Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

tinyproxy.exe and bolivar2x.exe and who knows what else


  • Please log in to reply
10 replies to this topic

#1 arthel

arthel

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington State
  • Local time:08:05 PM

Posted 27 November 2008 - 02:38 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:59 AM, on 11/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Tall Emu\Online Armor\kav\NT\ScanningProcess.exe
C:\Program Files\Tall Emu\Online Armor\kav\NT\ScanningProcess.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\tinyproxy\tinyproxy.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Karen's Power Tools\Replicator\PTReplicator.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070321
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070321
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9090
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: 890166 helper - {A48FE9AC-DD02-4FF7-9211-B7BA9A2C8BF2} - C:\WINDOWS\system32\890166\890166.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: 367770 helper - {CAD68085-8805-4FD3-AA1E-2E282ED7E7A2} - C:\WINDOWS\system32\367770\367770.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [systray] C:\windows\mstre8.exe
O4 - HKLM\..\Run: [sysberay2] C:\windows\che6.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - S-1-5-18 Startup: Karen's Replicator.lnk = C:\Program Files\Karen's Power Tools\Replicator\PTReplicator.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Skype.lnk = ? (User 'SYSTEM')
O4 - S-1-5-18 Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Karen's Replicator.lnk = C:\Program Files\Karen's Power Tools\Replicator\PTReplicator.exe (User 'Default user')
O4 - .DEFAULT Startup: Skype.lnk = ? (User 'Default user')
O4 - .DEFAULT Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (User 'Default user')
O4 - .DEFAULT Startup: WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (User 'Default user')
O4 - Startup: Karen's Replicator.lnk = C:\Program Files\Karen's Power Tools\Replicator\PTReplicator.exe
O4 - Startup: Skype.lnk = ?
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {54D53429-945C-4188-B460-C81356541882} (SaveImageFiles Class) - http://photosmart.hpphoto.com/Download/HPe...sLocalPrint.CAB
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://clubgames.pogo.com/online2/pogop/ma...mesLauncher.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab75406.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v57/wof/wof.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown owner - C:\Program Files\tinyproxy\tinyproxy.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iPod Service (iPod Service) - Unknown owner - C:\Program Files\tinyproxy\tinyproxy.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: ThreatFire - Unknown owner - C:\Program Files\ThreatFire\TFService.exe (file missing)

--
End of file - 15148 bytes

NEXT IS LOG.TXT....................................

Logfile of random's system information tool 1.04 (written by random/random)
Run by Arthel Burkland at 2008-11-27 11:26:56
Microsoft Windows XP Professional Service Pack 3
System drive C: has 93 GB (62%) free of 149 GB
Total RAM: 2046 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:26:56 AM, on 11/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Tall Emu\Online Armor\kav\NT\ScanningProcess.exe
C:\Program Files\Tall Emu\Online Armor\kav\NT\ScanningProcess.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\tinyproxy\tinyproxy.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Karen's Power Tools\Replicator\PTReplicator.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Documents and Settings\Arthel Burkland\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Arthel Burkland.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070321
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070321
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9090
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: 890166 helper - {A48FE9AC-DD02-4FF7-9211-B7BA9A2C8BF2} - C:\WINDOWS\system32\890166\890166.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: 367770 helper - {CAD68085-8805-4FD3-AA1E-2E282ED7E7A2} - C:\WINDOWS\system32\367770\367770.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [systray] C:\windows\mstre8.exe
O4 - HKLM\..\Run: [sysberay2] C:\windows\che6.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - S-1-5-18 Startup: Karen's Replicator.lnk = C:\Program Files\Karen's Power Tools\Replicator\PTReplicator.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Skype.lnk = ? (User 'SYSTEM')
O4 - S-1-5-18 Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Karen's Replicator.lnk = C:\Program Files\Karen's Power Tools\Replicator\PTReplicator.exe (User 'Default user')
O4 - .DEFAULT Startup: Skype.lnk = ? (User 'Default user')
O4 - .DEFAULT Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (User 'Default user')
O4 - .DEFAULT Startup: WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (User 'Default user')
O4 - Startup: Karen's Replicator.lnk = C:\Program Files\Karen's Power Tools\Replicator\PTReplicator.exe
O4 - Startup: Skype.lnk = ?
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {54D53429-945C-4188-B460-C81356541882} (SaveImageFiles Class) - http://photosmart.hpphoto.com/Download/HPe...sLocalPrint.CAB
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://clubgames.pogo.com/online2/pogop/ma...mesLauncher.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab75406.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v57/wof/wof.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown owner - C:\Program Files\tinyproxy\tinyproxy.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iPod Service (iPod Service) - Unknown owner - C:\Program Files\tinyproxy\tinyproxy.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: ThreatFire - Unknown owner - C:\Program Files\ThreatFire\TFService.exe (file missing)

