Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Heeeelp


  • This topic is locked This topic is locked
12 replies to this topic

#1 Lov3

Lov3

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:52 AM

Posted 21 November 2008 - 06:48 PM

Hi,

I left my computer on for half a day and when I came back:
- I had all these fake "your computer is infected, scan your computer with..."
- I couldn't launch or update AVG
- All the virus scan online (TrendMicro, Panda, Bitdefender, etc.) shut down before the end of the scan
- The antispyware I launched (Ad-Aware, Spybot, Super Antispyware) found the same spyswares/malwares over and over again without really cleaning anything

I uninstalled AVG, installed AVAST and launched it succesfully while booting.

Everything is OK now, but I'm definitely sure I'm not clean.
Could you help me please?

Here is the HJT log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:34:47 PM, on 11/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {27a4ddb3-77ac-3b2b-fbe4-ea073e80aca2} - {2aca08e3-70ae-4ebf-b2b3-ca773bdd4a72} - C:\WINDOWS\system32\qquuhh.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {73259091-9574-4ED8-A40F-7F65AFC28634} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A002397B-B8E1-4AAB-A04F-CD02878C4AEA} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O18 - Protocol: bw+0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: qquuhh.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/MAYACA~1/LOCALS~1/Temp/msohtml1/01/clip_image002.gif

--
End of file - 19658 bytes

BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:52 AM

Posted 21 November 2008 - 07:05 PM

Hello Lov3

Welcome to BleepingComputer :thumbsup:
========================
Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
===========================================
Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
      FIle - Lop check
      File - Purity Scan
      Under Basic scans:
      Rootkit Search -Yes
      Drivers -Non Microsoft
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Attach the information back here. I will review it when it comes in.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 Lov3

Lov3
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:52 AM

Posted 21 November 2008 - 07:40 PM

Here it is:

OTScanIt logfile created on: 11/21/2008 7:26:04 PM
OTScanIt by OldTimer - Version 1.0.19.0	 Folder = C:\Documents and Settings\Maya Camou\Desktop\OTScanIt
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 68.25% Memory free
3.85 Gb Paging File | 3.38 Gb Available in Paging File | 87.81% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 181.36 Gb Total Space | 23.18 Gb Free Space | 12.78% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LUCLAZ
Current User Name: Maya Camou
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On

[Processes - Non-Microsoft Only]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 16056 bytes | Modified Date = 7/19/2008 10:25:06 AM | Attr =	]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 147640 bytes | Modified Date = 7/19/2008 10:38:28 AM | Attr =	]
ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 250040 bytes | Modified Date = 7/19/2008 10:38:04 AM | Attr =	]
ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 8, 1229, 0 | Size = 348344 bytes | Modified Date = 7/23/2008 10:25:45 AM | Attr =	]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.4.6 08Mar06 | Size = 761947 bytes | Modified Date = 3/8/2006 11:48:02 AM | Attr =	]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 78008 bytes | Modified Date = 7/19/2008 10:38:34 AM | Attr =	]
skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe -> Skype Technologies S.A. [Ver = 3.2.0.85 | Size = 24184360 bytes | Modified Date = 4/11/2007 6:15:40 PM | Attr =	]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.9.0.4 | Size = 307712 bytes | Modified Date = 11/14/2008 8:33:32 PM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 11/27/2006 9:20:30 PM | Attr =	]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 16056 bytes | Modified Date = 7/19/2008 10:25:06 AM | Attr =	]
(Autodesk Licensing Service) Autodesk Licensing Service [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Autodesk Shared\Service\AdskScSrv.exe -> Autodesk, Inc. [Ver = 2.51.000 | Size = 74360 bytes | Modified Date = 12/7/2006 9:54:38 AM | Attr =	]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 147640 bytes | Modified Date = 7/19/2008 10:38:28 AM | Attr =	]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 250040 bytes | Modified Date = 7/19/2008 10:38:04 AM | Attr =	]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 8, 1229, 0 | Size = 348344 bytes | Modified Date = 7/23/2008 10:25:45 AM | Attr =	]
(DSBrokerService) DSBrokerService [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe ->  [Ver = 1, 0, 0, 8 | Size = 76848 bytes | Modified Date = 3/7/2007 3:47:46 PM | Attr =	]
(NMIndexingService) NMIndexingService [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Nero\Lib\NMIndexingService.exe -> File not found
(SentinelProtectionServer) Sentinel Protection Server [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -> SafeNet, Inc [Ver = 7, 2, 1 | Size = 206400 bytes | Modified Date = 3/14/2006 6:22:00 AM | Attr =	]
(wltrysvc) Dell Wireless WLAN Tray Service [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\WLTRYSVC.EXE ->  [Ver =  | Size = 20992 bytes | Modified Date = 6/22/2006 2:48:18 AM | Attr =	]

