-178A-4143-A52A-68ED9279644D} -> NI Legacy DAQmxRF
{073F22CE-9A5B-4A40-A604-C7270AC6BF34} -> ESSSONIC
{09B0D7DF-1871-4DAF-9644-D34E0641F309} -> NI DHV DCMP Installer 105f1
{09DA4F91-2A09-4232-AB8C-6BC740096DE3} -> Sonic Update Manager
{0AA096F0-FD0C-4859-8F71-441699B16752} -> NI-SCOPE 2.9.2
{0BEDBD4E-2D34-47B5-9973-57E62B29307C} -> ATI Control Panel
{0CF6DF46-1058-4B3B-A49E-1C70145C849F} -> NI-VISA Server 3.4
{0FA913CA-3064-4FAF-9C59-94EC94B59EE5} -> NI BIOS Updater
{1000AB34-C266-4C59-93FC-3B8980271B7D} -> NI LabVIEW Real-Time Support for PXI-8184 (7151)
{11226129-5E15-4A7A-8BF4-4B6624242CD5} -> NI Variable Engine Serial Support RT
{11AE3814-BE69-4934-B256-E918F574340F} -> NI-488.2 2.43
{11F1920A-56A2-4642-B6E0-3B31A12C9288} -> Dell Solution Center
{11F3F858-4131-4FFA-A560-3FE282933B6E} -> kgchday
{1206EF92-2E83-4859-ACCB-2048C3CB7DA6} -> Sonic DLA
{12E5279E-4828-48EC-9ED1-CD344787F50F} -> NI LabVIEW 8.0 Examples
{14D4ED84-6A9A-45A0-96F6-1753768C3CB5} -> ESSPCD
{16850024-A6D4-41AC-905D-0D73EADCBBA0} -> NI LabVIEW 8.0 User.lib
{177A14DA-544B-4952-8F96-76B757BEC46C} -> NI-MDBG 1.3.0f0 for Phar Lap ETS
{1AD77A05-76EC-44CF-940F-799FFFE6C731} -> NI Assistant Framework
{1C85BB92-B17F-4CE3-AC53-F9350D1B6D98} -> NI SignalExpress 1.2.2 Datatypes
{1CD22E87-2EAF-43E9-AB88-362B75FBEE02} -> NI LabVIEW 8.0 MeasAppChm File
{1D38FD28-F714-499E-A695-EE14EB74D930} -> NI LabVIEW FPGA Elemental I_O Provider
{1D51A29C-475D-43A7-A6E8-5592FF6E343D} -> NI LabVIEW 8.0 Simulation
{1D643CD7-4DD6-11D7-A4E0-000874180BB3} -> Microsoft Money 2004
{1E37767B-1A94-4FEA-9120-15B3360B6D3A} -> NI-DAQmx OPC Support
{1E4A51C7-4B10-4D86-9C78-18C750C0A181} -> NI LabVIEW Real-Time Support for PXI-8156B/817x (E002)
{1E69A057-8D89-426F-83D3-A0CC2F8D4BE9} -> NI LabVIEW FPGA Help
{1E85A47B-4150-4003-8283-8B2EB94AF5C9} -> NI-RPC 3.2.1f0
{1EA6473D-6AFB-4349-B138-DBD810C0F34E} -> NI-DMM 2.4.6
{1F72FFB7-3E5C-4752-9E23-FA6CE0281CAD} -> NI-IRDA 1.0.2f0 for Phar Lap ETS
{1FFB4CF4-FF33-41D9-BF88-252A421583AC} -> NI LabVIEW 7.1.1 Real-Time Update
{2146CF1A-5ACD-4A50-8B36-6A7DD095B08C} -> NI-DAQ INF Files
{2162942A-F2BE-4878-9998-9337CDB3E111} -> NI OPC IO Server
{221861B8-D133-4377-803D-F005EB2B733C} -> NI LVBrokerAux1071
{23A17C05-776A-41A2-900A-ECF81DC14852} -> NI LabVIEW 8.0 iMath
{2555F283-A782-4F9F-829F-268A9B0F9CC1} -> POINT
{255D87CE-1E45-4795-9731-454EF5371B02} -> NI USI 1.2.0
{265E79C6-B5E9-4556-8F72-518CC2511D26} -> NI-VISA 3.4.1
{26D0444F-F41E-4350-8AB9-FD9F04678622} -> NI-INTEL8255X 1.2.1f0 for Phar Lap ETS
{26F4D5DD-865B-4A2B-9A36-EE22ACA97331} -> NI-MXDF 1.4.0f0
{28B4CCEE-10CE-4C8C-B2D6-8CEBF5DF6183} -> NI LabVIEW 8.0 FPGA Module
{28C59BDD-55F3-4454-BF17-37AC537F894B} -> NI MDF Support
{290A2F4D-0D02-443B-A879-77EF01318D92} -> NI-MRU 2.4.0f0 for Phar Lap ETS
{291A772C-FFB9-4681-B720-AB2A0A620896} -> Adobe Reader for Pocket PC 2.0
{293E0808-B954-4F64-A4E1-78529AD2F0D4} -> NI LabVIEW Database Connectivity Toolset 1.0.1
{29814AC5-F1CA-45FE-A5C6-5C93A3E9D9B2} -> NI Registration Wizard
{2AB766DE-020C-48C5-AECB-52975DBBDD53} -> NI-FieldPoint for LabVIEW Real-Time 5.0
{2B8681BE-302C-4976-8E77-2735EAEF2AAD} -> NI-VISA for LabVIEW Real-Time 3.4
{2BD1A5B5-8E98-4E2D-9BE5-D68C57C2FDBE} -> NI Assistant Framework LabVIEW Code Generator 7.0
{2C8ACC4A-240C-4EC8-81BC-792C5DAE027D} -> NI-DIM 1.3.0f0 for Phar Lap ETS
{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F} -> essvatgt
{2D7B1642-931E-47C5-9B55-A4E83A9548FD} -> NI-RPC 3.2.1f0 for Phar Lap ETS
{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} -> Rhapsody Player Engine
{2E7595EC-4FB1-4E29-93D4-9083C8A9B107} -> TurboTax ItsDeductible 2005
{30A85EF2-303B-4451-A92A-923CA84CDA71} -> NI LabVIEW 8.0 Update
{32117214-B9F1-4EAC-8EC3-417161EC388D} -> NI LabVIEW MAX XML
{3263845B-95F2-43C0-817E-B7BF25BCB742} -> NI-PAL 1.10.0f0 for Phar Lap ETS
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP
{36495C59-089C-49D1-BD15-9E5BD86DC9A1} -> ItsDeductible Express
{36B13A26-2DD0-4441-A747-C788B4623929} -> NI-SWITCH 3.0
{36DC540B-3062-4538-B1D1-E367BC9F47FC} -> NI LVBrokerAux71
{37128905-461C-41E3-86EF-A0B7A627B548} -> NI DHV GPL 107f1
{37477865-A3F1-4772-AD43-AAFC6BCFF99F} -> MSXML 4.0 SP2 (KB927978)
{379EFFEF-FBF0-42DB-B61E-3B56D7BE656B} -> NI LabVIEW State Diagram Toolkit 1.0
{381E653F-D10F-4866-9A50-E211B97DE574} -> NI LVBrokerAux70
{3C40E494-1E6C-42B7-A7BC-02A5E148ED63} -> NI LabVIEW Real-Time ETS 8.0
{3C7B88E1-2C72-44CA-A883-62679DBBA36B} -> NI-DAQmx MAX Support 1.4.0
{3CD9E7BB-6347-479A-BB0C-0093C1AE6944} -> NI Software Provider for MAX
{3D284BAE-C39D-4733-9E00-C2C898F9177D} -> NI License Manager
{3DFF45F7-C12C-4A3A-BA9E-1946A4E92424} -> NI LabVIEW Real-Time Error Dialog
{3F92ABBB-6BBF-11D5-B229-002078017FBF} -> NetWaiting
{410438A3-B591-4028-B70A-3CC0B33FBCD1} -> 
{4159DD60-49C1-4323-A1A5-FB060CBA35C5} -> NI Measurement Studio Recipe Processor
{41BE0B6B-A0A0-4848-9DB5-92359D7BFB7D} -> NI DIO Core 141f1
{41DB6A17-FBF1-4E37-9311-416A1117CEC3} -> NI Multi-Variable Dialog
{421B4599-199F-453B-884A-9186394B1519} -> NI LabVIEW FIFO Support
{42938595-0D83-404D-9F73-F8177FDD531A} -> ESScore
{43DCF766-6838-4F9A-8C91-D92DA586DFA7} -> Microsoft Windows Journal Viewer
{4537EA4B-F603-4181-89FB-2953FC695AB1} -> netbrdg
{45A380B1-4EBC-489F-9A86-689F5BB5E1E8} -> NI DAQ Assistant 1.5.0
{45F0CC81-BFA7-4E00-8682-8595BA27C114} -> NI Assistant Framework LabVIEW Code Generator 7.1
{461BB471-0B29-4A85-8B8E-AD0D96F9BD12} -> NI SCXI 1.2.0
{489922DB-811B-417F-88B8-417ABC93A09A} -> NI-FGEN Driver Part 131f2
{48E80C20-00B3-11D4-AA4A-00C0580802FD} -> USB CompactFlash External Drive
{4960B043-C25F-4C85-B5DF-817448F4D31E} -> NI LabVIEW Deployable License 8.0
{496B9B49-C7CA-4F32-BD18-029D1C7105F0} -> NI Spy 2.3.0
{4AC87C2B-CA43-407A-9A2D-7C294B70BCDA} -> NI LabVIEW Report Generation Toolkit for MS Office 1.1.1
{4B4513B8-6DE1-4C97-9B20-EB9C9171EED7} -> NI LabVIEW FPGA Project Provider
{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF} -> Banctec Service Agreement
{4D4A7941-D506-45CA-87BE-C8661D30E2CD} -> NI Variable Engine Serial Support
{4E79CFA8-5FBA-4777-8B69-F52DEFF31BA7} -> NI-CAN - CAN/DNET Core
{5245702D-2693-4AAD-8286-052A4F07A034} -> NI-BROADCOM57XX 1.0.1f0 for Phar Lap ETS
{52E9161B-A065-4A2E-9B65-33D906378126} -> NI LabVIEW Real-Time Common Distribution Files
{5316DFC9-CE99-4458-9AB3-E8726EDE0210} -> skin0001
{54A4839E-87F8-4BD1-9682-A349E9943F0A} -> Amazon Unbox Video
{55BAE529-CCC3-432C-9FB7-4CF75CC415BE} -> NI LabVIEW DSC 8.0 examples
{567DE038-00EF-4C42-8492-3C53B81351BC} -> NI-488.2 Provider for MAX
{5A4A9B77-F0D5-4DF6-9BF9-9BB96562A10D} -> NI LabVIEW 8.0 gMath
{5A4AC082-8D61-442A-8A86-68869CB9BC80} -> NI MXS 4.0
{5B061FDE-E53E-4DDC-8532-D23F95A56B38} -> NI-IVI Provider for MAX
{5BCB370B-F341-45DF-BDEF-29E1F1291C2C} -> NI PXI Platform Services for Windows 1.5.1
{5C1A8800-9D79-43FF-9432-921ACB7AA69D} -> VZAccess Manager for RIM
{5CC48BBA-2D30-4EC7-8BEE-F133ECEEC67A} -> NI LabVIEW Real-Time Support for PCI-7041 (701D)
{5DC9049B-DEEB-429F-8B52-FEC48FC1E9FF} -> NI Remote Provider for MAX
{5E62845C-F953-4221-9EB3-7718E696C512} -> NI LabVIEW PID Control Toolset 6.0
{5E835305-63BB-4E55-BBB7-EEBBE67774DB} -> Sonic MyDVD
{5F32DBAE-B887-44A7-A3E1-34E2D7B5C38F} -> NI-MXDF 1.4.0f0 for Phar Lap ETS
{5F5E7797-67A8-432C-8319-2D2B2A687AE6} -> NI-DAQmx Documentation
{605A4E39-613C-4A12-B56F-DEFBE6757237} -> SHASTA
{607BCFFA-1FDA-4F56-AB36-1A4B2A003FD4} -> NI Variable Engine LabVIEW 8.0 Support
{608D2A3C-6889-4C11-9B54-A42F45ACBFDB} -> fflink
{60FC2242-9CF5-4264-B02A-A4A86447F560} -> NI EULA Depot
{6134FECC-3207-42A8-BE11-76F80260E416} -> NI Measurements eXtensions for PAL 1.3.0
{61662552-5E9A-46C1-9D79-97B3B53D4344} -> NI ModInst 1.1.1
{62DBBC58-6C51-4793-BA66-45012F8BA32C} -> NI LabVIEW Run-Time Engine 7.1.1
{633A8D0D-46B4-4161-9CFD-BFBE0FF08894} -> NI LabVIEW 8.0 Menus
{63569CE9-FA00-469C-AF5C-E5D4D93ACF91} -> Windows Genuine Advantage v1.3.0254.0
{64116298-93C5-401D-B06C-39D8E3338508} -> DAO
{64348585-B5D8-43E0-9D12-7BC9FC2B661C} -> NI LabVIEW DSC Module 8.0
{643EAE81-920C-4931-9F0B-4B343B225CA6} -> ESSBrwr
{664E5221-0C69-45BC-B3E0-E4B9736430DA} -> Modbus IO Server for Windows
{66563AD8-637B-407F-BCA7-0233A16891AB} -> Business Contact Manager for Outlook 2003
{66679848-5EFD-41E7-B06E-179D9ED70040} -> NI-DAQmx - LabVIEW shared documentation
{66D171AA-670F-4309-9C74-5BA7F7DBA0B3} -> Roxio Media Manager
{6704D1C7-0488-41EF-971C-12FB93685001} -> NI LabVIEW Express VI Development Toolkit 1.0