--
End of file - 15354 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Cloudmark Desktop Config Guard.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-05-28 722472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2006-09-21 114748]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2008-01-18 5702472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-23 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A48FE9AC-DD02-4FF7-9211-B7BA9A2C8BF2}]
890166 Class - C:\WINDOWS\system32\890166\890166.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-12-08 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CAD68085-8805-4FD3-AA1E-2E282ED7E7A2}]
367770 Class - C:\WINDOWS\system32\367770\367770.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-23 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-23 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2008-01-18 5702472]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-03-09 7561216]
"CTHelper"=C:\WINDOWS\CTHELPER.EXE [2005-11-08 16384]
"CTxfiHlp"=C:\WINDOWS\system32\CTXFIHLP.EXE [2006-03-01 18944]
"CTDVDDET"=C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE [2003-06-17 45056]
"VolPanel"=C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe [2005-10-14 122880]
"AudioDrvEmulator"=C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe [2005-11-04 49152]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-10 90112]
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe [2007-03-21 26112]
"ISUSPM Startup"=c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2007-08-30 205480]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2007-08-28 73728]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2003-07-28 188416]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"DeviceDiscovery"=C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-05-21 229437]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 849280]
"OnlineArmor GUI"=C:\Program Files\Tall Emu\Online Armor\oaui.exe [2008-04-17 5606464]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-07-06 151552]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-23 136600]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-10 289064]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2006-09-21 127036]
"systray"=C:\windows\mstre8.exe []
"sysberay2"=C:\windows\che6.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2007-05-28 23458344]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2007-08-30 205480]
"Uniblue RegistryBooster 2009"=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe [2008-08-26 2019624]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\Arthel Burkland\Start Menu\Programs\Startup
Karen's Replicator.lnk - C:\Program Files\Karen's Power Tools\Replicator\PTReplicator.exe
Skype.lnk - C:\Program Files\Skype
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe
WkCalRem.LNK - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"=C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2008-04-17 671432]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\TurboTax\Basic 2006\32bit\ttax.exe"="C:\Program Files\TurboTax\Basic 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Basic 2006\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Basic 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Disabled:America Online 9.0"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mshta.exe"="C:\WINDOWS\system32\mshta.exe:*:Enabled:Microsoft ® HTML Application host"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Plus! Photo Story 2 LE\PS2Trial.exe"="C:\Program Files\Microsoft Plus! Photo Story 2 LE\PS2Trial.exe:*:Enabled:Plus! Photo Story 2 LE"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe"="C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\tinyproxy\tinyproxy.exe"="C:\Program Files\tinyproxy\tinyproxy.exe:*:Enabled:tinyproxy"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2008-11-27 11:26:56 ----D---- C:\rsit
2008-11-27 11:11:29 ----D---- C:\Program Files\Trend Micro
2008-11-27 10:57:34 ----D---- C:\Program Files\Uniblue
2008-11-27 10:57:26 ----HDC---- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-11-26 18:41:52 ----A---- C:\WINDOWS\msoffice.ini
2008-11-23 20:24:30 ----D---- C:\Program Files\ThreatFire
2008-11-23 20:24:30 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-11-23 11:43:05 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-11-23 09:40:30 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-23 09:40:30 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-23 09:40:30 ----A---- C:\WINDOWS\system32\java.exe
2008-11-23 09:40:30 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-20 21:31:02 ----H---- C:\WINDOWS\bolivar27.exe
2008-11-20 21:26:01 ----D---- C:\WINDOWS\Minidump
2008-11-17 20:54:56 ----D---- C:\Program Files\Common Files\SWF Studio
2008-11-16 09:19:42 ----D---- C:\WINDOWS\system32\367770
2008-11-15 17:31:46 ----D---- C:\Documents and Settings\Arthel Burkland\Application Data\Artogon
2008-11-11 20:04:06 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-11 20:04:01 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-11 20:03:52 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-09 10:30:12 ----D---- C:\WINDOWS\system32\890166
2008-11-09 10:30:07 ----D---- C:\Program Files\tinyproxy
2008-11-08 20:25:28 ----D---- C:\Documents and Settings\All Users\Application Data\Redrum
2008-11-08 17:01:55 ----D---- C:\Documents and Settings\All Users\Application Data\ERS G-Studio
2008-11-05 19:21:57 ----D---- C:\Documents and Settings\Arthel Burkland\Application Data\SecretIslandEng
2008-11-03 22:22:04 ----D---- C:\Program Files\Mystic Inn
2008-11-03 22:21:33 ----D---- C:\Program Files\ReflexiveArcade

======List of files/folders modified in the last 1 months======

2008-11-27 11:26:53 ----D---- C:\WINDOWS\Prefetch
2008-11-27 11:26:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-27 11:11:29 ----RD---- C:\Program Files
2008-11-27 11:09:52 ----D---- C:\Documents and Settings\Arthel Burkland\Application Data\Skype
2008-11-27 10:57:35 ----SHD---- C:\WINDOWS\Installer
2008-11-27 10:49:49 ----D---- C:\Program Files\Mozilla Firefox
2008-11-27 10:38:54 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-27 10:38:22 ----D---- C:\Program Files\Game Trials
2008-11-27 10:35:58 ----D---- C:\Documents and Settings\Arthel Burkland\Application Data\OnlineArmor
2008-11-27 10:33:40 ----D---- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-11-27 10:11:55 ----SD---- C:\WINDOWS\Tasks
2008-11-27 10:09:38 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-27 10:09:19 ----D---- C:\WINDOWS\Temp
2008-11-26 23:42:45 ----D---- C:\WINDOWS
2008-11-26 20:54:10 ----D---- C:\WINDOWS\system32
2008-11-26 20:54:10 ----D---- C:\Program Files\Common Files\AOL
2008-11-26 20:54:10 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2008-11-26 20:54:09 ----D---- C:\WINDOWS\system32\drivers
2008-11-26 20:53:42 ----D---- C:\Program Files\Common Files\Cloudmark
2008-11-26 20:53:12 ----D---- C:\Program Files\Common Files
2008-11-26 19:43:15 ----D---- C:\Documents and Settings\All Users\Application Data\OnlineArmor
2008-11-26 18:42:02 ----A---- C:\WINDOWS\win.ini
2008-11-25 19:52:06 ----D---- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-11-23 22:40:49 ----D---- C:\Program Files\MSN Games
2008-11-23 15:18:14 ----D---- C:\Program Files\Oberon Media
2008-11-23 12:03:47 ----D---- C:\Program Files\Bonjour
2008-11-23 11:38:13 ----D---- C:\Documents and Settings\All Users\Application Data\Avg7
2008-11-23 09:40:02 ----D---- C:\Program Files\Java
2008-11-22 20:32:35 ----D---- C:\WINDOWS\network diagnostic
2008-11-20 21:26:31 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-11-20 18:17:21 ----HD---- C:\WINDOWS\inf
2008-11-20 18:17:21 ----D---- C:\WINDOWS\Help
2008-11-18 18:45:15 ----D---- C:\Program Files\GameHouse
2008-11-16 15:28:13 ----D---- C:\Documents and Settings\Arthel Burkland\Application Data\cerasus.media
2008-11-16 09:04:19 ----D---- C:\Documents and Settings\Arthel Burkland\Application Data\InstallShield
2008-11-16 09:04:18 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-15 11:51:36 ----D---- C:\Documents and Settings\Arthel Burkland\Application Data\GameHouse
2008-11-11 20:07:16 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-11-11 20:04:06 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-11 20:04:04 ----A---- C:\WINDOWS\imsins.BAK
2008-11-11 20:03:45 ----D---- C:\WINDOWS\WinSxS
2008-11-08 13:02:47 ----D---- C:\Documents and Settings\Arthel Burkland\Application Data\Friday's games
2008-11-05 18:29:29 ----D---- C:\Program Files\bfgclient
2008-11-04 18:55:15 ----D---- C:\Documents and Settings\Arthel Burkland\Application Data\Apple Computer
2008-11-03 16:10:26 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-02 12:58:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-30 18:00:40 ----D---- C:\Documents and Settings\Arthel Burkland\Application Data\Cloudmark