[Driver Services - Non-Microsoft Only]
(Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 26944 bytes | Modified Date = 7/19/2008 10:32:15 AM | Attr =	]
(APLMp50) APLMp50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\APLMp50.sys -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.5.18.05 | Size = 28224 bytes | Modified Date = 11/28/2006 11:46:24 PM | Attr =	]
(APPDRV) APPDRV [Kernel | System | Running] -> %SystemRoot%\system32\drivers\APPDRV.SYS -> Dell Inc [Ver = 1, 0, 1, 1 | Size = 16128 bytes | Modified Date = 8/12/2005 5:50:46 PM | Attr =	]
(aswFsBlk) aswFsBlk [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\aswFsBlk.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 20560 bytes | Modified Date = 7/19/2008 10:37:42 AM | Attr =	]
(aswMon2) avast! Standard Shield Support [File_System | Auto | Running] -> %SystemRoot%\System32\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 94416 bytes | Modified Date = 7/19/2008 10:37:21 AM | Attr =	]
(aswRdr) aswRdr [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 23152 bytes | Modified Date = 7/19/2008 10:33:42 AM | Attr =	]
(aswSP) avast! Self Protection [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aswSP.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 78416 bytes | Modified Date = 7/19/2008 10:35:18 AM | Attr =	]
(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 42912 bytes | Modified Date = 7/19/2008 10:32:36 AM | Attr =	]
(DNE) Deterministic Network Enhancer Miniport [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\dne2000.sys -> Deterministic Networks, Inc. [Ver = 3.11.3.12951 | Size = 110080 bytes | Modified Date = 6/29/2005 6:50:30 PM | Attr =	]
(LVUSBSta) Logitech USB Monitor Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LVUSBSta.sys -> Logitech Inc. [Ver = 8.4.7.1032 | Size = 22016 bytes | Modified Date = 5/27/2005 4:31:28 AM | Attr = R  ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 1:52:12 PM | Attr =	]
(NSNDIS5) NSNDIS5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\nsndis5.sys -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.03.16.58 | Size = 17280 bytes | Modified Date = 3/23/2004 9:12:34 PM | Attr =	]
(omci) OMCI WDM Device Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\omci.sys -> Dell Inc [Ver = 7, 1, 382, 0 | Size = 17153 bytes | Modified Date = 2/13/2004 9:46:00 AM | Attr =	]
(Pcouffin) VSO Software pcouffin [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\pcouffin.sys -> VSO Software [Ver = 1.37 | Size = 47360 bytes | Modified Date = 3/23/2008 8:13:52 AM | Attr =	]
(PID_08A0) QuickCam IM(PID_08A0) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LV302AV.SYS -> Logitech Inc. [Ver = 8.4.7.1032 | Size = 913280 bytes | Modified Date = 5/27/2005 4:46:22 AM | Attr = R  ]
(rimmptsk) rimmptsk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rimmptsk.sys -> REDC [Ver = 1.0.0.6 | Size = 28544 bytes | Modified Date = 7/14/2005 4:58:14 PM | Attr =	]
(rimsptsk) rimsptsk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rimsptsk.sys -> REDC [Ver = 1.00.01.12 | Size = 51328 bytes | Modified Date = 7/12/2005 5:00:30 PM | Attr =	]
(rismxdp) Ricoh xD-Picture Card Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rixdptsk.sys -> REDC [Ver = 1.00.02.04 | Size = 307968 bytes | Modified Date = 7/14/2005 3:28:38 PM | Attr =	]
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASDIFSV.SYS -> SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1010 | Size = 8944 bytes | Modified Date = 6/13/2008 3:36:39 PM | Attr =	]
(SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 2/16/2006 5:51:08 PM | Attr = R  ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1062 | Size = 55024 bytes | Modified Date = 6/13/2008 3:36:38 PM | Attr =	]
(Sentinel) Sentinel [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\sentinel.sys -> SafeNet, Inc. [Ver = SSD7.2.2 | Size = 90176 bytes | Modified Date = 3/14/2006 6:22:00 AM | Attr =	]
(SNTNLUSB) SafeNet USB SuperPro/UltraPro [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SNTNLUSB.SYS -> SafeNet, Inc. [Ver = SSD7.1.0 | Size = 28216 bytes | Modified Date = 3/14/2006 6:22:00 AM | Attr =	]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 2:07:44 PM | Attr =	]
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 8.2.4.6 08Mar06 | Size = 191872 bytes | Modified Date = 3/8/2006 11:35:10 AM | Attr =	]
(vsdatant) vsdatant [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\vsdatant.sys -> File not found
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\wanatw4.sys -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe [C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 78008 bytes | Modified Date = 7/19/2008 10:38:34 AM | Attr =	]
Broadcom Wireless Manager UI -> %SystemRoot%\system32\WLTRAY.EXE [C:\WINDOWS\system32\WLTRAY.exe] -> Dell Inc. [Ver = 4.80.28.5 | Size = 1384448 bytes | Modified Date = 6/22/2006 2:48:18 AM | Attr =	]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup] -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 249856 bytes | Modified Date = 6/10/2005 10:44:02 AM | Attr =	]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 6/10/2005 10:44:02 AM | Attr =	]
PinnacleDriverCheck -> %SystemRoot%\system32\PSDrvCheck.exe [C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg] ->  [Ver = 1.0.0.63 | Size = 406016 bytes | Modified Date = 3/10/2004 4:26:10 PM | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 3:27:04 AM | Attr =	]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> Synaptics, Inc. [Ver = 8.2.4.6 08Mar06 | Size = 761947 bytes | Modified Date = 3/8/2006 11:48:02 AM | Attr =	]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Skype -> %ProgramFiles%\Skype\Phone\Skype.exe ["C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized] -> Skype Technologies S.A. [Ver = 3.2.0.85 | Size = 24184360 bytes | Modified Date = 4/11/2007 6:15:40 PM | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< Maya Camou Startup Folder > -> C:\Documents and Settings\Maya Camou\Start Menu\Programs\Startup -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
qquuhh.dll -> %SystemRoot%\system32\qquuhh.dll ->  [Ver =  | Size = 129024 bytes | Modified Date = 11/20/2008 1:46:35 PM | Attr =	]
*MultiFile Done* -> -> 
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1012 | Size = 77824 bytes | Modified Date = 6/13/2008 3:36:38 PM | Attr =	]
{73259091-9574-4ED8-A40F-7F65AFC28634} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 4/13/2008 7:12:19 PM | Attr =	]
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 4/13/2008 7:12:38 PM | Attr =	]
*MultiFile Done* -> -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 514560 bytes | Modified Date = 4/13/2008 7:12:24 PM | Attr =	]
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/13/2008 7:12:05 PM | Attr =	]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 300544 bytes | Modified Date = 4/13/2008 7:12:41 PM | Attr =	]
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr =	]
AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4124 | Size = 61440 bytes | Modified Date = 2/15/2006 11:34:14 PM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> 
< CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 4/13/2008 1:40:46 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC	 MBR-7	->  -> File not found
NEC	 MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
< Drives with AutoRun files > ->  -> 
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 0 bytes | Modified Date = 8/10/2004 1:04:08 PM | Attr =	]
Autoexec.ex5 [] -> %SystemDrive%\Autoexec.ex5 [ NTFS ] ->  [Ver =  | Size = 0 bytes | Modified Date = 8/10/2004 1:04:08 PM | Attr =	]
< HOSTS File > (224069 bytes and 7914 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
First 25 entries...
127.0.0.1	   localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.1001-search.info
127.0.0.1	1001-search.info
127.0.0.1	www.100888290cs.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	www.10sek.com
127.0.0.1	10sek.com
127.0.0.1	www.123topsearch.com
127.0.0.1	123topsearch.com
127.0.0.1	www.132.com
127.0.0.1	132.com
127.0.0.1	www.136136.net
127.0.0.1	136136.net
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Bar ->  -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
HKEY_CURRENT_USER\: ProxyOverride -> localhost;*.local -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4886 domain(s) found. -> 
online_musicmatch.com [https] -> Trusted sites -> 
safetydownload.com .[*] -> Trusted sites -> 
trustedantivirus.com .[*] -> Trusted sites -> 
virusschlacht.com .[*] -> Trusted sites -> 
47 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6743 domain(s) found. -> 
avsystemcare.com .[*] -> Trusted sites -> 
onerateld.com .[*] -> Trusted sites -> 
safetydownload.com .[*] -> Trusted sites -> 
turbotax.com .[https] -> Trusted sites -> 
virusschlacht.com .[*] -> Trusted sites -> 
39 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr =	]
{2aca08e3-70ae-4ebf-b2b3-ca773bdd4a72} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\qquuhh.dll [Reg Error: Value  does not exist or could not be read.] ->  [Ver =  | Size = 129024 bytes | Modified Date = 11/20/2008 1:46:35 PM | Attr =	]
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgssie.dll [AVG Safe Search] -> File not found
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 6, 2, 14 | Size = 1562960 bytes | Modified Date = 9/15/2008 1:25:44 PM | Attr = RHS]
{73259091-9574-4ED8-A40F-7F65AFC28634} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 3:27:02 AM | Attr =	]
{A002397B-B8E1-4AAB-A04F-CD02878C4AEA} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 1, 1119, 1736 | Size = 654320 bytes | Modified Date = 9/10/2008 6:32:52 PM | Attr =	]
{CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\BAE\BAE.dll [CBrowserHelperObject Object] -> Dell Inc. [Ver = 1.1.0.1 | Size = 94208 bytes | Modified Date = 6/14/2006 8:17:42 AM | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{0BF43445-2F28-4351-9252-17FE6E806AA0} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [Veoh Web Player Video Finder] -> Veoh Networks Inc [Ver = 1.0.1.6 | Size = 463872 bytes | Modified Date = 9/27/2008 11:43:12 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 3:27:02 AM | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 3:27:02 AM | Attr =	]
{CCA281CA-C863-46ef-9331-5C8D4460577F}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [@btrez.dll,-4015] -> File not found
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 6, 2, 14 | Size = 1562960 bytes | Modified Date = 9/15/2008 1:25:44 PM | Attr = RHS]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Send to &Bluetooth Device... -> %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ->  [Ver =  | Size = 1320 bytes | Modified Date = 5/29/2003 1:53:12 PM | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
Extension\.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [] -> InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Modified Date = 1/30/2001 12:56:24 PM | Attr =	]
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{C4EF757D-6E43-4D57-BEA6-D4EC7D142945} ->	() -> 
{C8A80F65-FF45-47A5-9EB2-BF4CE5194810} ->	(Dell Wireless 1500 Draft 802.11n WLAN Mini-Card) -> 
{E1BB0B80-4C2D-4ABA-B8CB-9D6987675F33} ->	() -> 
{ED049EEE-C597-4BFB-AB92-E1BA3F046568} ->	(Broadcom 440x 10/100 Integrated Controller) -> 
{F97CAAA1-89F8-4168-AF6F-9B487F8E3DA0} ->	(1394 Net Adapter) -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,5,11 | Size = 147456 bytes | Modified Date = 8/29/2008 8:53:50 AM | Attr =	]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
bw+0:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bw+0s:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bw-0:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bw00:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bw00s:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bw-0s:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bw10:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bw10s:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bw20:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bw20s:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bw30:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bw30s:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bw40:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bw40s:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bw50:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bw50s:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bw60:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bw60s:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bw70:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bw70s:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bw80:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bw80s:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bw90:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bw90s:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bwa0:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bwa0s:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bwb0:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bwb0s:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bwc0:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bwc0s:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bwd0:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bwd0s:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bwe0:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bwe0s:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bwf0:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bwf0s:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll[BackWeb GA Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bwg0:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bwg0s:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bwh0:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bwh0s:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bwi0:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bwi0s:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bwj0:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bwj0s:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bwk0:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bwk0s:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bwl0:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bwl0s:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bwm0:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bwm0s:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bwn0:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bwn0s:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bwo0:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bwo0s:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bwp0:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bwp0s:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bwq0:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bwq0s:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bwr0:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bwr0s:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bws0:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bws0s:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bwt0:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bwt0s:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bwu0:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bwu0s:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bwv0:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bwv0s:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bww0:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bww0s:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bwx0:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bwx0s:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bwy0:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bwy0s:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bwz0:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
bwz0s:{2a96f5db-d419-4900-a42d-affec7528c0f} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
offline-8876480:{2A96F5DB-D419-4900-A42D-AFFEC7528C0F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 11/29/2006 8:56:21 AM | Attr =	]
skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 27, 0 | Size = 1828440 bytes | Modified Date = 1/12/2007 11:50:48 AM | Attr = R  ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\yinsthelper.dll[YInstStarter Class] -> 
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}[HKEY_LOCAL_MACHINE] -> http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab[Reg Error: Key does not exist or could not be opened.] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ not found. -> -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 4/13/2008 7:12:00 PM | Attr =	]