{6811CAA0-BF12-11D4-9EA1-0050BAE317E1} -> PowerDVD
{6846389C-BAC0-4374-808E-B120F86AF5D7} -> Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
{68D60342-7686-45C9-B8EB-40EF843D0460} -> Dell Networking Guide
{693C08A7-9E76-43FF-B11E-9A58175474C4} -> kgckids
{6E06C016-09D6-492A-8804-A6CC41224599} -> NI LabVIEW 8.0 Project
{6E82F407-333F-4A8B-B3F2-3AB9CC711737} -> NI-SMC9 1.2.0f0 for Phar Lap ETS
{6E867F5F-191E-4F87-AC87-DB1D7C2B2082} -> NI-ORB 1.3.0f2 for Phar Lap ETS
{6EF3B8BD-7ED2-4E4E-A05F-8F5B2F285A16} -> NI LabVIEW 8.0 VI.lib
{6F139AA4-624B-499A-A20F-AF20F552B494} -> NI PXI Platform Services for LabVIEW Real-Time 1.5.1
{6FC644ED-B118-4837-AE96-1828FC400E56} -> NI OPC Support
{708878B7-6B4C-42EB-AA0B-FD91339E228B} -> NI-DNET 1.4.2
{7092567A-0BF2-432A-85CB-3056F8CF9A80} -> NI LabVIEW DSC 8.0 resource
{7148F0A8-6813-11D6-A77B-00B0D0142000} -> Java 2 Runtime Environment, SE v1.4.2
{722AA6BA-DDCD-4D6B-A153-4F14F8EFE8AF} -> NI-VISA Runtime 3.4.1
{72691258-1A4C-47A3-9C38-2CCE68EC171B} -> NI-TNF 1.3.3f0 for Phar Lap ETS
{7413D055-3B56-4C73-99C8-47F741C69CA9} -> NI-VISA MAX Provider 3.4.1
{75AC4986-2A4C-4D15-8082-EB6D509E0181} -> NI-VISA for LabVIEW Real-Time 3.4.1
{75D6745B-2239-4182-A31F-F95CEBB35099} -> BlackBerry Desktop Software 4.2.2
{761C7705-C07C-47C1-9DEF-1C7B7E85C026} -> NI-Embedded RT Provider 1.1 for MAX
{76B88A8E-164F-430B-B8A4-402B53B8E8EB} -> NI Server Explorer 7.0
{774892EA-B255-4ED8-9678-16578B63E6AE} -> NI LabVIEW 8.0 Help File
{7C11F7B1-C286-4FA0-AD3D-1FB38BAA8986} -> NI LabVIEW 8.0
{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA} -> AnswerWorks 4.0 Runtime - English
{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D} -> DellSupport
{7F142D56-3326-11D5-B229-002078017FBF} -> Modem Helper
{7F7E92E4-A60C-4A6C-9D57-D04E577B8B20} -> NI LabVIEW 8.0 Help
{7FF9CD9C-6E0C-4462-9670-F424DCB32DAF} -> iTunes
{804A8A9F-E4F4-4A9F-B9F8-CB5218BCC058} -> NI LabVIEW Internet Toolkit 6.0
{81A34902-9D0B-4920-A25C-4CDC5D14B328} -> Jasc Paint Shop Pro 8
{81EDAA16-F0F3-400A-A967-A35B250EAC1E} -> SuperchipsUpdate
{831D3DD6-ED7A-42EE-8C59-72C793AF39C1} -> NI LabVIEW Real-Time Support for PXI-8190 (7175)
{838CFFD1-D4FC-4F9F-A66F-069C66533659} -> NI LabVIEW Real-Time files for cRIO-900x (705F)
{857594FA-206C-4937-8D9B-D096F737C17B} -> NI-TClk 1.4.1
{85BA7798-BFDB-4A26-99E1-1D685DD70D6C} -> NI Variable Engine
{85BC5C08-E73D-11D2-964D-444553540000} -> Point
{85D3CC30-8859-481A-9654-FD9B74310BEF} -> Musicmatch® Jukebox
{8769A3F3-6CD2-4C87-AEF3-F4D016EE7D56} -> NI LabVIEW 8.0 Resource
{879D59A5-FD51-44EE-91D2-734CA0DC91D8} -> NI LabVIEW RT Proxy
{87A63495-0073-488A-84A2-C915E1A99816} -> NI LabVIEW Real-Time Support for FieldPoint
{87C45EA9-AD01-4F41-BAED-FA34DBFDF602} -> NI LabVIEW 8.0 CINtools
{87D985A8-333C-42E3-A7A7-204EF1BBB8D1} -> NI LabVIEW Real-Time Support for cFP-21xx (7115)
{87F64F82-D571-4F51-A8FA-A36C273BA3C7} -> NI-PAL 1.10.0f0
{88BBB9A9-C034-466E-BB83-8197AFD1669C} -> NI LVBrokerAux8.0
{8943CE61-53BD-475E-90E1-A580869E98A2} -> staticcr
{89BC8F25-227E-4B16-AA7D-9879FA9A6DDF} -> NI Historical Data Viewer 5.1.2
{8A502E38-29C9-49FA-BCFA-D727CA062589} -> ESSTOOLS
{8A78D7F3-6D9F-4616-B813-4A7BF5495809} -> NI-DAQmx support for LabVIEW
{8A8664E1-84C8-4936-891C-BC1F07797549} -> kgcvday
{8AB1D901-D67B-4827-B7BD-CA048D2E4769} -> NI Fusion Standard Library
{8BAAFEB7-7DFD-47CE-978A-2B64E66F0C32} -> NI Example Finder 8.0
{8C64E145-54BA-11D6-91B1-00500462BE80} -> Microsoft Money 2004 System Pack
{8DF4BC37-2D90-4F99-8F20-7D5EB0679094} -> IVI Shared Component
{8E92D746-CD9F-4B90-9668-42B74C14F765} -> ESSini
{8F2735AA-F673-4818-8F33-FE9E5612EBDB} -> NI-CAN 2.3.1
{8F44DB53-9871-4416-97A3-10ED6143235A} -> NI LabVIEW Real-Time Module 8.0
{90170409-6000-11D3-8CFE-0050048383C9} -> Microsoft FrontPage 2002
{90D55A3F-1D99-4C94-A77E-46DC14F0BF08} -> Help and Support Customization
{91110409-6000-11D3-8CFE-0150048383C9} -> Microsoft Office Professional Edition 2003
{91517631-A9F3-4B7C-B482-43E0068FD55A} -> ESSgui
{92E160E5-0C7A-4DDA-9285-4B307547766D} -> NI-DAQmx Switch Core 1.6.0
{92E975F4-D3C2-4F27-8CF8-5510D02AAEEF} -> NI Assistant Framework LabVIEW Code Generator 6.1
{94F8151E-1946-4D81-9FBF-E167DF25954A} -> NI LabVIEW Run-Time Engine 8.0
{9541FED0-327F-4DF0-8B96-EF57EF622F19} -> Sonic RecordNow!
{958825BD-D7BF-4D59-8CD2-11978CC68A76} -> NI-FieldPoint 5.0
{958A44C8-F7D2-4F9C-B49C-24364DF365B1} -> NI LabVIEW DSC Module 8.0 - Shared Files
{95F578F6-E6BC-4743-BB82-9CE93E460074} -> NI-TNF 1.3.1f0 for Phar Lap ETS
{96E16100-A77F-4B31-B9AD-FFBA040EE1BD} -> Sound Blaster Live!
{9763E36A-08E9-4228-BBCE-12989A4EB1A8} -> QuickTime
{98DF85D9-96C0-4F57-A92E-C3539477EF5E} -> DVDSentry
{999D43F4-9709-4887-9B1A-83EBB15A8370} -> VPRINTOL
{9B114692-442E-46C7-8F01-797BF434024B} -> NI STC 1.2.0
{9B336660-03B8-40C2-BA95-1EA072945A64} -> NI LabVIEW 7.1 Real-Time Target Support
{9B79DCB0-AAD7-456B-8D07-433C936FA24B} -> DS21Patch
{9BD54685-1496-46A5-AB62-357CD140ED8B} -> kgcinvt
{9C3C2CC1-94E5-469E-98B7-A74125CC5827} -> NI Common Digital 1.2.0
{9DE980C5-926C-4BE0-B3CA-F18A3455FF1A} -> NI Timing 1.5.0
{9E0AE153-88DC-428B-99EB-6A3D984230B8} -> NI LabWindows/CVI 7.1.1 Run Time Engine
{9F17FA4D-409D-4DB4-BB2E-93949844BE74} -> NI IVI Engine 2.0
{9F6D6471-32F4-4583-960D-4FC956D0A04B} -> NI Portable Configuration
{9F9D38F6-C366-432C-AD75-4EAB1AF381A3} -> NI-CAN: Common LabVIEW code for NI CAN products
{9FFBB61F-4B1B-421C-8F34-7340458ED6B7} -> NI Assistant Framework LabVIEW Code Generator 8.0
{A038B7DE-A784-42BE-BB2B-D101E6223FC2} -> NI-HSDIO 1.4.1
{A03D8350-E95B-419A-906D-909ACEAB573D} -> NI-FieldPoint for LabVIEW Real-Time 4.2
{A14FB352-A8E8-4168-B6DB-7F98B5F9F10B} -> NI Modbus IO Server for LabVIEW Real-Time
{A1588373-1D86-4D44-86C9-78ABD190F9CC} -> kgcmove
{A17F7304-F24C-4401-9B73-C0957C13AF14} -> NI LabVIEW 8.0 Applibs
{A2AA1890-14B4-4252-A17E-7A338BC42D88} -> NI-DIM 1.3.0f0
{A308E927-90F0-4674-9CE5-FE99B72C0C0A} -> NI DSC CommonTools 8.0
{A3A913EA-38BB-48ED-B609-D9609163CBDD} -> NI Variable Manager
{A486EC47-2680-478C-BB60-EC59F3B9DB99} -> NI LabVIEW FPGA Support for Host Communication
{A790BEB1-BCCF-4EC6-807B-5708B36E8A79} -> Intel(R) PROSet
{A79E3B66-02E8-4EAA-861D-78059657127B} -> NI-STE10/100A 1.1.0f0 for Phar Lap ETS
{A84AA61C-9BB1-4C7A-8626-3E6EEB0DFDAF} -> NI-FieldPoint for LabVIEW Real-Time 4.0
{A9A281C2-EF84-4EB5-8D3D-0E23DDDFC3D7} -> NI LabVIEW 8.0 WWW
{A9C61320-FA84-4B54-AEAA-3BEFE95B6FA8} -> NI LabWindows/CVI 7.0 Code Generator
{AA8D8A7B-4606-420E-9FE9-E4C77B200857} -> NI Measurement & Automation Explorer 4.0
{AB7F05AC-F4CF-4355-8BB8-C3D443E1D2AF} -> NI Calibration Provider for MAX
{AC76BA86-7AD7-1033-7B44-A81200000003} -> Adobe Reader 8.1.2
{AC76BA86-7AD7-1033-7B44-A81200000003}_Adobe Reader 8.1.2 -> Adobe Reader 8.1.2 Security Update 1 (KB403742)
{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD} -> ESSCDBK
{AF2D3477-67D6-4EBF-9935-18FE1AD5C541} -> NI-INTEL8254X 1.2.0f0 for Phar Lap ETS
{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F} -> TurboTax ItsDeductible 2006
{B162D0A6-9A1D-4B7C-91A5-88FB48113C45} -> OfotoXMI
{B1AA8556-7F80-4F7B-8F6B-2E69D0C96298} -> Traditional NI-DAQ Documentation
{B1F27A23-B6D1-4397-BA2F-25F348DF135F} -> NI Uninstaller
{B3428FFA-367B-46B6-AFAF-34A63C77BAEE} -> NI-DAQ C and VB6 API
{B3A667C2-66F2-41FA-94CA-B5DD9A6F3380} -> Traditional NI-DAQ 7.4.1 (Legacy)
{B43543B0-1B58-45DF-94E2-669B1EF9D251} -> NI-ORB 1.3.0f2
{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992} -> CCScore
{B508B3F1-A24A-32C0-B310-85786919EF28} -> Microsoft .NET Framework 2.0 Service Pack 1
{B5C209B1-8DDB-4642-A573-375B951514CB} -> Apple Mobile Device Support
{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} -> Apple Software Update
{B8666F62-DA19-4F46-AF6E-723CF9C58EB7} -> NI LabVIEW 8.0 Manuals
{BBD2F68D-97FD-48CF-93BC-9E9C24B2B016} -> NI Logos 4.6
{BCBFC045-973F-4318-9607-B089E226AFF8} -> NI LabVIEW 8.0 Templates
{BCD6D492-DB6C-4582-8AE3-8EE9D4EAF74A} -> NI LabVIEW Broker
{BEA0A9C5-C1D9-40AF-A52D-C2D816ADE1D5} -> NI-MDBG 1.3.0f0
{C04ACAF1-E8AF-4CDD-B481-049044509A79} -> NI Logos 4.5
{C04E32E0-0416-434D-AFB9-6969D703A9EF} -> MSXML 4.0 SP2 (KB936181)
{C1D8CD08-C64C-4039-BE58-9289907344D7} -> NI-CAN Provider for MAX
{C4C5F96E-7B60-4C83-9D06-5D5CE65EB532} -> NI LabVIEW DSC 8.0 vi.lib
{C5078C26-8B75-411D-9806-27E2BBD61DF6} -> NI Remote PXI Provider for MAX
{C73A0FC7-FFDC-4BAD-912A-C5791FF9EAC6} -> NI Service Locator