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2006-03-17 5660]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2006-03-17 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 OADevice;OADriver; \??\C:\WINDOWS\system32\drivers\OADriver.sys []
R1 OAmon;OAmon; \??\C:\WINDOWS\system32\drivers\OAmon.sys []
R1 OAnet;OAnet; \??\C:\WINDOWS\system32\drivers\OAnet.sys []
R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2007-09-09 188672]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2007-03-21 8552]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-09-21 26044]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2006-09-21 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-09-21 87004]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-09-21 15068]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-09-21 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-09-21 88476]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-09-21 94460]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2006-03-17 40544]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2005-11-08 502272]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2005-11-08 439680]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2005-11-08 7168]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2005-11-08 143360]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-07-19 230400]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2005-11-08 77824]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 ha20x2k;Creative 20X HAL Driver; C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-02-14 1096192]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-03-09 3650368]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2005-11-08 114688]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2006-11-07 21760]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2005-07-13 340704]
S3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 pxark;pxark; \??\C:\WINDOWS\system32\drivers\pxark.sys []
S3 TfNetMon;TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys []
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 atapi;Standard IDE/ESDI Hard Disk Controller; C:\WINDOWS\system32\DRIVERS\atapi.sys [2008-04-13 96512]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 mchInjDrv;mchInjDrv; \??\C:\WINDOWS\TEMP\mc21.tmp []
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-10 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-12 44032]
R2 DCOM Server Process Launcher (DcomLaunch) ;DCOM Server Process Launcher (DcomLaunch) ; C:\Program Files\tinyproxy\tinyproxy.exe [2008-11-09 8448]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-07-06 90112]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-23 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-03-09 143436]
R2 SvcOnlineArmor;Online Armor; C:\Program Files\Tall Emu\Online Armor\oasrv.exe [2008-04-17 5449280]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-10 532264]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 iPod Service (iPod Service) ;iPod Service (iPod Service) ; C:\Program Files\tinyproxy\tinyproxy.exe [2008-11-09 8448]
S2 ThreatFire;ThreatFire; C:\Program Files\ThreatFire\TFService.exe service []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

NEXT IS INFO.TXT:

info.txt logfile of random's system information tool 1.04 2008-11-27 11:26:58

======Uninstall list======

-->"C:\Program Files\Creative\Sound Blaster X-Fi\Program\SETUP.EXE" /S /U /W
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E5AA361-4B16-4282-B639-9E5B2B6A2EC8}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E5AA361-4B16-4282-B639-9E5B2B6A2EC8}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EF644C7-1A0D-4B94-9AF5-AD04702094A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EF644C7-1A0D-4B94-9AF5-AD04702094A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32903944-19A2-418C-901D-4BBAF4C55ABA}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32903944-19A2-418C-901D-4BBAF4C55ABA}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44267176-A318-447F-A62A-0A5FD608C34F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44267176-A318-447F-A62A-0A5FD608C34F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D8AA0B4-E890-4BF7-A9D1-8E63027E76D3}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D8AA0B4-E890-4BF7-A9D1-8E63027E76D3}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6349CEE9-19F2-49D9-AC9D-B0350E3CBDB1}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6349CEE9-19F2-49D9-AC9D-B0350E3CBDB1}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BF90A01-FA3F-42B9-A071-7D744409967E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BF90A01-FA3F-42B9-A071-7D744409967E}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B026740-A400-48FF-8F6B-B37C4F61C937}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B026740-A400-48FF-8F6B-B37C4F61C937}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B49BCFF0-64CC-4E0E-AD9D-91BFBD344BAE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B49BCFF0-64CC-4E0E-AD9D-91BFBD344BAE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5AF6143-E738-4768-A5E6-C07C68A464A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5AF6143-E738-4768-A5E6-C07C68A464A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8DA9EB2-DBEF-4F0A-B90A-45B77D9E65B2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8DA9EB2-DBEF-4F0A-B90A-45B77D9E65B2}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C229589D-CC1A-43FF-9507-CDED3AB85325}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C229589D-CC1A-43FF-9507-CDED3AB85325}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D8A544F4-AC5F-4B67-9C74-F3E976798797}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D8A544F4-AC5F-4B67-9C74-F3E976798797}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Adobe Acrobat - Reader 6.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Acrobat 6.0.1 Professional-->MsiExec.exe /I{AC76BA86-1033-0000-7760-000000000001}
Adobe Acrobat and Reader 6.0.3 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000603}
Adobe Acrobat and Reader 6.0.4 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000604}
Adobe Acrobat and Reader 6.0.5 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000605}
Adobe Acrobat and Reader 6.0.6 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000606}
Adobe Atmosphere Player for Acrobat and Adobe Reader-->C:\WINDOWS\atmoUn.exe
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe PageMaker 6.5-->C:\WINDOWS\uninst.exe -f"c:\program files\adobe\DeIsL1.isu"
Adobe PageMaker 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\PageMaker 7.0\Uninst.isu" -c"C:\Program Files\Adobe\PageMaker 7.0\Uninst.dll"
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Advanced Decoder Patch-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{46C73DE4-E96D-4F7C-8371-F28052183B12}\setup.exe" -l0x9
Agatha Christie: Peril at End House (remove only)-->"C:\Program Files\Agatha Christie - Peril at End House\Uninstall.exe"
AI RoboForm (All Users)-->"C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Mobile Device Support-->MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Azada ™-->"C:\Program Files\Game Trials\Azada\Uninstall.exe"
Big Fish Games Client-->C:\Program Files\bfgclient\Uninstall.exe
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Book of Legends-->"C:\Program Files\Game Trials\Book of Legends\Uninstall.exe"
Can You See What I See?-->"C:\Program Files\Game Trials\Can You See What I See\Uninstall.exe"
Cloudmark Desktop for Microsoft Outlook-->MsiExec.exe /X{BEDBAA06-01CC-45F6-B68A-72CE7ABCADF8}
Cloudmark Desktop for Mozilla Thunderbird-->MsiExec.exe /X{527B9B7E-5249-4681-9259-018F7DDB351C}
Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\setup.exe" -l0x9 /remove
Dell CinePlayer-->MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Digital Content Portal-->MsiExec.exe /I{B702CCCE-3176-4DBF-B932-D1B8F402F330}
Digital Locker Assistant-->MsiExec.exe /I{D01653EF-9F9F-41D6-B879-654A6BF5892C}
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dr. Lynch: Grave Secrets-->"C:\Program Files\Game Trials\Dr. Lynch - Grave Secrets\Uninstall.exe"
ebgcInfra-->MsiExec.exe /X{39B1BD87-561E-4762-AED9-7C5213B06C24}
ebgcRes-->MsiExec.exe /X{3F9FCB1B-7AED-405E-A02D-9500670AA97C}
ebgcSDK-->MsiExec.exe /X{28E7B64D-150F-4A9E-B7A3-5A6AC8C2F822}
EPSON TWAIN 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A3EABC0-CA06-11D4-BF77-00104B130C19}\SETUP.EXE" -l0x9 UNINSTALL
Event Planner-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{741849D8-E8D9-49CF-B373-0D7507ED0A56}\setup.exe"
Family Feud (remove only)-->C:\Program Files\Family Feud\Uninstall.exe
Family Feud-->"C:\Program Files\Game Trials\Family Feud\Uninstall.exe"
getPlus®_ocx-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Hallmark Card Studio 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EEDF3E1-C0EA-409B-A772-164EF9AB3BCE}\setup.exe"
Hidden Expedition: Titanic™-->"C:\Program Files\Game Trials\Hidden Expedition - Titanic\Uninstall.exe"
Hidden Mysteries: Buckingham Palace ™-->"C:\Program Files\Game Trials\Hidden Mysteries - Buckingham Palace\Uninstall.exe"
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
hp deskjet 5600 series-->rundll32 hpzcon09.dll,VendorJettison hp deskjet 5600 series
hp deskjet 5600-->msiexec /x{DB5518BE-F40F-407A-B451-012625D4497B}
HP Driver Diagnostics-->MsiExec.exe /X{6314D540-E3C1-4F30-AEEB-4154C93375C3}
HP eServices Local Prints and Save-->MsiExec.exe /I{939E2189-9B65-41FC-A842-1BBC1588BFD1}
HP Memories Disc-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Photo and Imaging 2.0 - Deskjet Series-->MsiExec.exe /I{E0828692-FD9D-459F-9312-C645C3CA6650}
hp print screen utility-->C:\Program Files\Hewlett-Packard\hp print screen utility\UnInstall\prnunins.exe
Intel® Matrix Storage Manager-->C:\WINDOWS\System32\Imsmudlg.exe
Interpol 2: Most Wanted-->"C:\Program Files\Game Trials\Interpol 2 - Most Wanted\Uninstall.exe"