C:\WINDOWS\system32\byXPIbcY ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0  [binary data] -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 299520 bytes | Modified Date = 4/13/2008 7:11:56 PM | Attr =	]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 4/13/2008 7:12:00 PM | Attr =	]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 144384 bytes | Modified Date = 4/13/2008 7:12:05 PM | Attr =	]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 49152 bytes | Modified Date = 4/13/2008 7:12:08 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 168 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing ->  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 181248 bytes | Modified Date = 4/13/2008 7:12:05 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 118784 bytes | Modified Date = 4/13/2008 7:12:02 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> D2 A4 56 38 8E FC 2D 48 ED 60 87 AF 63 79 6A EB 64 35 32 65 62 62 64 64 00 00 00 00 60 C4 00 00 18 CA 06 00 99 D0 BF 71 04 CA 06 00 10 00 00 00 00 00 00 00 61 F2 ED 78 02 C1 2E 21 A8 9D CF D5  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 55 62 0F 8C EB EF 20 4F 9F  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> C4 83 B1 EE AE EE  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 17 22 AC C5 88 6C 28 A6 51 8B 64 3D 6F 2A 2F B0  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> EA F7 1C EA B5 0E C9 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 54 CF 23 C4 9D C8 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 DB 62 27 C4 9D C8 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 08 94 28 C4 9D C8 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/13/2008 7:12:36 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 28949 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 331264 bytes | Modified Date = 4/13/2008 7:11:55 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 4/13/2008 1:53:32 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 4/13/2008 7:12:34 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 10/18/2007 10:34:02 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 10/2/2007 4:18:24 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avginet.exe -> %ProgramFiles%\Grisoft\AVG7\avginet.exe [C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe [C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe [C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe -> %ProgramFiles%\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> BitTorrent, Inc. [Ver = 1.8.1.12639 | Size = 270128 bytes | Modified Date = 10/10/2008 1:25:41 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 282624 bytes | Modified Date = 5/11/2005 10:23:26 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqste08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 204800 bytes | Modified Date = 5/11/2005 11:40:38 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpofxm08.exe [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe] -> Hewlett-Packard Co. [Ver = 50.0.214.000 | Size = 225280 bytes | Modified Date = 6/3/2005 8:50:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hposfx08.exe [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe] -> Hewlett-Packard Co. [Ver = 50.0.214.000 | Size = 40960 bytes | Modified Date = 6/3/2005 8:50:14 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hposid01.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> Hewlett-Packard Co. [Ver = 50.0.214.000 | Size = 81920 bytes | Modified Date = 6/3/2005 8:45:46 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqscnvw.exe [C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe] ->  [Ver = 3, 2, 0,940 | Size = 200704 bytes | Modified Date = 5/10/2005 8:50:34 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> Hewlett-Packard [Ver = 5.1.0.940 | Size = 1081344 bytes | Modified Date = 5/10/2005 8:07:26 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqCopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe] -> Hewlett-Packard Co. [Ver = 50.0.214.000 | Size = 172032 bytes | Modified Date = 6/3/2005 9:12:34 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpfccopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe] -> Hewlett-Packard [Ver = 2.4 | Size = 151635 bytes | Modified Date = 5/10/2005 8:34:02 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpzwiz01.exe [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe] -> Hewlett-Packard Co. [Ver = 50.0.214.000 | Size = 458752 bytes | Modified Date = 6/3/2005 8:51:06 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe -> %ProgramFiles%\HP\Digital Imaging\Unload\HpqPhUnl.exe [C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe] ->  [Ver = 5.0.0.247 | Size = 417792 bytes | Modified Date = 3/15/2005 2:12:10 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe -> %ProgramFiles%\HP\Digital Imaging\Unload\HpqDIA.exe [C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe] ->   [Ver = 5.0.0.247 | Size = 704512 bytes | Modified Date = 3/15/2005 2:17:50 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpoews01.exe [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> Hewlett-Packard Co. [Ver = 50.0.214.000 | Size = 57344 bytes | Modified Date = 6/3/2005 9:06:04 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\setup\HPZnet01.exe -> D:\setup\HPZnet01.exe [D:\setup\HPZnet01.exe:*:Enabled:hpznet01.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\setup\HPONICIFS01.EXE -> D:\setup\HPONICIFS01.EXE [D:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Veoh Networks\Veoh\VeohClient.exe -> %ProgramFiles%\Veoh Networks\Veoh\VeohClient.exe [C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Soulseek\slsk.exe -> %ProgramFiles%\Soulseek\slsk.exe [C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek] ->  [Ver = 0.3.4 | Size = 3112960 bytes | Modified Date = 4/17/2005 5:08:10 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 4/13/2008 1:53:32 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 4/13/2008 7:12:34 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 10/18/2007 10:34:02 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 10/2/2007 4:18:24 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\SmartFTP Client\SmartFTP.exe -> %ProgramFiles%\SmartFTP Client\SmartFTP.exe [C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0] -> SmartSoft Ltd. [Ver = 3.0.1022.30 | Size = 7295264 bytes | Modified Date = 9/15/2008 11:46:16 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> Apple Inc. [Ver = 1,0,5,11 | Size = 238888 bytes | Modified Date = 8/29/2008 9:18:44 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe -> %ProgramFiles%\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player ] -> Veoh Networks [Ver = 1, 0, 0, 3 | Size = 3497208 bytes | Modified Date = 9/27/2008 11:53:06 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> %ProgramFiles%\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 8.0.1.11 | Size = 14258472 bytes | Modified Date = 10/1/2008 5:57:04 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath ] -> Skype Technologies S.A. [Ver = 3.2.0.85 | Size = 24184360 bytes | Modified Date = 4/11/2007 6:15:40 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings\\AllowInboundRouterRequest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{6F467040-2D70-4A0E-AC98-D7BFE7DE9ECB} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{713DA035-EF78-40BE-81EB-4AC6D3105D59} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{531CC197-E6AF-41B8-A2C8-EF37A83725A9} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{C4EF757D-6E43-4D57-BEA6-D4EC7D142945} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{676CD3D0-FBAC-4149-9E22-76633BC180E3} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/13/2008 7:12:36 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.5512 (xpsp.080413-0852) | Size = 6656 bytes | Modified Date = 4/13/2008 7:12:11 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
aavmker4.sys -> %SystemRoot%\System32\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 26944 bytes | Created Date = 11/21/2008 3:30:06 PM | Attr =	]
aswFsBlk.sys -> %SystemRoot%\System32\drivers\aswFsBlk.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 20560 bytes | Created Date = 11/21/2008 3:30:03 PM | Attr =	]
aswmon.sys -> %SystemRoot%\System32\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 93264 bytes | Created Date = 11/21/2008 3:30:03 PM | Attr =	]
aswmon2.sys -> %SystemRoot%\System32\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 94416 bytes | Created Date = 11/21/2008 3:30:03 PM | Attr =	]
aswRdr.sys -> %SystemRoot%\System32\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 23152 bytes | Created Date = 11/21/2008 3:30:08 PM | Attr =	]
aswSP.sys -> %SystemRoot%\System32\drivers\aswSP.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 78416 bytes | Created Date = 11/21/2008 3:30:03 PM | Attr =	]
aswTdi.sys -> %SystemRoot%\System32\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 42912 bytes | Created Date = 11/21/2008 3:30:07 PM | Attr =	]
LV302AV.SYS -> %SystemRoot%\System32\drivers\LV302AV.SYS -> Logitech Inc. [Ver = 8.4.7.1032 | Size = 913280 bytes | Created Date = 11/6/2008 9:46:32 AM | Attr = R  ]
actskin4.ocx -> %SystemRoot%\System32\actskin4.ocx ->  [Ver = 4, 2, 7, 3 | Size = 380928 bytes | Created Date = 11/21/2008 3:29:46 PM | Attr =	]
aswBoot.exe -> %SystemRoot%\System32\aswBoot.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 1163960 bytes | Created Date = 11/21/2008 3:29:46 PM | Attr =	]
AvastSS.scr -> %SystemRoot%\System32\AvastSS.scr -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 94392 bytes | Created Date = 11/21/2008 3:30:04 PM | Attr =	]
DivX.dll -> %SystemRoot%\System32\DivX.dll -> DivX, Inc. [Ver = 6.8.5.5 | Size = 684032 bytes | Created Date = 10/28/2008 5:35:56 PM | Attr =	]
divx_xx07.dll -> %SystemRoot%\System32\divx_xx07.dll -> DivX, Inc. [Ver = 1.0.0.0 | Size = 823296 bytes | Created Date = 10/28/2008 5:36:00 PM | Attr =	]
divx_xx0a.dll -> %SystemRoot%\System32\divx_xx0a.dll -> DivX, Inc. [Ver = 1.0.0.0 | Size = 815104 bytes | Created Date = 10/28/2008 5:35:58 PM | Attr =	]
divx_xx0c.dll -> %SystemRoot%\System32\divx_xx0c.dll -> DivX, Inc. [Ver = 1.0.0.0 | Size = 823296 bytes | Created Date = 10/28/2008 5:36:00 PM | Attr =	]
divx_xx11.dll -> %SystemRoot%\System32\divx_xx11.dll -> DivX, Inc. [Ver = 1.0.0.0 | Size = 802816 bytes | Created Date = 10/28/2008 5:35:58 PM | Attr =	]
gnpxlyke.dll -> %SystemRoot%\System32\gnpxlyke.dll ->  [Ver =  | Size = 129024 bytes | Created Date = 11/20/2008 1:46:34 PM | Attr =	]
MSINET.DEP -> %SystemRoot%\System32\MSINET.DEP ->  [Ver =  | Size = 2407 bytes | Created Date = 11/20/2008 1:38:15 PM | Attr =	]
MSINET.oca -> %SystemRoot%\System32\MSINET.oca ->  [Ver =  | Size = 29184 bytes | Created Date = 11/20/2008 1:38:15 PM | Attr =	]
prunnet.exe -> %SystemRoot%\System32\prunnet.exe ->  [Ver =  | Size = 38400 bytes | Created Date = 11/20/2008 1:38:14 PM | Attr =	]
qquuhh.dll -> %SystemRoot%\System32\qquuhh.dll ->  [Ver =  | Size = 129024 bytes | Created Date = 11/20/2008 1:46:35 PM | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Ahead -> %AppData%\Ahead ->  [Folder | Created Date = 10/29/2008 7:53:37 AM | Attr =	]
dvdcss -> %AppData%\dvdcss ->  [Folder | Created Date = 10/29/2008 8:11:21 AM | Attr =	]
IUpd721 -> %AppData%\IUpd721 ->  [Folder | Created Date = 11/20/2008 1:51:59 PM | Attr =	]
NI.GSCNS -> %AppData%\NI.GSCNS ->  [Folder | Created Date = 11/20/2008 1:46:49 PM | Attr =	]
vlc -> %AppData%\vlc ->  [Folder | Created Date = 10/29/2008 8:11:06 AM | Attr =	]
Garmin -> %UserProfile%\My Documents\Garmin ->  [Folder | Created Date = 10/31/2008 7:13:36 PM | Attr =	]
Maya&Me - OCT08 -> %UserProfile%\My Documents\Maya&Me - OCT08 ->  [Folder | Created Date = 10/31/2008 4:01:16 PM | Attr =	]
OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Created Date = 11/21/2008 7:12:20 PM | Attr =	]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 576581 bytes | Created Date = 11/21/2008 7:09:48 PM | Attr =	]
Poc 1108 -> %UserProfile%\Desktop\Poc 1108 ->  [Folder | Created Date = 11/21/2008 12:37:22 PM | Attr =	]
Alwil Software -> %ProgramFiles%\Alwil Software ->  [Folder | Created Date = 11/21/2008 3:17:59 PM | Attr =	]
Desktop XP -> %ProgramFiles%\Desktop XP ->  [Folder | Created Date = 11/2/2008 7:57:43 PM | Attr =	]
Free New York Screensaver -> %ProgramFiles%\Free New York Screensaver ->  [Folder | Created Date = 11/2/2008 7:57:42 PM | Attr =	]
Panda Security -> %ProgramFiles%\Panda Security ->  [Folder | Created Date = 11/20/2008 5:05:42 PM | Attr =	]
VideoLAN -> %ProgramFiles%\VideoLAN ->  [Folder | Created Date = 10/29/2008 8:09:01 AM | Attr =	]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 212 bytes | Modified Date = 11/2/2008 8:04:10 PM | Attr = RHS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 2145845248 bytes | Modified Date = 11/21/2008 3:32:24 PM | Attr =  HS]
4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT ->  [Ver =  | Size = 2626 bytes | Modified Date = 11/21/2008 3:30:06 PM | Attr =	]
DivX.dll -> %SystemRoot%\System32\DivX.dll -> DivX, Inc. [Ver = 6.8.5.5 | Size = 684032 bytes | Modified Date = 10/28/2008 5:35:56 PM | Attr =	]
divxdec.ax -> %SystemRoot%\System32\divxdec.ax -> DivX, Inc. [Ver = 6.3.0.79 | Size = 729088 bytes | Modified Date = 10/28/2008 5:35:50 PM | Attr =	]
divx_xx07.dll -> %SystemRoot%\System32\divx_xx07.dll -> DivX, Inc. [Ver = 1.0.0.0 | Size = 823296 bytes | Modified Date = 10/28/2008 5:36:00 PM | Attr =	]
divx_xx0a.dll -> %SystemRoot%\System32\divx_xx0a.dll -> DivX, Inc. [Ver = 1.0.0.0 | Size = 815104 bytes | Modified Date = 10/28/2008 5:35:58 PM | Attr =	]
divx_xx0c.dll -> %SystemRoot%\System32\divx_xx0c.dll -> DivX, Inc. [Ver = 1.0.0.0 | Size = 823296 bytes | Modified Date = 10/28/2008 5:36:00 PM | Attr =	]
divx_xx11.dll -> %SystemRoot%\System32\divx_xx11.dll -> DivX, Inc. [Ver = 1.0.0.0 | Size = 802816 bytes | Modified Date = 10/28/2008 5:35:58 PM | Attr =	]
gnpxlyke.dll -> %SystemRoot%\System32\gnpxlyke.dll ->  [Ver =  | Size = 129024 bytes | Modified Date = 11/20/2008 1:46:35 PM | Attr =	]
MSINET.DEP -> %SystemRoot%\System32\MSINET.DEP ->  [Ver =  | Size = 2407 bytes | Modified Date = 11/20/2008 1:38:15 PM | Attr =	]
MSINET.oca -> %SystemRoot%\System32\MSINET.oca ->  [Ver =  | Size = 29184 bytes | Modified Date = 11/20/2008 1:38:15 PM | Attr =	]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 66482 bytes | Modified Date = 11/21/2008 6:24:31 PM | Attr =	]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 412894 bytes | Modified Date = 11/21/2008 6:24:31 PM | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 486816 bytes | Modified Date = 11/21/2008 6:24:31 PM | Attr =	]
prunnet.exe -> %SystemRoot%\System32\prunnet.exe ->  [Ver =  | Size = 38400 bytes | Modified Date = 11/20/2008 1:38:14 PM | Attr =	]
qquuhh.dll -> %SystemRoot%\System32\qquuhh.dll ->  [Ver =  | Size = 129024 bytes | Modified Date = 11/20/2008 1:46:35 PM | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 11/21/2008 6:20:50 PM | Attr =	]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 11/21/2008 6:20:07 PM | Attr =   S]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 116 bytes | Modified Date = 11/21/2008 1:47:27 PM | Attr =	]
SWFConverter.INI -> %SystemRoot%\SWFConverter.INI ->  [Ver =  | Size = 135 bytes | Modified Date = 10/28/2008 8:07:36 PM | Attr =	]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 227 bytes | Modified Date = 11/2/2008 8:04:10 PM | Attr =	]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 1438 bytes | Modified Date = 11/2/2008 8:04:10 PM | Attr =	]
wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 221 bytes | Modified Date = 11/21/2008 9:43:30 AM | Attr =	]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 11/8/2008 10:53:01 AM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 11/21/2008 6:20:18 PM | Attr =  H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 7/22/2006 5:11:08 PM | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4646 bytes | Modified Date = 11/12/2008 1:30:13 PM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 5060 bytes | Modified Date = 11/12/2008 1:30:12 PM | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA ->  [Folder | Modified Date = 2/14/2007 5:13:08 PM | Attr =	]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 11074 bytes | Modified Date = 11/21/2006 8:48:26 AM | Attr =	]
opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat ->  [Ver =  | Size = 8206 bytes | Modified Date = 2/14/2007 5:13:08 PM | Attr =	]
C:\Documents and Settings\Maya Camou\Local Settings\Temp\ -> C:\Documents and Settings\Maya Camou\Local Settings\Temp ->  [Folder | Modified Date = 11/21/2008 7:22:38 PM | Attr =	]
bvdhvmfm.dll -> C:\Documents and Settings\Maya Camou\Local Settings\Temp\bvdhvmfm.dll ->  [Ver =  | Size = 53248 bytes | Modified Date = 11/21/2008 7:17:46 PM | Attr =	]
3 C:\Documents and Settings\Maya Camou\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Maya Camou\Local Settings\Temp\*.tmp -> 
C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp ->  [Folder | Modified Date = 11/21/2008 7:08:13 PM | Attr =	]
Perflib_Perfdata_460.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_460.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 11/21/2008 6:20:19 PM | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 36864 bytes | Modified Date = 11/21/2008 1:47:26 PM | Attr =	]
GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 75096 bytes | Modified Date = 11/9/2008 6:52:23 AM | Attr =	]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 2161652 bytes | Modified Date = 11/17/2008 7:56:15 PM | Attr =  H ]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 576581 bytes | Modified Date = 11/21/2008 7:09:49 PM | Attr =	]