{C7A1DFB5-36EB-45BD-8555-3DA9D32DA13F} -> NI LabVIEW Real-Time Support for Desktop PC (719C)
{C8DC9D2C-58EF-446E-8B4E-0791FBCD9108} -> NI LabVIEW DSC Module 8.0 - RTS
{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1
{CBEF7EA2-2E9F-4494-A03A-2A1EE25F0B89} -> NI LabVIEW FTP Client
{CC34AA5E-7BB7-4F18-B0D7-CBEAA26D04A5} -> NI LabVIEW Real-Time 7.0 for FieldPoint
{CC82342B-74FC-4BD6-AF8C-6CAEAC389DE9} -> NI Script Editor 1.3.1
{D0E27298-E2E6-468E-AE3B-2AB04D9F4389} -> NI LabVIEW 8.0 FPGA Compile Server
{D1CFC0BA-4337-4E43-B14E-69BB17E4F9E6} -> NI LabVIEW DSC 8.0 menus
{D2EB6337-42E5-4D6E-B01F-2FF9E30F4A06} -> NI Web Pipeline
{D32470A1-B10C-4059-BA53-CF0486F68EBC} -> Kodak EasyShare software
{D3439CB7-5F0E-493C-BD9F-E6CA41E8B27A} -> NI Hierarchical Waveform Storage 1.4.1
{D52C9738-48D3-48BE-A8B4-BDFE14A314DF} -> NI PID Toolkit
{D53330AD-A8BF-44D8-A955-C28753057FA8} -> NI LabVIEW 8.0 Activity
{D573DEA6-782D-4032-998D-18DA272DA38F} -> NI LabVIEW Run-Time Engine 7.0
{D66A4A76-D616-4BED-A96D-70B09FD53BA5} -> NI LabVIEW Real-Time Support for Compact Vision (7046)
{D6DE02C7-1F47-11D4-9515-00105AE4B89A} -> Paint Shop Pro 7
{D716A702-5C96-407C-A2FD-9CA86BAE7D38} -> NI LabVIEW Execution Trace Toolkit 1.0
{D75DA63A-6403-4268-AB34-90134DDF65D5} -> NI MIO Device Drivers 1.7.0
{D92D5431-B36E-498A-9E7B-521E53C8825A} -> NI-DAQmx 8.0
{D9952F01-1EBB-494B-AD8C-36BCA14B0FC4} -> POINT
{D9DC7038-9448-41BE-AEC3-122262D3ED0B} -> NI-FGEN 2.3.2
{DA19D5D8-70A7-439A-AD9E-78B0FB3FD66E} -> NI Citadel 5.2.0
{DB02F716-6275-42E9-B8D2-83BA2BF5100B} -> SFR
{DB208A8F-C379-44B4-A097-197D57668E3A} -> NI LabVIEW Real-Time Common Development Files
{DB24641C-675A-4DCA-9CC0-C57F92D062BF} -> NI LabVIEW FPGA Elemental I_O Common
{DB2C5648-700D-4AEF-83E1-70C72F0C34FA} -> NI Math Kernel Libraries
{DB4663C6-2E47-4B46-AD39-52F546D53809} -> NI-MRU 2.4.0f0
{DC25A68A-D49A-474F-B86D-86EB228553ED} -> NI-Embedded RT 1.0.1
{DCC87145-39A4-4A48-88A4-FB43B4D019AC} -> NI LabVIEW Real-Time BIOSUpdater
{DE00F74C-4E8F-4451-A8E2-B5FDDA0FE7C7} -> NI LabVIEW Real-Time Support for PXI-8186/8187 (7063)
{DEBA0D04-418C-4791-BF2D-046ED28B13D0} -> NI-DAQmx DSA Support 1.5.0
{DEF321A1-6E28-49A1-A5EC-DB79E647E51F} -> NI-DAQ Document Set
{DFC7D9F7-892A-489C-9B15-0211D63EAC44} -> NI LabVIEW 8.0 Instr.lib
{E040BA70-61B7-434E-A273-F62EB400AC4F} -> NI Session Manager 3.5
{E09B48B5-E141-427A-AB0C-D3605127224A} -> Microsoft SQL Server Desktop Engine
{E18B549C-5D15-45DA-8D8F-8FD2BD946344} -> kgcbaby
{E1C317D9-971C-4FAF-BE24-CC10EDFEAC4F} -> NI Enhanced DSC Deployment Support 8.0
{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} -> Windows Media Encoder 9 Series
{E3AD8913-0BF6-455C-92E3-5CDCD8C7D266} -> NI Instrument IO Assistant for LabVIEW 8.0
{E4A3D0CD-EEA2-458F-BBC8-DC174DCCAC3D} -> NI-Serial for LabVIEW Real-Time 2.5.6
{E4E2C976-D946-4A0F-A00B-D308B47899BA} -> NI LabVIEW Real-Time Support for FieldPoint (E001)
{E57C34B8-623E-4757-92D7-BBE17488E24D} -> NI IVI Class Drivers
{E646DCF0-5A68-11D5-B229-002078017FBF} -> Digital Line Detect
{E774EE17-5C69-4806-9739-B5F820B6F7F3} -> NI LabVIEW Integer Math and Analysis
{E79987F0-0E34-42CC-B8FF-6C860AEEB26A} -> tooltips
{E7CDB32A-128D-49DB-BF7F-1E96EA636D88} -> NI PXI Platform Services Provider for MAX 1.5.1
{E80100AB-73FB-43BD-9C3A-757A426C67E4} -> NI IO Server Provider
{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475} -> WexTech AnswerWorks
{EAAEEDD4-0609-47E8-B747-AF3D8E8AD88C} -> NI-Watchdog 2.1.4f0
{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168} -> Yahoo! Music Jukebox
{ED1617B8-98F7-412A-9502-BB9607CE17C3} -> NI Instrument I/O Assistant
{ED318768-B5F9-4102-9852-B2AAB68819B2} -> NI LabVIEW 8.0 Device Detection and Deployment Support
{ED9EAE31-5357-4962-B360-BCCFAD2DF4E2} -> NI FieldPoint MAX Provider
{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8} -> Microsoft Plus! for Windows XP
{F0043B43-1946-4246-A53D-FF77598FBB10} -> NI LabVIEW 8.0 FF Run-Time Engine Libs
{F14236D9-4B9A-4CEC-AE70-0E964020A0E7} -> NI Logos LabVIEW 8.0 Support
{F15D3F6D-2AE8-4490-8C6E-1F948030DA40} -> NI LabVIEW Real-Time ETS Target Support Files
{F189ED67-0ECF-4568-B8B8-DDB77984D836} -> NI-FieldPoint for LabVIEW Real-Time 6.1.3
{F228AA3C-4208-4005-A690-447FB9046C58} -> NI LabVIEW Real-Time Support for PXI-814x (7002)
{F22C222C-3CE2-4A4B-A83F-AF4681371ABE} -> kgcbase
{F2FC4CA5-BC77-4118-BC84-1542BF2EE06B} -> NI-DAQ Provider for MAX
{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F} -> SKINXSDK
{F80E2443-811E-4864-9AC7-0C6DDBED3186} -> NI LabVIEW C Interface
{F9593CFB-D836-49BC-BFF1-0E669A411D9F} -> WIRELESS
{F98A8B8A-1922-4C8D-9852-074A1DA3EB2A} -> NI HSD Core 142f3
{F993C3BF-D483-4B80-8EE7-8AB6F0E7450E} -> NI IVI Compliance Package 2.3
{FAE4CE60-F3C1-463A-98CF-7A810E26A4DB} -> NI DataSocket 4.3.0
{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B} -> Banctec Service Agreement
{FCDB1C92-03C6-4C76-8625-371224256091} -> ESSPDock
{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F} -> HighMAT Extension to Microsoft Windows XP CD Writing Wizard
{FFEC1925-09BC-493D-97FC-D27A364C9C8A} -> NI-488.2 for LabVIEW Real-Time 2.4.3
{FFF7F1C6-8524-4134-9F75-0DDBFCBF5471} -> NI Industrial Automation OPC Servers 5.1
9E7CC5B61905F067350816919F53936B5087164B -> Windows Driver Package - Superchips (FTD2XX) USB  (12/01/2005 3.01.02)
Adobe Flash Player Plugin -> Adobe Flash Player Plugin
American Greetings® Art & More Store -> American Greetings® Art & More Store
Any DWG DXF Converter_is1 -> Any DWG DXF Converter 2005.5.5
Any DWG to PDF Converter_is1 -> Any DWG to PDF Converter 2005.5.5
ATI Display Driver -> ATI Display Driver
AutoCAD R14.0 Uninstall -> AutoCAD R14.0
BlackBerry_{75D6745B-2239-4182-A31F-F95CEBB35099} -> BlackBerry Desktop Software 4.2.2
CCleaner -> CCleaner (remove only)
Citrix ICA Web Client -> Citrix ICA Web Client
CNXT_MODEM_PCI_VEN_14F1&DEV_2702 -> Conexant SmartHSFi V92 56K DF PCI Modem
CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1 -> Conexant D850 56K V.9x DFVc Modem
CopySafe Plugin -> CopySafe Plugin
Dell AIO Printer A940 -> Dell AIO Printer A940
Dell Digital Jukebox Driver -> Dell Digital Jukebox Driver
digitalEXPEDITION eXPerience -> digitalEXPEDITION eXPerience
FTD2XX -> FTDI FTD2XX USB Drivers
HijackThis -> HijackThis 2.0.2
IDNMitigationAPIs -> Microsoft Internationalized Domain Names Mitigation APIs
ie7 -> Windows Internet Explorer 7
InstallShield_{291A772C-FFB9-4681-B720-AB2A0A620896} -> Adobe Reader for Pocket PC 2.0
InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A} -> Amazon Unbox Video
IviSharedComponent -> IVI Shared Components
KB834707 -> Windows XP Hotfix - KB834707
KB867282 -> Windows XP Hotfix - KB867282
KB873333 -> Windows XP Hotfix - KB873333
KB873339 -> Windows XP Hotfix - KB873339
KB883939 -> Security Update for Windows XP (KB883939)
KB885250 -> Windows XP Hotfix - KB885250
KB885835 -> Windows XP Hotfix - KB885835
KB885836 -> Windows XP Hotfix - KB885836
KB885884 -> Windows XP Hotfix - KB885884
KB886185 -> Windows XP Hotfix - KB886185
KB887472 -> Windows XP Hotfix - KB887472
KB887742 -> Windows XP Hotfix - KB887742
KB888113 -> Windows XP Hotfix - KB888113
KB888302 -> Windows XP Hotfix - KB888302
KB890046 -> Security Update for Windows XP (KB890046)
KB890047 -> Windows XP Hotfix - KB890047
KB890175 -> Windows XP Hotfix - KB890175
KB890859 -> Windows XP Hotfix - KB890859
KB890923 -> Windows XP Hotfix - KB890923
KB891781 -> Windows XP Hotfix - KB891781
KB893066 -> Windows XP Hotfix - KB893066
KB893086 -> Windows XP Hotfix - KB893086
KB893756 -> Security Update for Windows XP (KB893756)
KB893803 -> Windows Installer 3.1 (KB893803)
KB893803v2 -> Windows Installer 3.1 (KB893803)
KB894391 -> Update for Windows XP (KB894391)
KB896358 -> Security Update for Windows XP (KB896358)
KB896422 -> Security Update for Windows XP (KB896422)
KB896423 -> Security Update for Windows XP (KB896423)
KB896424 -> Security Update for Windows XP (KB896424)
KB896428 -> Security Update for Windows XP (KB896428)
KB896688 -> Security Update for Windows XP (KB896688)
KB896727 -> Update for Windows XP (KB896727)
KB898458 -> Security Update for Step By Step Interactive Training (KB898458)
KB898461 -> Update for Windows XP (KB898461)
KB899587 -> Security Update for Windows XP (KB899587)
KB899588 -> Security Update for Windows XP (KB899588)
KB899589 -> Security Update for Windows XP (KB899589)
KB899591 -> Security Update for Windows XP (KB899591)
KB900485 -> Update for Windows XP (KB900485)