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A}
Java™ 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java™ 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Jigs@w Puzzle 2 (remove only)-->"C:\Program Files\Jigs@w Puzzle 2\Uninstall.exe"
Jigs@w Puzzle 2-->C:\Program Files\Tibo Software\Jigs@w Puzzle 2\uninstall.exe
Karen's Cookie Viewer-->C:\Program Files\Karen's Power Tools\Cookie Viewer\uninst.exe
Karen's Countdown Timer II-->C:\Program Files\Karen's Power Tools\Countdown Timer II\uninst.exe
Karen's Recycler-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Karen's Recycler\ST6UNST.LOG"
Karen's Replicator-->C:\Program Files\Karen's Power Tools\Replicator\uninst.exe
Karen's Show Stopper-->C:\Program Files\Karen's Power Tools\Show Stopper\uninst.exe
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Little Shop - Big City-->C:\PROGRA~1\GAMEHO~1\LITTLE~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\LITTLE~1\INSTALL.LOG
Little Shop - Road Trip-->C:\PROGRA~1\GAMEHO~1\LITTLE~2\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\LITTLE~2\INSTALL.LOG
Luxor 3-->C:\PROGRA~1\GAMETR~1\LUXOR3~1\UNWISE.EXE /U C:\PROGRA~1\GAMETR~1\LUXOR3~1\INSTALL.LOG
Magic Encyclopedia-->"C:\Program Files\Game Trials\Magic Encyclopedia\Uninstall.exe"
Mah Jong Medley-->C:\PROGRA~1\GAMEHO~1\MAHJON~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\MAHJON~1\INSTALL.LOG
Mah Jong Quest III-->C:\PROGRA~1\GAMEHO~1\MAHJON~2\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\MAHJON~2\INSTALL.LOG
MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Miss Teri Tale: Vote 4 Me-->"C:\Program Files\Game Trials\Miss Teri Tale - Vote 4 Me\Uninstall.exe"
Move Networks Player for Internet Explorer-->"C:\Documents and Settings\Arthel Burkland\Application Data\Move Networks\ie_bin\unins000.exe"
MozBackup 1.4.7-->"C:\Program Files\MozBackup\unins000.exe"
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.14)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
Mystery Case Files - Prime Suspects (remove only)-->C:\Program Files\Mystery Case Files - Prime Suspects\Uninstall.exe
Mystery Case Files: Prime Suspects ™-->"C:\Program Files\Game Trials\Mystery Case Files - Prime Suspects\Uninstall.exe"
Mystery Case Files: Ravenhearst (remove only)-->"C:\Program Files\Mystery Case Files - Ravenhearst\Uninstall.exe"
Mystery Case Files: Return to Ravenhearst ™-->"C:\Program Files\Game Trials\Mystery Case Files - Return to Ravenhearst\Uninstall.exe"
Mystery Chronicles: Murder Among Friends-->"C:\Program Files\Game Trials\Mystery Chronicles - Murder Among Friends\Uninstall.exe"
Mystery P.I. - The Lottery Ticket (remove only)-->"C:\Program Files\Mystery P.I. - The Lottery Ticket\Uninstall.exe"
Mystery Stories: Berlin Nights-->"C:\Program Files\Game Trials\Mystery Stories - Berlin Nights\Uninstall.exe"
Mysteryville 2-->C:\PROGRA~1\MSNGAM~2\GAMESP~1\MYSTER~1\UNWISE.EXE /U C:\PROGRA~1\MSNGAM~2\GAMESP~1\MYSTER~1\INSTALL.LOG
Nancy Drew - The Phantom of Venice-->C:\PROGRA~1\GAMEHO~1\NANCYD~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\NANCYD~1\INSTALL.LOG
Nancy Drew: Ghost Dogs of Moon Lake-->"C:\Program Files\Game Trials\Nancy Drew - Ghost Dogs of Moon Lake\Uninstall.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Online Armor AV+ 2.1-->"C:\Program Files\Tall Emu\Online Armor\unins000.exe"
overland-->MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
Photo Story 3 for Windows-->MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}
PINs 4-->"C:\Program Files\PINs\uninstall.exe"
Puzzle Express (remove only)-->"C:\Program Files\Puzzle Express\Uninstall.exe"
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Redrum -->"C:\Program Files\Game Trials\Redrum\Uninstall.exe"
Righteous Kill-->C:\PROGRA~1\GAMEHO~1\RIGHTE~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\RIGHTE~1\INSTALL.LOG
Rooms: The Main Building-->"C:\Program Files\Game Trials\Rooms - The Main Building\Uninstall.exe"
Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio MyDVD LE-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Samantha Swift and the Hidden Roses of Athena-->"C:\Program Files\Game Trials\Samantha Swift and the Hidden Roses of Athena\Uninstall.exe"
SearchAssist-->C:\DELL\SearchAssist\UninstSA.bat
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Skype™ 3.2-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sonic Activation Module-->MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sound Blaster X-Fi-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}\setup.exe" -l0x9 /remove
Super Collapse! Puzzle Gallery 4-->C:\PROGRA~1\GAMEHO~1\SUPERC~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\SUPERC~1\INSTALL.LOG
The Lost Cases of Sherlock Holmes-->"C:\Program Files\Game Trials\The Lost Cases of Sherlock Holmes\Uninstall.exe"
The Mysterious City: Golden Prague-->"C:\Program Files\Game Trials\The Mysterious City - Golden Prague\Uninstall.exe"
Tradewinds Legends-->C:\PROGRA~1\GAMEHO~1\TRADEW~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\TRADEW~1\INSTALL.LOG
TrueCrypt-->"C:\Program Files\TrueCrypt\TrueCrypt Setup.exe" /u C:\Program Files\TrueCrypt\
TurboTax Basic 2006-->C:\Program Files\TurboTax\Basic 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Basic 2006\Uninstall.log" -NoGui
TurboTax ItsDeductible 2006-->MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Uniblue RegistryBooster 2009-->"C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\Uniblue RegistryBooster.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue RegistryBooster 2009-->C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\Uniblue RegistryBooster.exe
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb957829)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {07A1F6B6-4F1C-418C-A605-755A121C4A16}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
URGE-->MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
URL Assistant-->regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
Verizon Online Help and Support-->C:\PROGRA~1\Verizon\UNWISE.EXE C:\PROGRA~1\Verizon\INSTALL.LOG
Webshots Desktop-->"C:\Program Files\Webshots\unins000.exe"
WexTech AnswerWorks-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Rights Management Client Backwards Compatibility SP2-->MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2-->MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Word Riot Deluxe-->"C:\Program Files\Oberon Media\Word Riot Deluxe\Uninstall.exe" "C:\Program Files\Oberon Media\Word Riot Deluxe\install.log"
Word Slinger-->C:\PROGRA~1\GAMEHO~1\WORDSL~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\WORDSL~1\INSTALL.LOG
yardbirds-->C:\WINDOWS\uninst.exe -f"C:\Program Files\yardbirds\DeIsL1.isu" -c"C:\Program Files\yardbirds\_ISREG32.DLL"