[File - Lop Check: Additional Folder Scans - Non-Microsoft Only]
Application Data -> C:\Documents and Settings\All Users\Application Data ->  [Folder | Modified Date = 11/21/2008 3:08:17 PM | Attr = RH ]
{3276BE95_AF08_429F_A64F_CA64CB79BCF6} -> C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} ->  [Folder | Modified Date = 10/11/2008 10:04:37 AM | Attr =	]
2020 -> C:\Documents and Settings\All Users\Application Data\2020 ->  [Folder | Modified Date = 5/31/2007 3:20:04 PM | Attr =	]
Adobe -> C:\Documents and Settings\All Users\Application Data\Adobe ->  [Folder | Modified Date = 2/5/2008 9:47:12 PM | Attr =	]
Adobe Systems -> C:\Documents and Settings\All Users\Application Data\Adobe Systems ->  [Folder | Modified Date = 11/27/2006 9:20:44 PM | Attr =	]
Ahead -> C:\Documents and Settings\All Users\Application Data\Ahead ->  [Folder | Modified Date = 10/10/2008 8:07:42 PM | Attr =	]
AOL -> C:\Documents and Settings\All Users\Application Data\AOL ->  [Folder | Modified Date = 4/5/2008 1:11:50 PM | Attr =	]
Apple -> C:\Documents and Settings\All Users\Application Data\Apple ->  [Folder | Modified Date = 7/9/2007 3:07:19 PM | Attr =	]
Apple Computer -> C:\Documents and Settings\All Users\Application Data\Apple Computer ->  [Folder | Modified Date = 2/8/2007 1:12:42 PM | Attr =	]
Autodesk -> C:\Documents and Settings\All Users\Application Data\Autodesk ->  [Folder | Modified Date = 12/7/2006 9:40:19 AM | Attr =	]
avg8 -> C:\Documents and Settings\All Users\Application Data\avg8 ->  [Folder | Modified Date = 11/21/2008 3:08:17 PM | Attr =	]
Broderbund Software -> C:\Documents and Settings\All Users\Application Data\Broderbund Software ->  [Folder | Modified Date = 11/27/2006 11:27:22 PM | Attr =	]
CAP -> C:\Documents and Settings\All Users\Application Data\CAP ->  [Folder | Modified Date = 5/31/2007 3:20:05 PM | Attr =	]
DVD Shrink -> C:\Documents and Settings\All Users\Application Data\DVD Shrink ->  [Folder | Modified Date = 10/4/2007 1:24:22 PM | Attr =	]
Google -> C:\Documents and Settings\All Users\Application Data\Google ->  [Folder | Modified Date = 4/5/2008 1:17:09 PM | Attr =	]
Google Updater -> C:\Documents and Settings\All Users\Application Data\Google Updater ->  [Folder | Modified Date = 9/24/2008 7:23:47 AM | Attr =	]
Grisoft -> C:\Documents and Settings\All Users\Application Data\Grisoft ->  [Folder | Modified Date = 5/23/2008 11:04:10 AM | Attr =	]
GTek -> C:\Documents and Settings\All Users\Application Data\GTek ->  [Folder | Modified Date = 7/22/2006 5:21:52 PM | Attr =	]
HP -> C:\Documents and Settings\All Users\Application Data\HP ->  [Folder | Modified Date = 2/3/2007 7:03:18 PM | Attr =	]
InstallShield -> C:\Documents and Settings\All Users\Application Data\InstallShield ->  [Folder | Modified Date = 7/22/2006 5:20:57 PM | Attr =	]
Intuit -> C:\Documents and Settings\All Users\Application Data\Intuit ->  [Folder | Modified Date = 1/23/2007 3:15:03 PM | Attr =	]
Lavasoft -> C:\Documents and Settings\All Users\Application Data\Lavasoft ->  [Folder | Modified Date = 9/27/2008 7:55:28 PM | Attr =	]
McAfee -> C:\Documents and Settings\All Users\Application Data\McAfee ->  [Folder | Modified Date = 2/8/2008 3:37:40 PM | Attr =	]
McAfee.com -> C:\Documents and Settings\All Users\Application Data\McAfee.com ->  [Folder | Modified Date = 2/10/2007 3:25:14 PM | Attr =	]
Microsoft -> C:\Documents and Settings\All Users\Application Data\Microsoft ->  [Folder | Modified Date = 6/3/2008 12:20:27 PM | Attr =   S]
Microsoft Help -> C:\Documents and Settings\All Users\Application Data\Microsoft Help ->  [Folder | Modified Date = 11/12/2008 5:28:00 PM | Attr =	]
Nero -> C:\Documents and Settings\All Users\Application Data\Nero ->  [Folder | Modified Date = 10/10/2008 6:45:24 PM | Attr =	]
Pinnacle -> C:\Documents and Settings\All Users\Application Data\Pinnacle ->  [Folder | Modified Date = 11/27/2006 10:35:13 PM | Attr =	]
QuickTime -> C:\Documents and Settings\All Users\Application Data\QuickTime ->  [Folder | Modified Date = 11/21/2006 7:35:38 PM | Attr =	]
SBSI -> C:\Documents and Settings\All Users\Application Data\SBSI ->  [Folder | Modified Date = 8/10/2004 1:13:06 PM | Attr =	]
SiteAdvisor -> C:\Documents and Settings\All Users\Application Data\SiteAdvisor ->  [Folder | Modified Date = 2/8/2008 3:39:03 PM | Attr =	]
Skype -> C:\Documents and Settings\All Users\Application Data\Skype ->  [Folder | Modified Date = 5/31/2007 12:43:09 PM | Attr =	]
SmartSound Software Inc -> C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc ->  [Folder | Modified Date = 11/27/2006 10:13:44 PM | Attr =	]
Sonic -> C:\Documents and Settings\All Users\Application Data\Sonic ->  [Folder | Modified Date = 2/3/2007 7:01:36 PM | Attr =	]
Spybot - Search & Destroy -> C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy ->  [Folder | Modified Date = 11/21/2008 1:19:31 PM | Attr =	]
SUPERAntiSpyware.com -> C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com ->  [Folder | Modified Date = 2/6/2008 9:19:01 AM | Attr =	]
TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP ->  [Folder | Modified Date = 11/21/2008 7:33:10 AM | Attr =	]
@Alternate Data Stream - 120 bytes -> %AllUsersProfile%\Application Data\TEMP:5C321E34
@Alternate Data Stream - 109 bytes -> %AllUsersProfile%\Application Data\TEMP:7DA3FB2E
Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint ->  [Folder | Modified Date = 7/22/2006 5:20:13 PM | Attr =	]
Windows Genuine Advantage -> C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage ->  [Folder | Modified Date = 1/14/2007 7:00:25 PM | Attr =	]
WLInstaller -> C:\Documents and Settings\All Users\Application Data\WLInstaller ->  [Folder | Modified Date = 6/3/2008 12:12:41 PM | Attr =	]
Application Data -> C:\Documents and Settings\Maya Camou\Application Data ->  [Folder | Modified Date = 11/21/2008 11:12:19 AM | Attr =  H ]
Adobe -> C:\Documents and Settings\Maya Camou\Application Data\Adobe ->  [Folder | Modified Date = 3/16/2008 8:31:46 AM | Attr =	]
AdobeUM -> C:\Documents and Settings\Maya Camou\Application Data\AdobeUM ->  [Folder | Modified Date = 1/19/2007 9:19:15 AM | Attr =	]
Ahead -> C:\Documents and Settings\Maya Camou\Application Data\Ahead ->  [Folder | Modified Date = 10/29/2008 7:53:37 AM | Attr =	]
Apple Computer -> C:\Documents and Settings\Maya Camou\Application Data\Apple Computer ->  [Folder | Modified Date = 2/8/2007 1:13:08 PM | Attr =	]
ATI -> C:\Documents and Settings\Maya Camou\Application Data\ATI ->  [Folder | Modified Date = 7/22/2006 5:14:07 PM | Attr =	]
Autodesk -> C:\Documents and Settings\Maya Camou\Application Data\Autodesk ->  [Folder | Modified Date = 12/7/2006 9:52:25 AM | Attr =	]
Azureus -> C:\Documents and Settings\Maya Camou\Application Data\Azureus ->  [Folder | Modified Date = 9/20/2007 6:47:43 PM | Attr =	]
Corel Photo Album -> C:\Documents and Settings\Maya Camou\Application Data\Corel Photo Album ->  [Folder | Modified Date = 11/27/2006 9:58:40 PM | Attr =	]
CyberLink -> C:\Documents and Settings\Maya Camou\Application Data\CyberLink ->  [Folder | Modified Date = 12/1/2006 10:44:07 AM | Attr =	]
DeskSoft -> C:\Documents and Settings\Maya Camou\Application Data\DeskSoft ->  [Folder | Modified Date = 7/14/2008 5:29:26 PM | Attr =	]
DivX -> C:\Documents and Settings\Maya Camou\Application Data\DivX ->  [Folder | Modified Date = 5/9/2008 2:12:26 PM | Attr =	]
DVD Shrink -> C:\Documents and Settings\Maya Camou\Application Data\DVD Shrink ->  [Folder | Modified Date = 1/10/2007 8:18:36 AM | Attr =	]
DVD Shrink 3.0 -> C:\Documents and Settings\Maya Camou\Application Data\DVD Shrink 3.0 ->  [Folder | Modified Date = 7/1/2007 8:35:21 AM | Attr =	]
dvdcss -> C:\Documents and Settings\Maya Camou\Application Data\dvdcss ->  [Folder | Modified Date = 10/29/2008 8:11:21 AM | Attr =	]
GARMIN -> C:\Documents and Settings\Maya Camou\Application Data\GARMIN ->  [Folder | Modified Date = 2/15/2008 2:18:38 PM | Attr =	]
Google -> C:\Documents and Settings\Maya Camou\Application Data\Google ->  [Folder | Modified Date = 11/20/2006 4:32:30 PM | Attr =	]
Grisoft -> C:\Documents and Settings\Maya Camou\Application Data\Grisoft ->  [Folder | Modified Date = 4/4/2008 3:06:41 PM | Attr =	]
Gtek -> C:\Documents and Settings\Maya Camou\Application Data\Gtek ->  [Folder | Modified Date = 2/8/2008 3:18:09 PM | Attr =  H ]
HP -> C:\Documents and Settings\Maya Camou\Application Data\HP ->  [Folder | Modified Date = 2/3/2007 5:58:44 PM | Attr =	]
ICAClient -> C:\Documents and Settings\Maya Camou\Application Data\ICAClient ->  [Folder | Modified Date = 6/1/2007 11:25:20 AM | Attr =	]
Identities -> C:\Documents and Settings\Maya Camou\Application Data\Identities ->  [Folder | Modified Date = 8/10/2004 1:08:32 PM | Attr =	]
InstallShield -> C:\Documents and Settings\Maya Camou\Application Data\InstallShield ->  [Folder | Modified Date = 1/23/2007 3:12:27 PM | Attr =	]
InterTrust -> C:\Documents and Settings\Maya Camou\Application Data\InterTrust ->  [Folder | Modified Date = 7/28/2007 10:15:23 PM | Attr =	]
Intuit -> C:\Documents and Settings\Maya Camou\Application Data\Intuit ->  [Folder | Modified Date = 1/23/2007 3:15:39 PM | Attr =	]
IUpd721 -> C:\Documents and Settings\Maya Camou\Application Data\IUpd721 ->  [Folder | Modified Date = 11/20/2008 1:51:59 PM | Attr =	]
KompoZer -> C:\Documents and Settings\Maya Camou\Application Data\KompoZer ->  [Folder | Modified Date = 3/16/2008 8:43:37 AM | Attr =	]
Lavasoft -> C:\Documents and Settings\Maya Camou\Application Data\Lavasoft ->  [Folder | Modified Date = 2/3/2008 6:20:29 PM | Attr =	]
LimeWire -> C:\Documents and Settings\Maya Camou\Application Data\LimeWire ->  [Folder | Modified Date = 6/17/2008 7:40:25 AM | Attr =	]
Macromedia -> C:\Documents and Settings\Maya Camou\Application Data\Macromedia ->  [Folder | Modified Date = 11/20/2006 4:11:15 PM | Attr =	]
Microsoft -> C:\Documents and Settings\Maya Camou\Application Data\Microsoft ->  [Folder | Modified Date = 6/3/2008 12:20:19 PM | Attr =   S]
Microsoft Web Folders -> C:\Documents and Settings\Maya Camou\Application Data\Microsoft Web Folders ->  [Folder | Modified Date = 7/28/2007 10:17:10 PM | Attr =	]
Mozilla -> C:\Documents and Settings\Maya Camou\Application Data\Mozilla ->  [Folder | Modified Date = 6/18/2008 2:13:56 PM | Attr =	]
MSNInstaller -> C:\Documents and Settings\Maya Camou\Application Data\MSNInstaller ->  [Folder | Modified Date = 12/7/2006 9:16:05 AM | Attr =	]
NI.GSCNS -> C:\Documents and Settings\Maya Camou\Application Data\NI.GSCNS ->  [Folder | Modified Date = 11/20/2008 10:42:26 PM | Attr =	]
Pegasys Inc -> C:\Documents and Settings\Maya Camou\Application Data\Pegasys Inc ->  [Folder | Modified Date = 11/30/2006 3:03:46 PM | Attr =	]
Real -> C:\Documents and Settings\Maya Camou\Application Data\Real ->  [Folder | Modified Date = 10/4/2007 12:12:37 PM | Attr =	]
Skype -> C:\Documents and Settings\Maya Camou\Application Data\Skype ->  [Folder | Modified Date = 11/21/2008 7:21:13 PM | Attr =	]
SmartFTP -> C:\Documents and Settings\Maya Camou\Application Data\SmartFTP ->  [Folder | Modified Date = 2/10/2008 9:24:41 AM | Attr =	]
Sun -> C:\Documents and Settings\Maya Camou\Application Data\Sun ->  [Folder | Modified Date = 7/22/2006 5:04:12 PM | Attr =	]
SUPERAntiSpyware.com -> C:\Documents and Settings\Maya Camou\Application Data\SUPERAntiSpyware.com ->  [Folder | Modified Date = 2/6/2008 9:17:55 AM | Attr =	]
Talkback -> C:\Documents and Settings\Maya Camou\Application Data\Talkback ->  [Folder | Modified Date = 2/3/2007 3:37:48 PM | Attr =	]
uTorrent -> C:\Documents and Settings\Maya Camou\Application Data\uTorrent ->  [Folder | Modified Date = 11/17/2008 7:56:16 PM | Attr =	]
vlc -> C:\Documents and Settings\Maya Camou\Application Data\vlc ->  [Folder | Modified Date = 10/29/2008 8:11:30 AM | Attr =	]
Vso -> C:\Documents and Settings\Maya Camou\Application Data\Vso ->  [Folder | Modified Date = 9/11/2008 12:05:59 PM | Attr =	]
Winamp -> C:\Documents and Settings\Maya Camou\Application Data\Winamp ->  [Folder | Modified Date = 4/19/2008 9:33:03 PM | Attr =	]
C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks ->  [Folder | Modified Date = 9/3/2008 5:07:32 PM | Attr =   S]
AppleSoftwareUpdate.job -> C:\WINDOWS\Tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 11/8/2008 10:53:01 AM | Attr =	]
desktop.ini -> C:\WINDOWS\Tasks\desktop.ini ->  [Ver =  | Size = 65 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = RH ]
SA.DAT -> C:\WINDOWS\Tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 11/21/2008 6:20:18 PM | Attr =  H ]
[File - Purity Scan: Additional Folder Scans - Non-Microsoft Only]