KB900725 -> Security Update for Windows XP (KB900725)
KB901017 -> Security Update for Windows XP (KB901017)
KB901214 -> Security Update for Windows XP (KB901214)
KB902400 -> Security Update for Windows XP (KB902400)
KB903235 -> Security Update for Windows XP (KB903235)
KB904706 -> Security Update for Windows XP (KB904706)
KB904942 -> Update for Windows XP (KB904942)
KB905414 -> Security Update for Windows XP (KB905414)
KB905749 -> Security Update for Windows XP (KB905749)
KB905915 -> Security Update for Windows XP (KB905915)
KB908519 -> Security Update for Windows XP (KB908519)
KB908531 -> Security Update for Windows XP (KB908531)
KB910437 -> Update for Windows XP (KB910437)
KB911280 -> Security Update for Windows XP (KB911280)
KB911562 -> Security Update for Windows XP (KB911562)
KB911564 -> Security Update for Windows Media Player (KB911564)
KB911565 -> Security Update for Windows Media Player 9 (KB911565)
KB911567 -> Security Update for Windows XP (KB911567)
KB911927 -> Security Update for Windows XP (KB911927)
KB912812 -> Security Update for Windows XP (KB912812)
KB912919 -> Security Update for Windows XP (KB912919)
KB913446 -> Security Update for Windows XP (KB913446)
KB913580 -> Security Update for Windows XP (KB913580)
KB914388 -> Security Update for Windows XP (KB914388)
KB914389 -> Security Update for Windows XP (KB914389)
KB914440 -> Hotfix for Windows XP (KB914440)
KB915865 -> Hotfix for Windows XP (KB915865)
KB916281 -> Security Update for Windows XP (KB916281)
KB916595 -> Update for Windows XP (KB916595)
KB917159 -> Security Update for Windows XP (KB917159)
KB917344 -> Security Update for Windows XP (KB917344)
KB917422 -> Security Update for Windows XP (KB917422)
KB917734_WMP9 -> Security Update for Windows Media Player 9 (KB917734)
KB917953 -> Security Update for Windows XP (KB917953)
KB918118 -> Security Update for Windows XP (KB918118)
KB918439 -> Security Update for Windows XP (KB918439)
KB918899 -> Security Update for Windows XP (KB918899)
KB919007 -> Security Update for Windows XP (KB919007)
KB920213 -> Security Update for Windows XP (KB920213)
KB920214 -> Security Update for Windows XP (KB920214)
KB920670 -> Security Update for Windows XP (KB920670)
KB920683 -> Security Update for Windows XP (KB920683)
KB920685 -> Security Update for Windows XP (KB920685)
KB920872 -> Update for Windows XP (KB920872)
KB921398 -> Security Update for Windows XP (KB921398)
KB921503 -> Security Update for Windows XP (KB921503)
KB921883 -> Security Update for Windows XP (KB921883)
KB922582 -> Update for Windows XP (KB922582)
KB922616 -> Security Update for Windows XP (KB922616)
KB922760 -> Security Update for Windows XP (KB922760)
KB922819 -> Security Update for Windows XP (KB922819)
KB923191 -> Security Update for Windows XP (KB923191)
KB923414 -> Security Update for Windows XP (KB923414)
KB923689 -> Security Update for Windows XP (KB923689)
KB923694 -> Security Update for Windows XP (KB923694)
KB923723 -> Security Update for Step By Step Interactive Training (KB923723)
KB923980 -> Security Update for Windows XP (KB923980)
KB924191 -> Security Update for Windows XP (KB924191)
KB924270 -> Security Update for Windows XP (KB924270)
KB924496 -> Security Update for Windows XP (KB924496)
KB924667 -> Security Update for Windows XP (KB924667)
KB925398_WMP64 -> Security Update for Windows Media Player 6.4 (KB925398)
KB925454 -> Security Update for Windows XP (KB925454)
KB925486 -> Security Update for Windows XP (KB925486)
KB925902 -> Security Update for Windows XP (KB925902)
KB926255 -> Security Update for Windows XP (KB926255)
KB926436 -> Security Update for Windows XP (KB926436)
KB927779 -> Security Update for Windows XP (KB927779)
KB927802 -> Security Update for Windows XP (KB927802)
KB927891 -> Update for Windows XP (KB927891)
KB928090-IE7 -> Security Update for Windows Internet Explorer 7 (KB928090)
KB928255 -> Security Update for Windows XP (KB928255)
KB928843 -> Security Update for Windows XP (KB928843)
KB929123 -> Security Update for Windows XP (KB929123)
KB929338 -> Update for Windows XP (KB929338)
KB929969 -> Security Update for Windows Internet Explorer 7 (KB929969)
KB930178 -> Security Update for Windows XP (KB930178)
KB930916 -> Update for Windows XP (KB930916)
KB931261 -> Security Update for Windows XP (KB931261)
KB931768-IE7 -> Security Update for Windows Internet Explorer 7 (KB931768)
KB931784 -> Security Update for Windows XP (KB931784)
KB931836 -> Update for Windows XP (KB931836)
KB932168 -> Security Update for Windows XP (KB932168)
KB932823-v3 -> Update for Windows XP (KB932823-v3)
KB933360 -> Update for Windows XP (KB933360)
KB933566-IE7 -> Security Update for Windows Internet Explorer 7 (KB933566)
KB933729 -> Security Update for Windows XP (KB933729)
KB935839 -> Security Update for Windows XP (KB935839)
KB935840 -> Security Update for Windows XP (KB935840)
KB936021 -> Security Update for Windows XP (KB936021)
KB936357 -> Update for Windows XP (KB936357)
KB936782_WMP10 -> Security Update for Windows Media Player 10 (KB936782)
KB936782_WMP9 -> Security Update for Windows Media Player 9 (KB936782)
KB937143-IE7 -> Security Update for Windows Internet Explorer 7 (KB937143)
KB937894 -> Security Update for Windows XP (KB937894)
KB938127-IE7 -> Security Update for Windows Internet Explorer 7 (KB938127)
KB938828 -> Update for Windows XP (KB938828)
KB938829 -> Security Update for Windows XP (KB938829)
KB939653-IE7 -> Security Update for Windows Internet Explorer 7 (KB939653)
KB941202 -> Security Update for Windows XP (KB941202)
KB941568 -> Security Update for Windows XP (KB941568)
KB941569 -> Security Update for Windows XP (KB941569)
KB941644 -> Security Update for Windows XP (KB941644)
KB941693 -> Security Update for Windows XP (KB941693)
KB942615-IE7 -> Security Update for Windows Internet Explorer 7 (KB942615)
KB942763 -> Update for Windows XP (KB942763)
KB943055 -> Security Update for Windows XP (KB943055)
KB943460 -> Security Update for Windows XP (KB943460)
KB943485 -> Security Update for Windows XP (KB943485)
KB944533-IE7 -> Security Update for Windows Internet Explorer 7 (KB944533)
KB944653 -> Security Update for Windows XP (KB944653)
KB945553 -> Security Update for Windows XP (KB945553)
KB946026 -> Security Update for Windows XP (KB946026)
KB947864-IE7 -> Hotfix for Windows Internet Explorer 7 (KB947864)
KB948590 -> Security Update for Windows XP (KB948590)
KB948881 -> Security Update for Windows XP (KB948881)
KB950749 -> Security Update for Windows XP (KB950749)
KB950759-IE7 -> Security Update for Windows Internet Explorer 7 (KB950759)
KB950760 -> Security Update for Windows XP (KB950760)
KB950762 -> Security Update for Windows XP (KB950762)
KB951376 -> Security Update for Windows XP (KB951376)
KB951376-v2 -> Security Update for Windows XP (KB951376-v2)
KB951698 -> Security Update for Windows XP (KB951698)
KB951748 -> Security Update for Windows XP (KB951748)
Lotus Notes -> Lotus Notes
M928366 -> Microsoft .NET Framework 1.1 Hotfix (KB928366)
Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1  (1033) -> Microsoft .NET Framework 1.1
Microsoft Money for the Pocket PC -> Microsoft Money for the Pocket PC
Money2006b -> Microsoft Money 2006
MSC -> McAfee SecurityCenter
NI Uninstaller -> National Instruments Software
NLSDownlevelMapping -> Microsoft National Language Support Downlevel APIs
Pocket DVD Wizard 2005 -> Pocket DVD Wizard 2005
PocketDVDStudio -> Pocket-DVD Studio(remove only)
PokerStars -> PokerStars
PokerStars.net -> PokerStars.net
PrintMaster 7.00 -> PrintMaster 7.00
PROSet -> Intel(R) PRO Network Adapters and Drivers
RealPlayer 6.0 -> RealPlayer
Shockwave -> Shockwave
ShockwaveFlash -> Adobe Flash Player 9 ActiveX
StreetPlugin -> Learn2 Player (Uninstall Only)
TurboTax Deluxe 2003 -> TurboTax Deluxe 2003
TurboTax Deluxe 2005 -> TurboTax Deluxe 2005
TurboTax Deluxe Deduction Maximizer 2006 -> TurboTax Deluxe Deduction Maximizer 2006
TurboTax Home & Business 2007 -> TurboTax Home & Business 2007
TurboTax Premier 2004 -> TurboTax Premier 2004
Ultimate Mahjongg 5 -> Ultimate Mahjongg 5
WebPost -> Microsoft Web Publishing Wizard 1.52
WgaNotify -> Windows Genuine Advantage Notifications (KB905474)
Windows CE Services -> Microsoft ActiveSync 3.7
Windows Media Encoder 9 -> Windows Media Encoder 9 Series
Windows Media Format Runtime -> Windows Media Format Runtime
Windows Media Player -> Windows Media Player 10
Windows XP Service Pack -> Windows XP Service Pack 2