======Security center information======

AV: Online Armor Antivirus
FW: Online Armor Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"VERSION"=2.1.5
"SESSIONID"=1174666871204htx6060.cce.hp.com1c407d5:111a8f63abf:-5245
"COLLECTIONID"=COL7299
"ITEMID"=oj-21918-1
"TOOLPATH"=/C:\Program%20Files\Hewlett-Packard\HP%20Software%20Update\install.htm
"HMSERVER"=https://wwss1proa.cce.hp.com/wuss/servlet/WUSSServlet
"SWUTVER"=1.0.18.30716
"OSVER"=winXPP
"LANG"=1033
"TIMEOUT"=0
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:05 PM

Posted 28 November 2008 - 09:07 PM

Hello arthel and welcome to BC. Let's see what we can find.

Before running a new scan let's clean out the temporoary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • Do not change any settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Close Notepad (saving the change if necessry).
Use the Add Reply button and Attach the scan back here (do not copy/paste it as it will be too big to fit into the post). It will be located in the OTScanIt2 folder and named OTScanIt.txt.

I will review it when it comes in.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 arthel

arthel
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington State
  • Local time:08:05 PM

Posted 29 November 2008 - 03:55 PM

I have done everything you requested but I cannot find an ATTACH button or option anywhere. How do I get you the .txt file? Am I dumber than dirt or what? Sheesh. Always thought I was smarter than that.

#4 arthel

arthel
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington State
  • Local time:08:05 PM

Posted 29 November 2008 - 04:00 PM

Here's the log:

[code=auto:0]
OTScanIt2 logfile created on: 11/29/2008 12:44:17 PM - Run 1
OTScanIt2 by OldTimer - Version 1.0.0.41b Folder = C:\Documents and Settings\Arthel Burkland\Desktop\OTScanIt2
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 69.92% Memory free
3.85 Gb Paging File | 2.91 Gb Available in Paging File | 75.79% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.75 Gb Total Space | 92.54 Gb Free Space | 63.50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 149.01 Gb Total Space | 134.85 Gb Free Space | 90.49% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

#5 arthel

arthel
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington State
  • Local time:08:05 PM

Posted 29 November 2008 - 04:08 PM

CORRECT LOG THIS TIME (looks like it does fit, thankfully):

OTScanIt2 logfile created on: 11/29/2008 1:02:05 PM - Run 3
OTScanIt2 by OldTimer - Version 1.0.0.41b	 Folder = C:\Documents and Settings\Arthel Burkland\Desktop\OTScanIt2
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 70.52% Memory free
3.85 Gb Paging File | 2.93 Gb Available in Paging File | 76.29% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.75 Gb Total Space | 92.53 Gb Free Space | 63.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 149.01 Gb Total Space | 134.85 Gb Free Space | 90.49% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: D7PCYXB1
Current User Name: Arthel Burkland
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
 