[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
C:\WINDOWS\Cursors\arrow_n.cur:NEDTA.DAT 6144 bytes
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1
< Document and Settings folder & sub folders >
scanning hidden files ...
IPC error: 2 The system cannot find the file specified.
C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 120 bytes
C:\Documents and Settings\All Users\Application Data\TEMP:7DA3FB2E 109 bytes
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Scans\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\Copy of My Pictures\XMASPIX2006\Xmas06\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\ENIMPEX\Wine&Spirits\COLA\01-05 J DE TELMONT (NC)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\ENIMPEX\Wine&Spirits\COLA\06-10 Montpeyroux (NC)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\ENIMPEX\Wine&Spirits\COLA\11-16 BLIN\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\ENIMPEX\Wine&Spirits\COLA\17-20 COLIN\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\ENIMPEX\Wine&Spirits\COLA\21 DOMAINE DAMIEN LORIEUX\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\ENIMPEX\Wine&Spirits\COLA\22-26 DUMANGIN\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\ENIMPEX\Wine&Spirits\COLA\Chateau Fredignac (MissBack)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\ENIMPEX\Wine&Spirits\COLA\Domaine Charles et Dominque Frey (MissBacks)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\ENIMPEX\Wine&Spirits\COLA\Dumenil (MissFront)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\ENIMPEX\Wine&Spirits\COLA\Vignoble Laculle (Moutard) (MissBacks)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\ENIMPEX\Wine&Spirits\Docs (Pix&Pricing)\Docs Champagne\Piollot\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\ENIMPEX\Wine&Spirits\Docs (Pix&Pricing)\Docs Spirit\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\ENIMPEX\Wine&Spirits\Docs (Pix&Pricing)\Docs Wine\Montpeyroux\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\ENIMPEX\Wine&Spirits\Docs (Pix&Pricing)\Docs Wine\Patrimoine des Terroirs\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\ENIMPEX\Wine&Spirits\Websites\3. Website031608\images\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\Family\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Garmin\Custom Waypoint Symbols\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Movies\LucLazlo\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Movies\Movies\Claymore\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Movies\Movies\Code Geass - Lelouch of the Rebellion (Season 1)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Movies\Movies\Death Note (anime)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Movies\Movies\Death Note (movie)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Movies\Movies\ThrillHorror\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Movies\Movies\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\CLASSICAL\Rodrigo\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\CLASSICAL\Beethoven\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\CLASSICAL\Emma Shapplin - Carmine Meo (1998)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\CLASSICAL\Gregorian Chants\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\CLASSICAL\Liszt\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\CLASSICAL\Mozart\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\CLASSICAL\Nietzsche\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\CLASSICAL\Orff\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\CLASSICAL\Requiem\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\CLASSICAL\Scarlatti\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\CLASSICAL\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\CLASSICAL\va- Ave Maria - Sacred Arias and Choruses\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\CLASSICAL\Villa Lobos\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\DISCOJAZZFUNK\Glenn Miller Orchestra\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\DISCOJAZZFUNK\Ahmad Jamal\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\DISCOJAZZFUNK\Aretha Franklin\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\DISCOJAZZFUNK\Art Blakey\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\DISCOJAZZFUNK\Barry White\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\DISCOJAZZFUNK\Boney M\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\DISCOJAZZFUNK\Charles Mingus\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\DISCOJAZZFUNK\Herbie Hancock\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\DISCOJAZZFUNK\Jacques Loussier Trio\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\DISCOJAZZFUNK\John Coltrane - Live in Paris\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\DISCOJAZZFUNK\Keith Jarrett - The Koln Concert\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\DISCOJAZZFUNK\Koop\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\DISCOJAZZFUNK\Laurent De Wilde\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\DISCOJAZZFUNK\Matthew Herbert Big Band\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\DISCOJAZZFUNK\Miles Davis\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\DISCOJAZZFUNK\Nicola Conte\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\DISCOJAZZFUNK\Playlist\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\DISCOJAZZFUNK\Rosemary Clooney\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\DISCOJAZZFUNK\Sonny Rollins\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\DISCOJAZZFUNK\Stephane Grappelli & Oscar Peterson - Scott Joplin's rags\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\DISCOJAZZFUNK\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\DISCOJAZZFUNK\Touch And Go\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\DISCOJAZZFUNK\Tracks\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\DISCOJAZZFUNK\va - Let the music play (2001)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\DISCOJAZZFUNK\va - The Roots Of Acid Jazz (1990)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\DISCOJAZZFUNK\Diana Krall\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\DISCOJAZZFUNK\Diana Ross and The Supremes\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\DISCOJAZZFUNK\Django Reinhardt & Stephane Grappelli\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\DISCOJAZZFUNK\Duke Ellington - The music of the Duke\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\DISCOJAZZFUNK\Duke Ellington w  John Coltrane\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Amalia Rodrigues\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Amr Diab\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Astor Piazzolla\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Bajofondo Tango Club\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Balkan Beat Box\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Bebel Gilberto\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Beirut\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Bobby McFerrin\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Manu Chao\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Mercedes Sosa\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Mosquitos\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Najwa Karam\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Olivia Ruiz\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Orquesta Aragon\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\George Brassens - L'integrale\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Gogol Bordello\Super Taranta! (2007)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Goran Bregovic\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Gotan Project\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\House Of Pain - House of pain (1992)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Rosalia De Souza\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Stan Getz with Astrud Gilberto\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Sublime\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Terra Samba\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\The Reminiscence Quartet\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Tito Puente\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Toco - Outro Lugar (2007)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Tracks\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Tribalistas\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\va - Arabic Breakbeats - Urban turban (2002)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\va - Cafe de Flore - Rendez-vous a Saint-Germain des Pres\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\va - Congreso mundial de la salsa\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\va - Gypsy Jazz Mix\Vol.1\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\va - Now That's What I Call Arabia, Vol. 6\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Daude\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Dead Can Dance\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Emilie Simon\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Enya - Best of\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Fairuz\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Fanfare Ciocarlia\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Geoffrey Oryema\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Paco De Lucia\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Paolo Conte\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Paris Combo\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Pink Martini\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Quincy Jones\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Jacques Brel\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Jeanne Moreau\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Jose Gonzalez\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Joyce and Banda Maluca\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\La Bronca - Hey Bronkito !\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Lhasa\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Luis Mariano\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Luz Casal\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\M.I.A. - Kala (2007)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Brigitte Bardot\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Buena Vista Social Club\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Celia Cruz\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Celtic Woman\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Chavela Vargas\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Control Machete\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Daddy Yankee\Barrio fino (2004)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Daddy Yankee\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\va - Oriental evening\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\va - Putumayo Presents\Gypsy Caravan (2001)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\va - Putumayo Presents\Brazilian Groove (2003)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\va - Putumayo Presents\Putumayo Presents - Calypso\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\va - Putumayo Presents\Sing Along With Putumayo (2004)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\va - Putumayo Presents\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\va - Putumayo Presents\Women of the World - Celtic II (1997)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\VA - Soca Gold (2006)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\va - The Afro Latin Groove - Sabroso!\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\va - The rough guide to Salsa de Puerto Rico\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Yann Tiersen\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Yo-Yo Ma Plays Ennio Morricone\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Yuri Buenaventura\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ECLECTIC\Zebda\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Accion Mutante\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Agoria - The green armchair (2006)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Amon Tobin\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Anders Ilar - Sworn (2008)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Annie - Anniemal (2004)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Aphrodite\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Armand Van Helden - Nympho (2005)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Asian Dub Foundation\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Buscemi - Camino real (2003)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Cassius - 15 again (2006)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Chromeo - Fancy Footwork [2007]\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Claude Vonstroke - Beware of the bird (2006)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Green Velvet - Whatever\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Hatiras\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\High Contrast\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Holy bleep - LP (2008)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Jean-Michel Jarre\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\John B - Electrostep (2006)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Stuart Price remixes\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\T Raumschmiere\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Terranova\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\The Clones\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\The Knife\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Badmarsh & Shri\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\DJ Patife\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Portishead\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Dot Allison\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\El Perro Del Mar - Look, it's perro del mar (2005)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Leftfield - Leftism (1995)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Luciana - Featuring Luciana (2008)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Metro Area\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\MGMT\Oracular Spectacular (2008)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Midnight Juggernauts - Dystopia (2007)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Miss Kittin\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Moby\Last Night (2008)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Moby\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Mount Sims\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Prodigy - The Fat of the Land (1997)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Ratatat\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Roni Size\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\va - Saint Germain Café\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\va - Sambass\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\va - This is electroclash (2003)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\va - Verve Remixed\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\va - Verve Remixed\Verve Remixed 3 (2005)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Evil Nine - You can be special too (2004)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Ez Rollers\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Fanny Pack\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Felix da Housecat\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Fischerspooner\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Vitalic\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Zero 7\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Bebel Gilberto\Remixed (2005)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Bebel Gilberto\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\BitterSweet\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Black Eyed Peas - Monkey Business (2005)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Junior Boys - So This Is Goodbye (2006)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\KonG - KonG EleKtro (2007)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Kosheen\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Lady Sovereign - Public Warning (2006)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Ladytron\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Larry Tee - Electroclash mix\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\LCD Soundsystem - LCD Soundsystem (2005)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Client\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\De Phazz\Godsdog (2002)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\De Phazz\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Dimitri From Paris\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\DJ Marky\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\DJ Marky & XRS - In Rotation (2004)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Troublemakers\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\va - Back To Mine\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\va - Deep House (2008)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\va - DJ Kicks\Annie (2005)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\va - DJ Kicks\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Royksopp\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Rubin Steiner\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Saint Etienne\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Saint Germain\From Detroit to Saint Germain\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Saint Germain\Soel (Saint-Germain presents)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Saint Germain\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Saint Germain\Tourist\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Samim\Flow (2007)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Sets\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Smooth\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Sneaky Sound System\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Soft Cell\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\MSTRKRFT - The Looks (2006)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Peaches\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Bob Sinclar\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Bone Machine\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Brazilian Girls\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Girl Talk\Feed the animals (2008)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Girl Talk\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Goose - Bring It On (2006)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Gorillaz\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\The Qemists - Drop Audio EP (2007)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\The Streets\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\ELECTRONIC\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\LUCLAZLO\Nancy Ajram - Sha7'bat Sha7'abit\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\LUCLAZLO\The Little Prince (Saint Exupery)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\LUCLAZLO\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\Joy Division - The Best Of Joy Division (2008)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\Kaiser Chiefs\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\Kasabian - Empire (2006)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\Kate Nash - Made of Bricks (2008)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\Klaxons\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\KT Tunstall - Eye to the telescope (Deluxe Edition) (2006)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\Laura Veirs - Year of Meteors (2005)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\Bloc Party\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\Blonde Redhead\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\Blondie\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\Blur\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\Born Ruffians - Red, Yellow & Blue (2008)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\Coldplay\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\Elastica\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\Elliott Smith\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\Emma Pollock - Watch the firework\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\No Doubt - The singles 1992-2003\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\Norah Jones - Not Too Late (2007)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\Pacha Massive - All Good Things (2006)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\Pavement\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\Phoenix\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\Placebo\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\Pulp\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\Radiohead\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\Red Hot Chili Peppers\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\Rubicks - In Miniature (2006)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\The B-52s - Funplex (2008)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\The Beatles\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\The Cribs - The New Fellas (2005)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\The Cure\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\The Distillers\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\The Doors\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\The Electric Soft Parade\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\The Faint\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\The Go! Team\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\The Good The Bad And The Queen - The Good The Bad And The Queen (2007)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\The Killers\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\The Kills - No wow (2005)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\The La's\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\Maroon 5\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\Swell\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\Santogold - Santogold (2008)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\Sex Pistols\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\She Wants Revenge\This Is Forever (2007)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\She Wants Revenge\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\Sonic Youth\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\Super Furry Animals\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\Flight of the Conchords\The Distant Future (2007)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\Flight of the Conchords\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\Franz Ferdinand\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\I'm From Barcelona - Let Me Introduce My Friends (2006)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\Interpol\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\Jane's Addiction\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\Jem\Finally woken (2004)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\Jem\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\John Mayer\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\Muse\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\My Bloody Valentine\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\Ned's Atomic Dustbin\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\Tracks\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\Under The Influence Of Giants - Under The Influence Of Giants (2006)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\va - 2007 Best Covers\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\va - Everything Is Ending Here (a tribute to Pavement) (2003)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\We are Scientists - With Love and Squalor (2006)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\Yo La Tengo - Fakebook (1990)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\The Pixies\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\The Police\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\The Prima Donnas\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\The Rolling Stones\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\The Smiths\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\The Strokes\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\The Vines\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\The Wannadies\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\The Wedding Present\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\The White Stripes\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\POPROCKPUNK\The Wombats\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\SOUNDTRACKS\Amelie (Yann Tiersen)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\SOUNDTRACKS\Amores Perros\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\SOUNDTRACKS\Arizona Dream (Goran Bregovic)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\SOUNDTRACKS\Cidade de Deus\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\SOUNDTRACKS\Sweet and lowdown (Accords et desaccords)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\SOUNDTRACKS\The Draughtsman's Contract (Michael Nyman)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\SOUNDTRACKS\The Lord Of The Rings\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\SOUNDTRACKS\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\SOUNDTRACKS\Trois couleurs (Zbigniew Preisner)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\SOUNDTRACKS\Undercover Brother\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\SOUNDTRACKS\Underground (Goran Bregovic)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\SOUNDTRACKS\va - Ennio Morricone Remixes\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\SOUNDTRACKS\Waking Life (Tosca Tango Orchestra)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\SOUNDTRACKS\Good Bye Lenin! (Yann Tiersen)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\SOUNDTRACKS\Jonathan Livingstone Seagull (Neil Diamond)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\SOUNDTRACKS\Juno\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\SOUNDTRACKS\La marche de l'empereur (Emilie Simon) (2005)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\SOUNDTRACKS\Les remixes de Mr Untel - Jacques Tati\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Music\SOUNDTRACKS\Lock, Stock And Two Smoking Barrels\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Pictures\033008\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Pictures\Anis' pix\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Pictures\August 08 by Clems\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Pictures\August 2008\August08\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Pictures\August 2008\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Pictures\Dinner @ Devi's\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Pictures\NATALIE\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Pictures\New Folder\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Pictures\VICTOR\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Pictures\July 2008\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Pictures\LISE\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Maya Camou\My Documents\My Pictures\Luc is 4\Thumbs.db:encryptable 0 bytes
scan completed successfully
hidden files: 384