[Files/Folders - Created Within 30 days]
3609b9e2cd2fa019e91e2932b758ba -> %SystemDrive%\3609b9e2cd2fa019e91e2932b758ba ->  [Folder | Created Date = 9/10/2008 10:31:36 PM | Attr =	]
382e2455adad1897b6 -> %SystemDrive%\382e2455adad1897b6 ->  [Folder | Created Date = 9/11/2008 6:40:48 AM | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes ->  [Folder | Created Date = 9/11/2008 7:57:41 PM | Attr =	]
Adobe -> %AppData%\Adobe ->  [Folder | Created Date = 9/23/2008 5:57:54 PM | Attr =	]
Adobe -> %UserProfile%\Local Settings\Application Data\Adobe ->  [Folder | Created Date = 9/23/2008 5:57:54 PM | Attr =	]
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> MD5 = 9E76733A6EB2A69A17AEBBE63B233AEC |  [Ver =  | Size = 696 bytes | Created Date = 9/11/2008 7:57:43 PM | Attr =	]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> MD5 = A74622317A51DA126C4A48CE7416EC51 |  [Ver =  | Size = 1734 bytes | Created Date = 9/11/2008 8:18:23 PM | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Created Date = 9/10/2008 8:50:32 PM | Attr =	]
CCleaner -> %ProgramFiles%\CCleaner ->  [Folder | Created Date = 9/10/2008 9:14:08 PM | Attr =	]
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware ->  [Folder | Created Date = 9/11/2008 7:57:40 PM | Attr =	]
Trend Micro -> %ProgramFiles%\Trend Micro ->  [Folder | Created Date = 9/11/2008 8:18:22 PM | Attr =	]