[Processes - Safe List]
msmpeng.exe -> %ProgramFiles%\Windows Defender\MsMpEng.exe -> [2006/11/03 17:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation)
oasrv.exe -> %ProgramFiles%\Tall Emu\Online Armor\oasrv.exe -> [2008/04/17 04:17:18 | 05,449,280 | ---- | M] (Tall Emu)
scanningprocess.exe -> %ProgramFiles%\Tall Emu\Online Armor\kav\nt\ScanningProcess.exe -> [2008/03/07 04:01:28 | 00,139,264 | ---- | M] ()
scanningprocess.exe -> %ProgramFiles%\Tall Emu\Online Armor\kav\nt\ScanningProcess.exe -> [2008/03/07 04:01:28 | 00,139,264 | ---- | M] ()
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/07/10 08:47:18 | 00,116,040 | ---- | M] (Apple Inc.)
ctsvccda.exe -> %SystemRoot%\system32\CTSVCCDA.EXE -> [1999/12/12 16:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd)
iaantmon.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> [2006/07/06 05:14:30 | 00,090,112 | ---- | M] (Intel Corporation)
jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/11/23 09:40:10 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> [2006/03/09 12:29:00 | 00,143,436 | ---- | M] (NVIDIA Corporation)
searchindexer.exe -> %SystemRoot%\system32\searchindexer.exe -> [2008/05/26 21:18:44 | 00,439,808 | ---- | M] (Microsoft Corporation)
cthelper.exe -> %SystemRoot%\CTHELPER.EXE -> [2005/11/08 03:30:42 | 00,016,384 | ---- | M] (Creative Technology Ltd)
ctxfihlp.exe -> %SystemRoot%\system32\CTXFIHLP.EXE -> [2006/03/01 19:00:18 | 00,018,944 | ---- | M] (Creative Technology Ltd)
ctdvddet.exe -> %ProgramFiles%\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe -> [2003/06/17 23:00:00 | 00,045,056 | ---- | M] (Creative Technology Ltd)
dllml.exe -> %ProgramFiles%\Creative\Shared Files\Module Loader\DLLML.exe -> [2005/11/04 16:07:56 | 00,049,152 | ---- | M] (Creative Technology Ltd.)
ctxfispi.exe -> %SystemRoot%\system32\CTXFISPI.EXE -> [2006/03/01 18:53:36 | 00,717,312 | ---- | M] (Creative Technology Ltd)
realplay.exe -> %ProgramFiles%\Real\RealPlayer\realplay.exe -> [2007/03/21 01:26:27 | 00,026,112 | ---- | M] (RealNetworks, Inc.)
msascui.exe -> %ProgramFiles%\Windows Defender\MSASCui.exe -> [2006/11/03 17:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation)
hpztsb09.exe -> %SystemRoot%\system32\spool\drivers\w32x86\3\hpztsb09.exe -> [2003/07/28 05:43:44 | 00,188,416 | ---- | M] (HP)
hpcmpmgr.exe -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> [2004/05/12 15:18:56 | 00,241,664 | ---- | M] (Hewlett-Packard Company)
hpotdd01.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe -> [2003/05/21 18:37:08 | 00,229,437 | ---- | M] (Hewlett-Packard)
ipoint.exe -> %ProgramFiles%\Microsoft IntelliPoint\ipoint.exe -> [2007/02/05 15:52:10 | 00,849,280 | ---- | M] (Microsoft Corporation)
oaui.exe -> %ProgramFiles%\Tall Emu\Online Armor\oaui.exe -> [2008/04/17 04:17:18 | 05,606,464 | ---- | M] (Tall Emu )
iaanotif.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> [2006/07/06 05:15:00 | 00,151,552 | ---- | M] (Intel Corporation)
jusched.exe -> %ProgramFiles%\Java\jre6\bin\jusched.exe -> [2008/11/23 09:40:10 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.)
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> [2008/07/10 09:51:32 | 00,289,064 | ---- | M] (Apple Inc.)
dlactrlw.exe -> %SystemRoot%\system32\DLA\DLACTRLW.EXE -> [2006/09/21 04:20:00 | 00,127,036 | ---- | M] (Sonic Solutions)
isuspm.exe -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> [2007/08/30 10:50:42 | 00,205,480 | ---- | M] (Macrovision Corporation)
acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 6.0\Distillr\acrotray.exe -> [2003/10/23 20:37:56 | 00,217,194 | ---- | M] (Adobe Systems Inc.)
windowssearch.exe -> %ProgramFiles%\Windows Desktop Search\WindowsSearch.exe -> [2008/05/26 21:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation)
ptreplicator.exe -> %ProgramFiles%\Karen's Power Tools\Replicator\PTReplicator.exe -> [2008/02/25 21:24:24 | 01,009,136 | ---- | M] (Karen Kenworthy)
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2008/07/10 09:51:22 | 00,532,264 | ---- | M] (Apple Inc.)
wkcalrem.exe -> %CommonProgramFiles%\Microsoft Shared\Works Shared\WkCalRem.exe -> [2006/06/04 16:18:54 | 00,021,504 | ---- | M] (Microsoft® Corporation)
webshots.scr -> %ProgramFiles%\Webshots\Webshots.scr -> [2007/10/29 17:28:48 | 03,294,544 | ---- | M] (Webshots.com)
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> [2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft)
cthelper.exe -> %SystemRoot%\CTHELPER.EXE -> [2005/11/08 03:30:42 | 00,016,384 | ---- | M] (Creative Technology Ltd)
ctxfihlp.exe -> %SystemRoot%\system32\CTXFIHLP.EXE -> [2006/03/01 19:00:18 | 00,018,944 | ---- | M] (Creative Technology Ltd)
ctdvddet.exe -> %ProgramFiles%\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe -> [2003/06/17 23:00:00 | 00,045,056 | ---- | M] (Creative Technology Ltd)
volpanel.exe -> %ProgramFiles%\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe -> [2005/10/14 09:01:06 | 00,122,880 | ---- | M] (Creative Technology Ltd)
ctxfispi.exe -> %SystemRoot%\system32\CTXFISPI.EXE -> [2006/03/01 18:53:36 | 00,717,312 | ---- | M] (Creative Technology Ltd)
dllml.exe -> %ProgramFiles%\Creative\Shared Files\Module Loader\DLLML.exe -> [2005/11/04 16:07:56 | 00,049,152 | ---- | M] (Creative Technology Ltd.)
realplay.exe -> %ProgramFiles%\Real\RealPlayer\realplay.exe -> [2007/03/21 01:26:27 | 00,026,112 | ---- | M] (RealNetworks, Inc.)
msascui.exe -> %ProgramFiles%\Windows Defender\MSASCui.exe -> [2006/11/03 17:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation)
hpztsb09.exe -> %SystemRoot%\system32\spool\drivers\w32x86\3\hpztsb09.exe -> [2003/07/28 05:43:44 | 00,188,416 | ---- | M] (HP)
hpcmpmgr.exe -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> [2004/05/12 15:18:56 | 00,241,664 | ---- | M] (Hewlett-Packard Company)
hpotdd01.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe -> [2003/05/21 18:37:08 | 00,229,437 | ---- | M] (Hewlett-Packard)
ipoint.exe -> %ProgramFiles%\Microsoft IntelliPoint\ipoint.exe -> [2007/02/05 15:52:10 | 00,849,280 | ---- | M] (Microsoft Corporation)
oaui.exe -> %ProgramFiles%\Tall Emu\Online Armor\oaui.exe -> [2008/04/17 04:17:18 | 05,606,464 | ---- | M] (Tall Emu )
iaanotif.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> [2006/07/06 05:15:00 | 00,151,552 | ---- | M] (Intel Corporation)
jusched.exe -> %ProgramFiles%\Java\jre6\bin\jusched.exe -> [2008/11/23 09:40:10 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.)
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> [2008/07/10 09:51:32 | 00,289,064 | ---- | M] (Apple Inc.)
dlactrlw.exe -> %SystemRoot%\system32\DLA\DLACTRLW.EXE -> [2006/09/21 04:20:00 | 00,127,036 | ---- | M] (Sonic Solutions)
isuspm.exe -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> [2007/08/30 10:50:42 | 00,205,480 | ---- | M] (Macrovision Corporation)
acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 6.0\Distillr\acrotray.exe -> [2003/10/23 20:37:56 | 00,217,194 | ---- | M] (Adobe Systems Inc.)
windowssearch.exe -> %ProgramFiles%\Windows Desktop Search\WindowsSearch.exe -> [2008/05/26 21:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation)
robotaskbaricon.exe -> %ProgramFiles%\Siber Systems\AI RoboForm\robotaskbaricon.exe -> [2008/01/18 16:58:49 | 00,160,592 | ---- | M] (Siber Systems)
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> [2008/11/15 00:14:15 | 00,307,712 | ---- | M] (Mozilla Corporation)
searchprotocolhost.exe -> %SystemRoot%\system32\searchprotocolhost.exe -> [2008/05/26 21:18:18 | 00,184,832 | ---- | M] (Microsoft Corporation)
searchfilterhost.exe -> %SystemRoot%\system32\searchfilterhost.exe -> [2008/05/26 21:17:56 | 00,087,552 | ---- | M] (Microsoft Corporation)
otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2008/11/29 13:05:28 | 00,476,672 | ---- | M] (OldTimer Tools)
 