< End of report >


#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:52 AM

Posted 21 November 2008 - 11:45 PM

Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Registry - Non-Microsoft Only]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YY -> qquuhh.dll -> %SystemRoot%\system32\qquuhh.dll
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> safetydownload.com .[*] -> Trusted sites
YN -> trustedantivirus.com .[*] -> Trusted sites
YN -> virusschlacht.com .[*] -> Trusted sites
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> avsystemcare.com .[*] -> Trusted sites
YN -> onerateld.com .[*] -> Trusted sites
YN -> safetydownload.com .[*] -> Trusted sites
YN -> virusschlacht.com .[*] -> Trusted sites
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {2aca08e3-70ae-4ebf-b2b3-ca773bdd4a72} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\qquuhh.dll [Reg Error: Value  does not exist or could not be read.]
[Files/Folders - Created Within 30 days]
NY -> prunnet.exe -> %SystemRoot%\System32\prunnet.exe
NY -> qquuhh.dll -> %SystemRoot%\System32\qquuhh.dll
[Files/Folders - Modified Within 30 days]
NY -> prunnet.exe -> %SystemRoot%\System32\prunnet.exe
NY -> qquuhh.dll -> %SystemRoot%\System32\qquuhh.dll
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed either a message box will popup telling you that it is finished or you will be asked to reboot to finish the fix. If it is finished, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.
If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that information back here.
I will review the information when it comes back in.
Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
=================
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
=========================
Please post these logs in your next reply:
  • Malware Bytes log
  • New Rsit log

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 Lov3

Lov3
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:52 AM

Posted 22 November 2008 - 08:20 AM

Hi,

I didn't encounter any problem during the fix, and my computer seems to run normally.
Does it mean that I'm clean?

Also, do you need the MBAM log and the Rsit log? If yes, what is Rsit?

Thanks.

Here is the OTScanIT log:

[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:qquuhh.dll deleted successfully.
C:\WINDOWS\system32\qquuhh.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\safetydownload.com\\* deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trustedantivirus.com\\* deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\virusschlacht.com\\* deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avsystemcare.com\\* deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\onerateld.com\\* deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\safetydownload.com\\* deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\virusschlacht.com\\* deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2aca08e3-70ae-4ebf-b2b3-ca773bdd4a72}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2aca08e3-70ae-4ebf-b2b3-ca773bdd4a72}\ deleted successfully.
File C:\WINDOWS\system32\qquuhh.dll not found.
[Files/Folders - Created Within 30 days]
C:\WINDOWS\System32\prunnet.exe moved successfully.
File C:\WINDOWS\System32\qquuhh.dll not found!
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\System32\prunnet.exe not found!
File C:\WINDOWS\System32\qquuhh.dll not found!
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Maya Camou\Local Settings\Temp\etilqs_dMsTlYF3y4gfe3UzY0xE scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Maya Camou\Local Settings\Temp\~DFB476.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Maya Camou\Local Settings\Temp\~DFB57D.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_77c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Maya Camou\Local Settings\Application Data\Mozilla\Firefox\Profiles\9xm8p3nc.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Maya Camou\Local Settings\Application Data\Mozilla\Firefox\Profiles\9xm8p3nc.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Maya Camou\Local Settings\Application Data\Mozilla\Firefox\Profiles\9xm8p3nc.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Maya Camou\Local Settings\Application Data\Mozilla\Firefox\Profiles\9xm8p3nc.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Maya Camou\Local Settings\Application Data\Mozilla\Firefox\Profiles\9xm8p3nc.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Maya Camou\Local Settings\Application Data\Mozilla\Firefox\Profiles\9xm8p3nc.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.19.0 fix logfile created on 11222008_080643

Files moved on Reboot...
File C:\Documents and Settings\Maya Camou\Local Settings\Temp\etilqs_dMsTlYF3y4gfe3UzY0xE not found!
File C:\Documents and Settings\Maya Camou\Local Settings\Temp\~DFB476.tmp not found!
File C:\Documents and Settings\Maya Camou\Local Settings\Temp\~DFB57D.tmp not found!
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat moved successfully.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_77c.dat not found!
C:\Documents and Settings\Maya Camou\Local Settings\Application Data\Mozilla\Firefox\Profiles\9xm8p3nc.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Maya Camou\Local Settings\Application Data\Mozilla\Firefox\Profiles\9xm8p3nc.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Maya Camou\Local Settings\Application Data\Mozilla\Firefox\Profiles\9xm8p3nc.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Maya Camou\Local Settings\Application Data\Mozilla\Firefox\Profiles\9xm8p3nc.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Maya Camou\Local Settings\Application Data\Mozilla\Firefox\Profiles\9xm8p3nc.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Maya Camou\Local Settings\Application Data\Mozilla\Firefox\Profiles\9xm8p3nc.default\XUL.mfl moved successfully.

#6 Lov3

Lov3
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:52 AM

Posted 22 November 2008 - 08:30 AM

MBAM found something. Here is the log after disinfection:

Malwarebytes' Anti-Malware 1.30
Database version: 1415
Windows 5.1.2600 Service Pack 3

11/22/2008 8:28:17 AM
mbam-log-2008-11-22 (08-28-17).txt

Scan type: Quick Scan
Objects scanned: 58951
Time elapsed: 4 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2860c741-8f63-45da-b029-2b4b148ac499} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{73259091-9574-4ed8-a40f-7f65afc28634} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73259091-9574-4ed8-a40f-7f65afc28634} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{73259091-9574-4ed8-a40f-7f65afc28634} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Maya Camou\Application Data\NI.GSCNS (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Maya Camou\Application Data\NI.GSCNS\dl.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maya Camou\Application Data\NI.GSCNS\settings.ini (Trojan.Agent) -> Quarantined and deleted successfully.

#7 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:52 AM

Posted 22 November 2008 - 08:44 AM

Let's see if anything is left over:
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#8 Lov3

Lov3
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:52 AM

Posted 22 November 2008 - 08:54 AM

Here is the log:


Logfile of random's system information tool 1.04 (written by random/random)
Run by Maya Camou at 2008-11-22 08:51:25
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 24 GB (13%) free of 186 GB
Total RAM: 2046 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:51:32 AM, on 11/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Maya Camou\Desktop\RSIT.exe
C:\Program Files\trend micro\Maya Camou.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A002397B-B8E1-4AAB-A04F-CD02878C4AEA} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O18 - Protocol: bw+0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/MAYACA~1/LOCALS~1/Temp/msohtml1/01/clip_image002.gif

--
End of file - 19311 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A002397B-B8E1-4AAB-A04F-CD02878C4AEA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll [2008-09-10 654320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-06-14 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2008-09-27 463872]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2006-06-22 1384448]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe [2004-03-10 406016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-10-22 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2007-04-11 24184360]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-10-01 111936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2005-08-12 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe [2006-04-06 1032192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-01-27 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft ActiveSync\wcescomm.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2006-11-29 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MDDiskProtect.exe]
C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mediafour Mac Volume Notifications]
C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE /auto []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mediafour XPlay Tray Notification Icon]
C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
C:\Program Files\NetWaiting\netWaiting.exe [2003-09-10 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
C:\WINDOWS\stsystra.exe [2006-03-24 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartDefrag]
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2008-10-23 1968880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UDC Integration]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe /VeohHide []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2008-09-27 3497208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2008-04-01 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
C:\PROGRA~1\COMMON~1\AUTODE~1\ACSTAR~1.EXE [2004-02-24 10872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2006-05-24 622653]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cisco Systems VPN Client.lnk]
C:\PROGRA~1\CISCOS~1\VPNCLI~1\vpngui.exe -user_logon []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
C:\PROGRA~1\DIGITA~1\DLG.exe [2003-10-29 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
C:\PROGRA~1\Google\GOOGLE~2\GOOGLE~1.EXE [2008-09-10 125624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2005-05-11 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2005-05-11 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe [2006-11-29 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Maya Camou^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3
"wltrysvc"=2
"WLSetupSvc"=3
"usnjsvc"=3
"SentinelProtectionServer"=2
"Pml Driver HPZ12"=2
"ose"=3
"odserv"=3
"NMIndexingService"=3
"NICCONFIGSVC"=2
"Nero BackItUp Scheduler 3"=2
"MDM"=2
"iPod Service"=3
"gusvc"=2
"DSBrokerService"=3
"CVPND"=2
"btwdins"=2
"Bonjour Service"=2
"avg8wd"=2
"Autodesk Licensing Service"=3
"Ati HotKey Poller"=2
"Apple Mobile Device"=2
"Adobe LM Service"=3
"aawservice"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-02-15 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-06-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\byXPIbcY

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"D:\setup\HPZnet01.exe"="D:\setup\HPZnet01.exe:*:Enabled:hpznet01.exe"
"D:\setup\HPONICIFS01.EXE"="D:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\Soulseek\slsk.exe"="C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\SmartFTP Client\SmartFTP.exe"="C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c7ec706-e2c1-11dc-8120-0016cffb251d}]
shell\Auto\command - AdobeR.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e


======File associations======

.scr - open - "C:\WINDOWS\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2008-11-22 08:51:25 ----D---- C:\rsit
2008-11-22 08:14:21 ----D---- C:\Documents and Settings\Maya Camou\Application Data\Malwarebytes
2008-11-22 08:14:15 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-22 08:14:15 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-22 08:06:43 ----D---- C:\_OTScanIt
2008-11-21 15:29:46 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-11-21 15:17:59 ----D---- C:\Program Files\Alwil Software
2008-11-20 17:05:42 ----D---- C:\Program Files\Panda Security
2008-11-20 13:51:59 ----D---- C:\Documents and Settings\Maya Camou\Application Data\IUpd721
2008-11-20 13:46:34 ----A---- C:\WINDOWS\system32\gnpxlyke.dll
2008-11-20 13:44:14 ----A---- C:\WINDOWS\system32\bf959675-.txt
2008-11-12 17:27:25 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 17:26:59 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 17:26:23 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-05 12:21:43 ----A---- C:\WINDOWS\system32\hidserv.dll
2008-11-02 19:57:43 ----D---- C:\Program Files\Desktop XP
2008-11-02 19:57:42 ----D---- C:\Program Files\Free New York Screensaver
2008-10-29 08:11:21 ----D---- C:\Documents and Settings\Maya Camou\Application Data\dvdcss
2008-10-29 08:11:06 ----D---- C:\Documents and Settings\Maya Camou\Application Data\vlc
2008-10-29 08:09:01 ----D---- C:\Program Files\VideoLAN
2008-10-29 07:53:37 ----D---- C:\Documents and Settings\Maya Camou\Application Data\Ahead
2008-10-28 17:36:00 ----A---- C:\WINDOWS\system32\divx_xx0c.dll
2008-10-28 17:36:00 ----A---- C:\WINDOWS\system32\divx_xx07.dll
2008-10-28 17:35:58 ----A---- C:\WINDOWS\system32\divx_xx11.dll
2008-10-28 17:35:58 ----A---- C:\WINDOWS\system32\divx_xx0a.dll
2008-10-28 17:35:56 ----A---- C:\WINDOWS\system32\DivX.dll
2008-10-24 06:25:10 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