[Files/Folders - Modified Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> Unable to obtain MD5 |  [Ver =  | Size = 535891968 bytes | Modified Date = 9/23/2008 9:21:38 PM | Attr =  HS]
logfile -> %SystemDrive%\logfile -> MD5 = FEA988E21AA22F94454FA121F4BA915B |  [Ver =  | Size = 45949 bytes | Modified Date = 9/23/2008 9:28:18 PM | Attr =	]
Config.MPF -> %SystemRoot%\System32\Config.MPF -> MD5 = DA4B3800C3BB517A656AEF1398CAEAA7 |  [Ver =  | Size = 15142 bytes | Modified Date = 9/23/2008 9:19:39 PM | Attr =	]
2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
WPA.DBL -> %SystemRoot%\System32\WPA.DBL -> MD5 = F23C48A9CB1C0F2C3A50CEC609CAABB9 |  [Ver =  | Size = 1170 bytes | Modified Date = 9/23/2008 5:35:28 PM | Attr =	]
BOOTSTAT.DAT -> %SystemRoot%\BOOTSTAT.DAT -> MD5 = 6A2CB42966136854F4464516FBB4AE72 |  [Ver =  | Size = 2048 bytes | Modified Date = 9/23/2008 9:21:40 PM | Attr =   S]
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
pskt.ini -> %SystemRoot%\pskt.ini -> MD5 = 53E7D525080B502DB02C37A646C43EE4 |  [Ver =  | Size = 22 bytes | Modified Date = 9/10/2008 10:13:23 PM | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help ->  [Folder | Modified Date = 8/2/2008 3:08:30 PM | Attr =	]
hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat -> MD5 = 213631873468CFB73F70C779B2FEE467 |  [Ver =  | Size = 15179 bytes | Modified Date = 8/3/2008 7:40:26 PM | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\Money\12.0\Webcache\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\12.0\Webcache ->  [Folder | Modified Date = 10/28/2005 2:06:47 PM | Attr =	]
about.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\12.0\Webcache\about.dat -> MD5 = 542B22E5501B3B7FEAD3D06496127BE7 |  [Ver =  | Size = 1528 bytes | Modified Date = 6/18/2003 1:00:00 PM | Attr =	]
college.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\12.0\Webcache\college.dat -> MD5 = 4AD6E8D3738A80CEBCF4386CB84C2296 |  [Ver =  | Size = 327746 bytes | Modified Date = 6/18/2003 1:00:00 PM | Attr =	]
moreinfo.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\12.0\Webcache\moreinfo.dat -> MD5 = C940DCC03C0C9948636D3FB06412B8F7 |  [Ver =  | Size = 102 bytes | Modified Date = 6/18/2003 1:00:00 PM | Attr =	]
ylpgscat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\12.0\Webcache\ylpgscat.dat -> MD5 = 1B7F21410595FB3B3FA4086FF55820A1 |  [Ver =  | Size = 12283223 bytes | Modified Date = 6/18/2003 1:00:00 PM | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 11/5/2003 10:37:23 PM | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> MD5 = 7CAF2FF86D7A4CCCFC20309DA932C972 |  [Ver =  | Size = 4232 bytes | Modified Date = 7/23/2008 7:29:12 AM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> MD5 = 5BD7126054E61A86B91F6F6D17F5C6F7 |  [Ver =  | Size = 4617 bytes | Modified Date = 7/23/2008 7:29:12 AM | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA ->  [Folder | Modified Date = 4/4/2006 5:39:09 AM | Attr =	]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\data.dat -> MD5 = BFF9330D983F6313936C4A9AD754CD7A |  [Ver =  | Size = 1394 bytes | Modified Date = 4/4/2006 4:37:10 PM | Attr =	]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> MD5 = 878FE247687DBA37CE30D892347AC7C4 |  [Ver =  | Size = 11068 bytes | Modified Date = 11/6/2003 5:03:52 PM | Attr =	]
C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp ->  [Folder | Modified Date = 9/23/2008 9:29:56 PM | Attr =	]
Perflib_Perfdata_5c4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5c4.dat -> Unable to obtain MD5 |  [Ver =  | Size = 16384 bytes | Modified Date = 9/23/2008 9:23:38 PM | Attr =	]
Perflib_Perfdata_5f4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5f4.dat -> Unable to obtain MD5 |  [Ver =  | Size = 16384 bytes | Modified Date = 9/23/2008 9:23:40 PM | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> MD5 = 9E76733A6EB2A69A17AEBBE63B233AEC |  [Ver =  | Size = 696 bytes | Modified Date = 9/11/2008 7:57:43 PM | Attr =	]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> MD5 = A74622317A51DA126C4A48CE7416EC51 |  [Ver =  | Size = 1734 bytes | Modified Date = 9/11/2008 8:18:23 PM | Attr =	]