======List of files/folders modified in the last 1 months======

2008-11-22 08:51:32 ----D---- C:\Program Files\Trend Micro
2008-11-22 08:51:28 ----D---- C:\WINDOWS\Prefetch
2008-11-22 08:36:12 ----D---- C:\Documents and Settings\Maya Camou\Application Data\Skype
2008-11-22 08:14:18 ----D---- C:\WINDOWS\system32\drivers
2008-11-22 08:14:15 ----D---- C:\Program Files
2008-11-22 08:13:22 ----D---- C:\WINDOWS\system32
2008-11-22 08:13:21 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-22 08:10:13 ----D---- C:\Program Files\Mozilla Firefox
2008-11-22 08:10:08 ----D---- C:\WINDOWS\Temp
2008-11-22 08:09:25 ----A---- C:\WINDOWS\ModemLog_Bluetooth Modem.txt
2008-11-22 08:09:25 ----A---- C:\WINDOWS\ModemLog_Bluetooth Fax Modem.txt
2008-11-22 08:09:19 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2008-11-22 08:08:16 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-22 07:59:51 ----D---- C:\WINDOWS\system32\config
2008-11-21 20:16:52 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-21 17:09:17 ----D---- C:\Program Files\Universal Document Converter
2008-11-21 15:08:59 ----D---- C:\WINDOWS
2008-11-21 15:08:17 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-11-21 14:13:55 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-21 13:19:31 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-21 09:43:30 ----AC---- C:\WINDOWS\wininit.ini
2008-11-21 07:33:10 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-21 07:33:05 ----D---- C:\Program Files\SpywareBlaster
2008-11-20 16:53:58 ----D---- C:\TEMP
2008-11-20 16:53:57 ----HD---- C:\$AVG8.VAULT$
2008-11-17 19:56:16 ----D---- C:\Documents and Settings\Maya Camou\Application Data\uTorrent
2008-11-14 17:57:58 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-11-14 13:58:11 ----HD---- C:\WINDOWS\inf
2008-11-14 13:58:11 ----D---- C:\WINDOWS\Help
2008-11-13 16:45:49 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-13 09:08:45 ----SHD---- C:\WINDOWS\Installer
2008-11-13 09:08:45 ----HD---- C:\Config.Msi
2008-11-13 09:07:41 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-13 08:57:17 ----D---- C:\WINDOWS\Debug
2008-11-12 17:28:00 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-11-12 17:27:24 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-12 17:25:43 ----D---- C:\WINDOWS\WinSxS
2008-11-11 12:36:01 ----D---- C:\Program Files\DivX
2008-11-08 09:59:41 ----D---- C:\Program Files\HP
2008-11-06 09:13:22 ----D---- C:\WINDOWS\system32\FxsTmp
2008-11-03 19:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-02 20:04:10 ----RASH---- C:\boot.ini
2008-11-02 20:04:10 ----A---- C:\WINDOWS\win.ini
2008-11-02 20:04:10 ----A---- C:\WINDOWS\system.ini
2008-11-01 10:39:00 ----D---- C:\Program Files\Replay AV 8
2008-10-31 18:46:28 ----D---- C:\Garmin
2008-10-28 20:07:36 ----A---- C:\WINDOWS\SWFConverter.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys []
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-04 12544]
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2006-03-14 90176]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ASAPIW2k;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys [2004-03-10 11264]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-02-15 1421312]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-06-26 563968]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-05-24 328237]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-05-24 30427]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-05-24 851434]
R3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-05-24 148900]
R3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2006-05-24 30285]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-24 66488]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-01-28 171008]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2008-03-23 47360]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-07-14 28544]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-07-12 51328]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-07-14 307968]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-04-28 1164600]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 APLMp50;APLMp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\APLMp50.sys [2006-11-28 28224]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2006-05-24 45683]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2005-05-17 5315]
S3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2005-06-29 110080]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-07 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-07 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-07 21744]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-05-27 22016]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\NSNDIS5.SYS []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 PID_08A0;QuickCam IM(PID_08A0); C:\WINDOWS\system32\DRIVERS\LV302AV.SYS [2005-05-27 913280]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SNTNLUSB;SafeNet USB SuperPro/UltraPro; C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS [2006-03-14 28216]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-11-27 72704]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-02-15 405504]
S4 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2006-12-07 74360]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S4 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-05-24 266295]
S4 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-03 138680]
S4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S4 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-04-06 380928]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe []
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S4 SentinelProtectionServer;Sentinel Protection Server; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [2006-03-14 206400]
S4 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S4 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2006-06-22 20992]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------



And here is the info:


info.txt logfile of random's system information tool 1.04 2008-11-22 08:51:36

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
AC-3 ACM Codec-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\AC3ACM.inf
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Advertisement Service-->C:\WINDOWS\system32\prunnet.exe Uninstall
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI Catalyst Control Center-->MsiExec.exe /I{0D251F37-10CB-46DF-BFA0-4702218DB0B6}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AutoCAD 2005 - English-->MsiExec.exe /I{5783F2D7-0301-0409-0002-0060B0CE6BBA}
Autodesk DWF Viewer-->C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Broadcom Management Programs-->MsiExec.exe /I{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
Canon Camera Window for ZoomBrowser EX-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{570B96D1-70D3-4B48-93EF-029440FA1BCE}
Canon IXY 320, PowerShot S230, IXUS v3 WIA Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{B8CD1189-53D6-4C51-8082-14B812EABBA8}
Canon PhotoRecord-->C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\Canon\PhotoRecord\Uninst.isu -c"C:\PROGRA~1\Canon\PhotoRecord\Program\uninstdll.dll"
Canon PowerShot G3 WIA Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{B94061DC-B2BB-42F7-800D-BCBF678AA8B3}
Canon PowerShot S45 WIA Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{25E671BE-87A0-40F1-ABE5-BCBC6E65B0F5}
Canon Utilities FileViewerUtility 1.0-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{0627E8E9-6822-4A5E-9225-286741CDC3E4}
Canon Utilities PhotoStitch 3.1-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A3E0FF15-90D5-40CD-8565-B80A433B0D4C}
Canon Utilities RemoteCapture 2.6-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{B08894AF-D523-46B1-9B9B-2DA6B29CDD23}
Canon Utilities ZoomBrowser EX-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
CAP Studio 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9057F154-7114-4EE5-B376-ADBB6E2142A3}\Setup.exe" -l0x9 -removeonly
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
Consumer Complete Care Services Agreement-->MsiExec.exe /X{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C}
Crystal Reports XI Release 2 .NET 2005 Server-->MsiExec.exe /I{DE797DDD-D8BF-4A1D-A1EC-ADD817EC9B06}
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Game Console-->"C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe"
Dell Media Experience-->MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digimax Master-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\Setup.exe" -l0x9 -removeonly
Digital Content Portal-->MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Documentation & Support Launcher-->MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
DVDFab Platinum 4.0.6.0 Beta-->"C:\Program Files\DVDFab Platinum 4\unins000.exe"
EarthLink setup files-->MsiExec.exe /X{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}
EducateU-->MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
ELIcon-->MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}
Extend5 LT-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{543E438D-FEEB-4DE1-B58D-8B9479389CA1}\SETUP.EXE" -uninst
ffdshow (remove only)-->"C:\Program Files\ffdshow\uninstall.exe"
Games, Music, & Photos Launcher-->MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
Garmin City Navigator Europe NT 2008-->MsiExec.exe /X{EEC8205A-E3DE-4C00-B60C-48E3B9B58B13}
Garmin City Navigator Middle East 2008-->MsiExec.exe /X{C9F09FEA-569C-44D6-97A7-312681D79091}
Garmin City Navigator North America NT 2009 Update-->MsiExec.exe /X{9DA735C0-3C3E-4CB3-BC26-BE95E768115F}
Garmin MapSource-->MsiExec.exe /X{4ACBBFC6-3F39-48DE-8D85-182736B2749B}
Get High Speed Internet!-->MsiExec.exe /I{7A3F0566-5E05-4919-9C98-456F6B5CF831}
GetDataBack for FAT-->"C:\Program Files\Runtime Software\GetDataBack\Uninstall.exe" "C:\Program Files\Runtime Software\GetDataBack\install.log" -u
GetDataBack for NTFS-->"C:\Program Files\Runtime Software\GetDataBack for NTFS\Uninstall.exe" "C:\Program Files\Runtime Software\GetDataBack for NTFS\install.log" -u
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Firefox-->MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Document Viewer 5.3-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Extended Capabilities 5.3-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 5.3-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 5.3-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP PSC & OfficeJet 5.3.A-->"C:\Program Files\HP\Digital Imaging\{3E386744-10FA-44b2-98C9-DF7A270DECB3}\setup\hpzscr01.exe" -datfile hposcr06.dat
HP Solution Center & Imaging Support Tools 5.3-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HTML-Kit-->"C:\Program Files\Chami\HTML-Kit\unins000.exe"
Internet Service Offers Launcher-->MsiExec.exe /X{E42BD75A-FC23-4E3F-9F91-2658334C644F}
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
Japanese Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003}
Java DB 10.3.1.4-->MsiExec.exe /X{CD49361E-3FE6-457E-90A1-9C59E29B5D02}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Development Kit 6 Update 5-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160050}
Lame ACM MP3 Codec-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\WINDOWS\INF\LameACM.inf
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Macallan Convert Srt To Ssa-->MsiExec.exe /I{C9A1FFBA-B590-453B-924E-11C97A5EDE74}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Basic Edition 2003-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Project 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-003B-0000-0000-0000000FF1CE} /uninstall {C1877F6E-C1C8-486D-A697-86431029690C}
Microsoft Office Project 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-00B4-0409-0000-0000000FF1CE} /uninstall {75EC8FFC-B913-4991-B3A1-22576D2FC45D}
Microsoft Office Project MUI (English) 2007-->MsiExec.exe /X{90120000-00B4-0409-0000-0000000FF1CE}
Microsoft Office Project Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PRJPRO /dll OSETUP.DLL
Microsoft Office Project Professional 2007-->MsiExec.exe /X{90120000-003B-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Project 2000-->MsiExec.exe /I{118792B0-F470-11D3-86A9-00C04F6E09F2}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
MobileMe Control Panel-->MsiExec.exe /I{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 Cutter Joiner 1.07-->"C:\Program Files\SuperAudiotool\MP3 Cutter Joiner\unins000.exe"
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Musicmatch for Windows Media Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}\setup.exe" -l0x9 remove
Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nero Digital-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Network Stumbler 0.4.0 (remove only)-->"C:\Program Files\Network Stumbler\uninst.exe"
OM Explorer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EAC5CA92-8FBE-11D4-9BDE-0050BAD43D62}\setup.exe"
PDF Password Remover v2.5-->"C:\Program Files\PDF Password Remover v2.5\unins000.exe"
Pinnacle Hollywood FX for Studio-->C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX for Studio\5.5\uninstal.log
PrimoPDF-->"C:\WINDOWS\PrimoPDF4\uninstall.exe" "/U:C:\Program Files\activePDF\PrimoPDF\Uninstall\uninstallPrimoPDF4.xml"
Qualxserve Service Agreement-->MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Replay AV 8-->C:\WINDOWS\iun6002.exe "C:\Program Files\Replay AV 8\uninstallRAV8.ini"
R-Studio 4.2-->C:\Program Files\R-Studio\Uninstall.exe
Samsung USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B38D54F6-C8C3-4420-8708-ADEAEB4F4CF9}\Setup.exe" anything
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-003B-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-003B-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-003B-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sentinel Protection Installer 7.2.2-->MsiExec.exe /I{6DC0632A-A838-4B34-AC19-0FA18E1C533C}
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\SETUP.exe" -l0x9 -remove -removeonly
Skype 3.2-->"C:\Program Files\Skype\Phone\unins000.exe"
Skype Plugin Manager-->MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
Smart Defrag 1.02-->"C:\Program Files\IObit\IObit SmartDefrag\unins000.exe"
SmartFTP Client 2.5 Setup Files (remove only)-->C:\Program Files\SmartFTP Client 2.5 Setup Files\uninst-sftp.exe
SmartFTP Client 3.0 Setup Files (remove only)-->C:\Program Files\SmartFTP Client 3.0 Setup Files\uninst-sftp.exe
SmartFTP Client-->MsiExec.exe /I{6F23C1A3-9F62-470C-BD12-B83F04E67865}
SmartSound Quicktracks Plugin-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Sothink SWF to Video Converter-->"C:\Program Files\SourceTec\Sothink SWF to Video Converter\unins001.exe"
SoulSeek Client 156c-->"C:\Program Files\Soulseek\uninstall.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
Studio 9.4 Patch-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{16E217EA-C3E0-402D-8D4F-6189DB74497A}\setup.exe" -l0x9 UNINSTALL
Studio 9-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E491AB7-4589-48CA-9CBB-874CB2788391}\Setup.exe" -l0x9 UNINSTALL
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TurboTax Deluxe Deduction Maximizer 2006-->C:\Program Files\TurboTax\Deluxe 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2006\Uninstall.log" -NoGui
Universal Document Converter-->"C:\Program Files\Universal Document Converter\unins000.exe"
Update for Office 2007 (KB946691)-->msiexec /package {90120000-003B-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
URL Assistant-->regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Veoh Web Player Beta-->"C:\Program Files\Veoh Networks\VeohWebPlayer\uninst.exe"
Videora iPod Converter 0.91-->C:\Program Files\VideoraiPodConverter\uninst.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VLC media player 0.9.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VobSub v2.23 (Remove Only)-->"C:\Program Files\Gabest\VobSub\uninstall.exe"
WebCyberCoach 3.2 Dell-->"C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
WexTech AnswerWorks-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
WIDCOMM Bluetooth Software-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
Win AVI HelixSDK-->"C:\Program Files\WinAVI Video Converter\HelixSDK\unins000.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
x264vfw - H.264/MPEG-4 AVC codec (remove only)-->C:\WINDOWS\system32\x264vfw-uninstall.exe
XviD MPEG4 Video Codec (remove only)-->"C:\WINDOWS\system32\xvid-uninstall.exe"
YouSendIt Application Plug-in SDK-->C:\Program Files\InstallShield Installation Information\{3AE00DF4-ADF1-479E-834C-D1B2E71570BD}\setup.exe -runfromtemp -l0x0409