[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
C:\WINDOWS\Thumbs.db:encryptable 0 bytes
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1
< Document and Settings folder & sub folders >
scanning hidden files ...
IPC error: 2 The system cannot find the file specified.
C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 104 bytes
C:\Documents and Settings\All Users\Documents\AOL Downloads
C:\Documents and Settings\All Users\Documents\DESKTOP.INI 129 bytes
C:\Documents and Settings\All Users\Documents\Incomplete
C:\Documents and Settings\All Users\Documents\My Music
C:\Documents and Settings\All Users\Documents\My Music\Desktop.ini 151 bytes
C:\Documents and Settings\All Users\Documents\My Music\MUSIC.ASX 768 bytes
C:\Documents and Settings\All Users\Documents\My Music\MUSIC.BMP 18488 bytes
C:\Documents and Settings\All Users\Documents\My Music\MUSIC.WMA 3492199 bytes
C:\Documents and Settings\All Users\Documents\My Music\My Playlists
C:\Documents and Settings\All Users\Documents\My Music\Sample Music
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma 613638 bytes
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\DESKTOP.INI 70 bytes
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma 760748 bytes
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0019F2E2
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0019F2E2\Plylst1.wpl 1250 bytes
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0019F2E2\Plylst10.wpl 787 bytes
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0019F2E2\Plylst11.wpl 789 bytes
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0019F2E2\Plylst12.wpl 1451 bytes
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0019F2E2\Plylst13.wpl 783 bytes
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0019F2E2\Plylst14.wpl 775 bytes
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0019F2E2\Plylst15.wpl 733 bytes
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0019F2E2\Plylst2.wpl 1049 bytes
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0019F2E2\Plylst3.wpl 1474 bytes
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0019F2E2\Plylst4.wpl 1448 bytes
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0019F2E2\Plylst5.wpl 1477 bytes
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0019F2E2\Plylst6.wpl 1477 bytes
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0019F2E2\Plylst7.wpl 1046 bytes
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0019F2E2\Plylst8.wpl 1036 bytes
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\0019F2E2\Plylst9.wpl 784 bytes
C:\Documents and Settings\All Users\Documents\My Pictures
C:\Documents and Settings\All Users\Documents\My Pictures\Desktop.ini 150 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg 28521 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\DESKTOP.INI 42 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg 71189 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db 7680 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes hidden from API
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg 83794 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg 105542 bytes
C:\Documents and Settings\All Users\Documents\My Videos
C:\Documents and Settings\All Users\Documents\My Videos\Desktop.ini 151 bytes
C:\Documents and Settings\Jeff\.limewire\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\Desktop\Camp Pics 10-2-05\Camp Pics 4-11-04\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\Desktop\Camp Pics 10-2-05\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\Desktop\natalies pics\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\Desktop\Pictures\Jamaica 2005\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\Desktop\Pocket PC Software\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\Desktop\Unused Desktop Shortcuts\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\Favorites\$100k+ Jobs in Operations - Operations Job Search Engine.url:favicon 1150 bytes
C:\Documents and Settings\Jeff\Favorites\Allrecipes - Recipe Search.url:favicon 1078 bytes
C:\Documents and Settings\Jeff\Favorites\Car stuff\SS Emblem Inlay Decal.url:favicon 894 bytes
C:\Documents and Settings\Jeff\Favorites\Dell\Dell.url:favicon 3638 bytes
C:\Documents and Settings\Jeff\Favorites\Home Page with search\Google.url:favicon 1406 bytes
C:\Documents and Settings\Jeff\Favorites\Home Page with search\HOME - Comcast.net.url:favicon 10134 bytes
C:\Documents and Settings\Jeff\Favorites\Links\Boscovs.url:favicon 318 bytes
C:\Documents and Settings\Jeff\Favorites\Links\Cap1.url:favicon 894 bytes
C:\Documents and Settings\Jeff\Favorites\Links\Chase.url:favicon 894 bytes
C:\Documents and Settings\Jeff\Favorites\Links\Dell.url:favicon 4710 bytes
C:\Documents and Settings\Jeff\Favorites\Links\DISH.url:favicon 894 bytes
C:\Documents and Settings\Jeff\Favorites\Links\Dominion.url:favicon 1150 bytes
C:\Documents and Settings\Jeff\Favorites\Links\GMAC.url:favicon 3638 bytes
C:\Documents and Settings\Jeff\Favorites\Links\HomeDepot.url:favicon 318 bytes
C:\Documents and Settings\Jeff\Favorites\Links\Lowe's.url:favicon 3574 bytes
C:\Documents and Settings\Jeff\Favorites\Links\Prov.url:favicon 318 bytes
C:\Documents and Settings\Jeff\Favorites\Links\Summit.url:favicon 3574 bytes
C:\Documents and Settings\Jeff\Favorites\MapQuest.url:favicon 1406 bytes
C:\Documents and Settings\Jeff\Favorites\Medical Claims\Highmark Blue Cross Blue Shield.url:favicon 318 bytes
C:\Documents and Settings\Jeff\Favorites\Model Information - Online Ordering Guide.url:favicon 3574 bytes
C:\Documents and Settings\Jeff\Favorites\Norwin High School - Class of 1988.url:favicon 1406 bytes
C:\Documents and Settings\Jeff\Favorites\Pennsylvania Snow Depth and Snow Accumulation.url:favicon 3638 bytes
C:\Documents and Settings\Jeff\Favorites\The MacScouter -- Scouting Resources Online.url:favicon 318 bytes
C:\Documents and Settings\Jeff\Favorites\TrailBlazerSS.com - GM News-Rumors-Info-Press Releases  Chevrolet TrailBlazer SS.url:favicon 3638 bytes
C:\Documents and Settings\Jeff\Junk\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\1996 Lowrider_files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\My Music\Hinder\Extreme Behavior\Hinder - By The Way.mp3:Roxio EMC Stream 76 bytes
C:\Documents and Settings\Jeff\My Documents\My Music\Hinder\Extreme Behavior\Hinder - Better Than Me.mp3:Roxio EMC Stream 76 bytes
C:\Documents and Settings\Jeff\My Documents\My Music\Hinder\Extreme Behavior\Hinder - Bliss (I Don't Wanna KNow).mp3:Roxio EMC Stream 76 bytes
C:\Documents and Settings\Jeff\My Documents\My Music\Hinder\Extreme Behavior\Hinder - Get Stoned.mp3:Roxio EMC Stream 76 bytes
C:\Documents and Settings\Jeff\My Documents\My Music\Hinder\Extreme Behavior\Hinder - Homecoming Queen.mp3:Roxio EMC Stream 76 bytes
C:\Documents and Settings\Jeff\My Documents\My Music\Hinder\Extreme Behavior\Hinder - How Long.mp3:Roxio EMC Stream 76 bytes
C:\Documents and Settings\Jeff\My Documents\My Music\Hinder\Extreme Behavior\Hinder - Lips Of An Angel.mp3:Roxio EMC Stream 76 bytes
C:\Documents and Settings\Jeff\My Documents\My Music\Hinder\Extreme Behavior\Hinder - Nothin Good About Goodbye.mp3:Roxio EMC Stream 76 bytes
C:\Documents and Settings\Jeff\My Documents\My Music\Hinder\Extreme Behavior\Hinder - Room.mp3:Roxio EMC Stream 76 bytes
C:\Documents and Settings\Jeff\My Documents\My Music\Hinder\Extreme Behavior\Hinder - Shoulda.mp3:Roxio EMC Stream 76 bytes
C:\Documents and Settings\Jeff\My Documents\My Music\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\My Music\From Internet\Music 11-25-2004\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\My Pictures\1996 Ranger\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\My Pictures\2008-01-05\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\My Pictures\2008-03-20\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\My Pictures\Alex and Joe's Birthday 2008\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\My Pictures\Big City\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\My Pictures\Camp 2-13-05\100OLYMP\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\My Pictures\Camp 3-13-05\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\My Pictures\Camp 3-30-05\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\My Pictures\Camp 6-15-06\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\My Pictures\Camp 6-2-06\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\My Pictures\Camp 7-23-06\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\My Pictures\Camp 8-27-06\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\My Pictures\Holiday\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\My Pictures\Jamaica 2005\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\My Pictures\Japan 2008\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\My Pictures\Jay & Nicole's Jamaica Wedding\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\My Pictures\Maps\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\My Pictures\Microsoft Clip Organizer\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\My Pictures\Natalie Graduation\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\My Pictures\Nicole's Pictures\100OLYMP\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\My Pictures\Nicole's Pictures\100OLYMP2\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\My Pictures\Punta Cana 2\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\My Pictures\Ranger\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\My Pictures\Rims\ebay pics\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\My Pictures\Rims\ebay pics2\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\My Pictures\Rims\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\My Pictures\Scenic\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\My Pictures\seven springs 2004\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\My Pictures\sfr\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\My Pictures\Snowball03\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\My Pictures\V1253 Zoom Digital Camera\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\My Pictures\Various\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\My Pictures\wheeling\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\My Pictures\ebay ranger pics\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\My Videos\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\PennTek\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\Pocket_PC My Documents\My Pictures\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\Power Point Presentation\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\Ford Tech\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\T&C Mortgage\Shawgo Real Estate (Seneca)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\T&C Mortgage\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\T&C Mortgage\Point (D)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\TurboTax\Tax Publications\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\Micro I\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jeff\My Documents\Micro I\Lab 6\Thumbs.db:encryptable 0 bytes
scan completed successfully
hidden files: 257