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: avast! antivirus 4.8.1229 [VPS 081121-0]

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\Common Files\2020;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

#9 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:52 AM

Posted 22 November 2008 - 09:22 AM

Please go to Start> Control Panel > Add\Remove programs and remove this entry:
Advertisement Service

then close the Control Panel.
===============================
Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "authentication packages"=hex(7):"msv1_0"
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c7ec706-e2c1-11dc-8120-0016cffb251d}]
    
    :files
    C:\WINDOWS\system32\gnpxlyke.dll
    C:\WINDOWS\system32\bf959675-.txt
    C:\Documents and Settings\Maya Camou\Application Data\IUpd721
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
==========
Post one more Rsit log and we will wrap it up.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#10 Lov3

Lov3
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:52 AM

Posted 22 November 2008 - 09:31 AM

Here are the results for OTMoveIt3:

========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"authentication packages"|hex(7):"msv1_0" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c7ec706-e2c1-11dc-8120-0016cffb251d}\\ deleted successfully.
========== FILES ==========
DllUnregisterServer procedure not found in C:\WINDOWS\system32\gnpxlyke.dll
C:\WINDOWS\system32\gnpxlyke.dll NOT unregistered.
C:\WINDOWS\system32\gnpxlyke.dll moved successfully.
C:\WINDOWS\system32\bf959675-.txt moved successfully.
C:\Documents and Settings\Maya Camou\Application Data\IUpd721\Logs moved successfully.
C:\Documents and Settings\Maya Camou\Application Data\IUpd721 moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11222008_092802


And here is the Rsit log:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Maya Camou at 2008-11-22 09:30:02
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 24 GB (13%) free of 186 GB
Total RAM: 2046 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:30:07 AM, on 11/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Maya Camou\Desktop\RSIT.exe
C:\Program Files\trend micro\Maya Camou.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A002397B-B8E1-4AAB-A04F-CD02878C4AEA} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O18 - Protocol: bw+0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {2A96F5DB-D419-4900-A42D-AFFEC7528C0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/MAYACA~1/LOCALS~1/Temp/msohtml1/01/clip_image002.gif

--
End of file - 19288 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A002397B-B8E1-4AAB-A04F-CD02878C4AEA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll [2008-09-10 654320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-06-14 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2008-09-27 463872]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2006-06-22 1384448]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe [2004-03-10 406016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-10-22 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2007-04-11 24184360]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-10-01 111936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2005-08-12 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe [2006-04-06 1032192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-01-27 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft ActiveSync\wcescomm.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2006-11-29 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MDDiskProtect.exe]
C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mediafour Mac Volume Notifications]
C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE /auto []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mediafour XPlay Tray Notification Icon]
C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
C:\Program Files\NetWaiting\netWaiting.exe [2003-09-10 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
C:\WINDOWS\stsystra.exe [2006-03-24 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartDefrag]
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2008-10-23 1968880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UDC Integration]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe /VeohHide []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2008-09-27 3497208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2008-04-01 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
C:\PROGRA~1\COMMON~1\AUTODE~1\ACSTAR~1.EXE [2004-02-24 10872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2006-05-24 622653]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cisco Systems VPN Client.lnk]
C:\PROGRA~1\CISCOS~1\VPNCLI~1\vpngui.exe -user_logon []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
C:\PROGRA~1\DIGITA~1\DLG.exe [2003-10-29 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
C:\PROGRA~1\Google\GOOGLE~2\GOOGLE~1.EXE [2008-09-10 125624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2005-05-11 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2005-05-11 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe [2006-11-29 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Maya Camou^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3
"wltrysvc"=2
"WLSetupSvc"=3
"usnjsvc"=3
"SentinelProtectionServer"=2
"Pml Driver HPZ12"=2
"ose"=3
"odserv"=3
"NMIndexingService"=3
"NICCONFIGSVC"=2
"Nero BackItUp Scheduler 3"=2
"MDM"=2
"iPod Service"=3
"gusvc"=2
"DSBrokerService"=3
"CVPND"=2
"btwdins"=2
"Bonjour Service"=2
"avg8wd"=2
"Autodesk Licensing Service"=3
"Ati HotKey Poller"=2
"Apple Mobile Device"=2
"Adobe LM Service"=3
"aawservice"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-02-15 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-06-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"D:\setup\HPZnet01.exe"="D:\setup\HPZnet01.exe:*:Enabled:hpznet01.exe"
"D:\setup\HPONICIFS01.EXE"="D:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\Soulseek\slsk.exe"="C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\SmartFTP Client\SmartFTP.exe"="C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======File associations======

.scr - open - "C:\WINDOWS\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2008-11-22 09:28:02 ----D---- C:\_OTMoveIt
2008-11-22 08:51:25 ----D---- C:\rsit
2008-11-22 08:14:21 ----D---- C:\Documents and Settings\Maya Camou\Application Data\Malwarebytes
2008-11-22 08:14:15 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-22 08:14:15 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-22 08:06:43 ----D---- C:\_OTScanIt
2008-11-21 15:29:46 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-11-21 15:17:59 ----D---- C:\Program Files\Alwil Software
2008-11-20 17:05:42 ----D---- C:\Program Files\Panda Security
2008-11-12 17:27:25 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 17:26:59 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 17:26:23 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-05 12:21:43 ----A---- C:\WINDOWS\system32\hidserv.dll
2008-11-02 19:57:43 ----D---- C:\Program Files\Desktop XP
2008-11-02 19:57:42 ----D---- C:\Program Files\Free New York Screensaver
2008-10-29 08:11:21 ----D---- C:\Documents and Settings\Maya Camou\Application Data\dvdcss
2008-10-29 08:11:06 ----D---- C:\Documents and Settings\Maya Camou\Application Data\vlc
2008-10-29 08:09:01 ----D---- C:\Program Files\VideoLAN
2008-10-29 07:53:37 ----D---- C:\Documents and Settings\Maya Camou\Application Data\Ahead
2008-10-28 17:36:00 ----A---- C:\WINDOWS\system32\divx_xx0c.dll
2008-10-28 17:36:00 ----A---- C:\WINDOWS\system32\divx_xx07.dll
2008-10-28 17:35:58 ----A---- C:\WINDOWS\system32\divx_xx11.dll
2008-10-28 17:35:58 ----A---- C:\WINDOWS\system32\divx_xx0a.dll
2008-10-28 17:35:56 ----A---- C:\WINDOWS\system32\DivX.dll
2008-10-24 06:25:10 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

======List of files/folders modified in the last 1 months======

2008-11-22 09:30:04 ----D---- C:\Program Files\Trend Micro
2008-11-22 09:28:02 ----D---- C:\WINDOWS\system32
2008-11-22 09:27:07 ----D---- C:\WINDOWS\Prefetch
2008-11-22 09:09:41 ----D---- C:\Documents and Settings\Maya Camou\Application Data\Skype
2008-11-22 08:14:18 ----D---- C:\WINDOWS\system32\drivers
2008-11-22 08:14:15 ----D---- C:\Program Files
2008-11-22 08:13:21 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-22 08:10:13 ----D---- C:\Program Files\Mozilla Firefox
2008-11-22 08:10:08 ----D---- C:\WINDOWS\Temp
2008-11-22 08:09:25 ----A---- C:\WINDOWS\ModemLog_Bluetooth Modem.txt
2008-11-22 08:09:25 ----A---- C:\WINDOWS\ModemLog_Bluetooth Fax Modem.txt
2008-11-22 08:09:19 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2008-11-22 08:08:16 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-22 07:59:51 ----D---- C:\WINDOWS\system32\config
2008-11-21 20:16:52 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-21 17:09:17 ----D---- C:\Program Files\Universal Document Converter
2008-11-21 15:08:59 ----D---- C:\WINDOWS
2008-11-21 15:08:17 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-11-21 14:13:55 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-21 13:19:31 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-21 09:43:30 ----AC---- C:\WINDOWS\wininit.ini
2008-11-21 07:33:10 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-21 07:33:05 ----D---- C:\Program Files\SpywareBlaster
2008-11-20 16:53:58 ----D---- C:\TEMP
2008-11-20 16:53:57 ----HD---- C:\$AVG8.VAULT$
2008-11-17 19:56:16 ----D---- C:\Documents and Settings\Maya Camou\Application Data\uTorrent
2008-11-14 17:57:58 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-11-14 13:58:11 ----HD---- C:\WINDOWS\inf
2008-11-14 13:58:11 ----D---- C:\WINDOWS\Help
2008-11-13 16:45:49 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-13 09:08:45 ----SHD---- C:\WINDOWS\Installer
2008-11-13 09:08:45 ----HD---- C:\Config.Msi
2008-11-13 09:07:41 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-13 08:57:17 ----D---- C:\WINDOWS\Debug
2008-11-12 17:28:00 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-11-12 17:27:24 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-12 17:25:43 ----D---- C:\WINDOWS\WinSxS
2008-11-11 12:36:01 ----D---- C:\Program Files\DivX
2008-11-08 09:59:41 ----D---- C:\Program Files\HP
2008-11-06 09:13:22 ----D---- C:\WINDOWS\system32\FxsTmp
2008-11-03 19:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-02 20:04:10 ----RASH---- C:\boot.ini
2008-11-02 20:04:10 ----A---- C:\WINDOWS\win.ini
2008-11-02 20:04:10 ----A---- C:\WINDOWS\system.ini
2008-11-01 10:39:00 ----D---- C:\Program Files\Replay AV 8
2008-10-31 18:46:28 ----D---- C:\Garmin
2008-10-28 20:07:36 ----A---- C:\WINDOWS\SWFConverter.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-18 26944]
R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-18 110160]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-18 50864]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-18 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-18 94032]
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys []
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-04 12544]
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2006-03-14 90176]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ASAPIW2k;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys [2004-03-10 11264]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-18 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-02-15 1421312]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-06-26 563968]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-05-24 328237]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-05-24 30427]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-05-24 851434]
R3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-05-24 148900]
R3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2006-05-24 30285]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-24 66488]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-01-28 171008]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2008-03-23 47360]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-07-14 28544]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-07-12 51328]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-07-14 307968]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-04-28 1164600]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 APLMp50;APLMp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\APLMp50.sys [2006-11-28 28224]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2006-05-24 45683]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2005-05-17 5315]
S3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2005-06-29 110080]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-07 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-07 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-07 21744]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-05-27 22016]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\NSNDIS5.SYS []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 PID_08A0;QuickCam IM(PID_08A0); C:\WINDOWS\system32\DRIVERS\LV302AV.SYS [2005-05-27 913280]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SNTNLUSB;SafeNet USB SuperPro/UltraPro; C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS [2006-03-14 28216]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-11-27 72704]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-02-15 405504]
S4 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2006-12-07 74360]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S4 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-05-24 266295]
S4 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-03 138680]
S4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S4 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-04-06 380928]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe []
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S4 SentinelProtectionServer;Sentinel Protection Server; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [2006-03-14 206400]
S4 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S4 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2006-06-22 20992]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

#11 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:52 AM

Posted 22 November 2008 - 10:07 AM

Cleanup:

Please download OT CLeanit from Here save it to your desktop.
Double click on OT Clean it to run it.
Then click on Clean up.
Restart your computer when prompted.
This will remove what tools we used.
===============
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 10...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.
======================
Use a Firewall:

Install and use a firewall with outbound protection
While the firewall built into Windows XP is adequate to protect you from incoming attacks, it will not be much help in alerting you to programs already on your PC attempting to connect to remote servers
I therefore strongly recommend that you install one of the following free firewalls: Sunbelt Free Firewall or Zonealarm
See Bleepingcomputer's excellent tutorial to help using and understanding a firewall here
Note: You should only have one firewall installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.


=============================
Delete\uninstall anything else that we have used.

System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link > http://www.bleepingcomputer.com/tutorials/...143.html#manual
=====================================
After that your log is clean. :thumbsup:

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#12 Lov3

Lov3
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:52 AM

Posted 22 November 2008 - 10:35 AM

Thanks soooooooooooooooooooooooo much!!!!

#13 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:52 AM

Posted 22 November 2008 - 10:37 AM

You are welcome :thumbsup:


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users