< End of report >


#7 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:38 AM

Posted 24 September 2008 - 07:43 PM

Hello, jaerre.
We need to run an OTScanIt Fix
  • Please reopen Posted Image
  • Click on Posted Image
  • In the Posted Image area copy and paste in the following (Do not include the word CODE)
    [Kill Explorer]
    [Unregister Dlls]
    [Driver Services - Non-Microsoft Only]
    YY -> (ENTECH) ENTECH [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\ENTECH.SYS
    YY -> (iAimTV2) iAimTV2 [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\wATV03nt.sys
    YY -> (PCASp50) PCASp50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\PCASp50.sys
    YY -> (SDDMI2) SDDMI2 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DDMI2.sys
    YY -> (wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\wanatw4.sys
    [Registry - Non-Microsoft Only]
    < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    YN -> ~EmptyValue -> []
    < Drives with AutoRun files > -> 
    YY -> Autoruns.zip [PK | ] -> E:\Autoruns.zip [ FAT32 ]
    YY -> Autoruns [] -> E:\Autoruns [ FAT32 ]
    YN -> Hosts file not found -> 
    < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    YN -> {878F8BE9-964E-46D8-9AB5-985C4D871200} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\ssqOEWPF.dll [Reg Error: Value  does not exist or could not be read.]
    YN -> {92294A34-5287-4B06-B349-2D2F7B0B21B7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
    YN -> {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
    < Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
    YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
    < Internet Explorer Bars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
    YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
    < Internet Explorer Bars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
    YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
    < Internet Explorer Bars [HKEY_USERS\S-1-5-21-860058152-2078134388-2103317717-500\] > -> HKEY_USERS\S-1-5-21-860058152-2078134388-2103317717-500\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
    YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
    [Registry - Additional Scans - Non-Microsoft Only]
    < Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
    YN -> {410438A3-B591-4028-B70A-3CC0B33FBCD1} -> 
    [Files/Folders - Created Within 30 days]
    NY -> 3609b9e2cd2fa019e91e2932b758ba -> %SystemDrive%\3609b9e2cd2fa019e91e2932b758ba
    NY -> 382e2455adad1897b6 -> %SystemDrive%\382e2455adad1897b6
    [Files/Folders - Modified Within 30 days]
    NY -> 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
    NY -> 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
    [Empty Temp Folders]
    [Start Explorer]
    [Reboot]
  • Press the Posted Image button.
  • Copy/Paste the resultant report in a reply here
In your next reply, please include the following:
  • OtScanIt Fix Report
  • A New HiJack This log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#8 jaerre

jaerre
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 24 September 2008 - 09:02 PM

Billy,

I tried to run the fix as described, however, as soon as I press the "Run Fix" button, all of my desktop icons disappeared. After several minutes of waiting, I checked Task Manager only to find the my CPU usage at 50% and Otscanit "not responding". I rebooted and tried again with the same results.

J

#9 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:38 AM

Posted 24 September 2008 - 09:12 PM

Hello, jaerre.

Alright.. let's try one more time. I have slightly modified the fix :thumbsup:

We need to run an OTScanIt Fix
  • Please reopen Posted Image
  • Click on Posted Image
  • In the Posted Image area copy and paste in the following (Do not include the word CODE)
    [Kill Explorer]
    [Unregister Dlls]
    [Registry - Non-Microsoft Only]
    < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    YN -> ~EmptyValue -> []
    < Drives with AutoRun files > -> 
    YY -> Autoruns.zip [PK | ] -> E:\Autoruns.zip [ FAT32 ]
    YY -> Autoruns [] -> E:\Autoruns [ FAT32 ]
    YN -> Hosts file not found -> 
    < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    YN -> {878F8BE9-964E-46D8-9AB5-985C4D871200} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\ssqOEWPF.dll [Reg Error: Value  does not exist or could not be read.]
    YN -> {92294A34-5287-4B06-B349-2D2F7B0B21B7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
    YN -> {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
    < Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
    YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
    < Internet Explorer Bars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
    YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
    < Internet Explorer Bars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
    YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
    < Internet Explorer Bars [HKEY_USERS\S-1-5-21-860058152-2078134388-2103317717-500\] > -> HKEY_USERS\S-1-5-21-860058152-2078134388-2103317717-500\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
    YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
    [Registry - Additional Scans - Non-Microsoft Only]
    < Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
    YN -> {410438A3-B591-4028-B70A-3CC0B33FBCD1} -> 
    [Files/Folders - Created Within 30 days]
    NY -> 3609b9e2cd2fa019e91e2932b758ba -> %SystemDrive%\3609b9e2cd2fa019e91e2932b758ba
    NY -> 382e2455adad1897b6 -> %SystemDrive%\382e2455adad1897b6
    [Files/Folders - Modified Within 30 days]
    NY -> 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
    NY -> 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
    [Empty Temp Folders]
    [Start Explorer]
    [Reboot]
  • Press the Posted Image button.
  • Copy/Paste the resultant report in a reply here
In your next reply, please include the following:
  • OtScanIt Fix Report
  • A New HiJack This log

Billy3
[/quote]
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#10 jaerre

jaerre
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 25 September 2008 - 04:53 PM

Billy,

Still no luck. Here is exactly what I am doing and how I am doing it.

1. Boot infected computer (takes several minutes to get to user log in page)
2. Log in as Administrator (takes several more minutes to log in and get to desktop)
3. Install USB memory stick that has OTScanIt program and the fix file in a .txt document (I can not copy anything to the infected PC. I can only run from the memory stick) I was able to run from the memory stick initially to post my original OTScanIt file.
4. Open OTScanIt program from my memory stick (drive E)
5. Open .txt file and select all, then copy
6. Right click and paste into "Paste Fix Here"
7. Click "Run Fix"

At that point, all of the desktop icons including start button, task bar, and clock disappear. The background remains. OTScanIt program indicates "Running fix..." in lower left corner and hour class is frozen. After several minutes of waiting with no change I can see this program is not responding.

Can I make any changes manually or is this too complicated?

J.

#11 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:38 AM

Posted 25 September 2008 - 05:08 PM

Hello, jaerre.

I didn't know this machine didn't have internet access. Lets go about this a different way then.

We need to run ComboFix.In your next reply, please include the following:
  • ComboFix.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#12 jaerre

jaerre
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 25 September 2008 - 07:10 PM

Billy,

When I try to install the windows recovery console, I get an erro message indicating the version of Windows XP on my PC is newer than the version on the CD. My original CD only had service pack 1 and I am running service pack 2.

Should I go ahead with the ComboFix anyway?

J

#13 jaerre

jaerre
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 25 September 2008 - 07:33 PM

Billy,

I was able to download the correct SP2 file for windows recovery, however, as previously stated, I can NOT drag and drop. I can not move the file over the ComboFix file for installation.

Please advise
Thanks,
J

#14 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:38 AM

Posted 25 September 2008 - 07:44 PM

So long as you have the origonal CD, that will be fine for now. Go ahead and run CF anywaya (But only if you have a windows installation disk available that we can use)

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#15 jaerre

jaerre
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 25 September 2008 - 07:47 PM

I do have the original Windows XP disk from Dell as part of their Reinstallation CD pack. Do I need to have any other disks?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users