[Win32 Services - Safe List]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/07/10 08:47:18 | 00,116,040 | ---- | M] (Apple Inc.)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation)
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation)
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %SystemRoot%\system32\CTSVCCDA.EXE -> [1999/12/12 16:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd)
(DCOM Server Process Launcher (DcomLaunch) ) DCOM Server Process Launcher (DcomLaunch)  [Win32_Own | Auto | Stopped] ->  -> File not found
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -> [2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\pchealth\helpctr\binaries\pchsvc.dll -> [2008/04/13 16:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
(IAANTMON) Intel(R) Matrix Storage Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> [2006/07/06 05:14:30 | 00,090,112 | ---- | M] (Intel Corporation)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation)
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2008/07/10 09:51:22 | 00,532,264 | ---- | M] (Apple Inc.)
(iPod Service (iPod Service) ) iPod Service (iPod Service)  [Win32_Own | Auto | Stopped] ->  -> File not found
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/11/23 09:40:10 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation)
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> [2006/03/09 12:29:00 | 00,143,436 | ---- | M] (NVIDIA Corporation)
(odserv) Microsoft Office Diagnostics Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2007/08/24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)
(SvcOnlineArmor) Online Armor [Win32_Own | Auto | Running] -> %ProgramFiles%\Tall Emu\Online Armor\oasrv.exe -> [2008/04/17 04:17:18 | 05,449,280 | ---- | M] (Tall Emu)
(ThreatFire) ThreatFire [Win32_Own | Auto | Stopped] ->  -> File not found
(usnjsvc) Messenger Sharing Folders USN Journal Reader service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Live\Messenger\usnsvc.exe -> [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation)
(WinDefend) Windows Defender [Win32_Own | Auto | Running] -> %ProgramFiles%\Windows Defender\MsMpEng.exe -> [2006/11/03 17:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation)
(WLSetupSvc) Windows Live Setup Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Live\installer\WLSetupSvc.exe -> [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\wmpnetwk.exe -> [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)
(WSearch) Windows Search [Win32_Own | Auto | Running] -> %SystemRoot%\system32\searchindexer.exe -> [2008/05/26 21:18:44 | 00,439,808 | ---- | M] (Microsoft Corporation)
(WudfSvc) Windows Driver Foundation - User-mode Driver Framework [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\WudfSvc.dll -> [2006/09/28 17:56:14 | 00,055,808 | ---- | M] (Microsoft Corporation)
(aawservice) Lavasoft Ad-Aware Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> [2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft)
 
[Driver Services - Safe List]
(AFS2K) AFS2K [Kernel | System | Running] -> %SystemRoot%\System32\drivers\AFS2K.SYS -> [2004/10/07 17:16:04 | 00,035,840 | ---- | M] (Oak Technology Inc.)
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\aliide.sys -> [2001/08/17 11:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.)
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\amdagp.sys -> [2008/04/13 10:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.)
(asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc.sys -> [2001/08/17 11:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.)
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc3550.sys -> [2001/08/17 11:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.)
(ASCTRM) ASCTRM [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\asctrm.sys -> [2007/03/21 01:26:28 | 00,008,552 | ---- | M] (Windows (R) 2000 DDK provider)
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\cmdide.sys -> [2001/08/17 11:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.)
(ctac32k) Creative AC3 Software Decoder [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctac32k.sys -> [2005/11/08 03:14:40 | 00,502,272 | R--- | M] (Creative Technology Ltd)
(ctaud2k) Creative Audio Driver (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctaud2k.sys -> [2005/11/08 03:15:38 | 00,439,680 | R--- | M] (Creative Technology Ltd)
(ctdvda2k) Creative DVD-Audio Device Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ctdvda2k.sys -> [2005/07/13 00:18:48 | 00,340,704 | R--- | M] (Creative Technology Ltd)
(ctprxy2k) Creative Proxy Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctprxy2k.sys -> [2005/11/08 03:15:38 | 00,007,168 | R--- | M] (Creative Technology Ltd)
(ctsfm2k) Creative SoundFont Management Device Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctsfm2k.sys -> [2005/11/08 03:14:46 | 00,143,360 | R--- | M] (Creative Technology Ltd)
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dac2w2k.sys -> [2001/08/17 11:52:16 | 00,179,584 | ---- | M] (Mylex Corporation)
(DLABOIOM) DLABOIOM [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLABOIOM.SYS -> [2006/09/21 04:20:00 | 00,026,044 | ---- | M] (Sonic Solutions)
(DLACDBHM) DLACDBHM [File_System | System | Running] -> %SystemRoot%\system32\drivers\DLACDBHM.SYS -> [2006/03/17 07:35:24 | 00,005,660 | ---- | M] (Sonic Solutions)
(DLADResN) DLADResN [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLADResN.SYS -> [2006/09/21 04:20:00 | 00,002,496 | ---- | M] (Sonic Solutions)
(DLAIFS_M) DLAIFS_M [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLAIFS_M.SYS -> [2006/09/21 04:20:00 | 00,087,004 | ---- | M] (Sonic Solutions)
(DLAOPIOM) DLAOPIOM [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLAOPIOM.SYS -> [2006/09/21 04:20:00 | 00,015,068 | ---- | M] (Sonic Solutions)
(DLAPoolM) DLAPoolM [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLAPoolM.SYS -> [2006/09/21 04:20:00 | 00,006,364 | ---- | M] (Sonic Solutions)
(DLARTL_N) DLARTL_N [File_System | System | Running] -> %SystemRoot%\system32\drivers\DLARTL_N.SYS -> [2006/03/17 07:34:46 | 00,022,684 | ---- | M] (Sonic Solutions)
(DLAUDFAM) DLAUDFAM [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLAUDFAM.SYS -> [2006/09/21 04:20:00 | 00,094,460 | ---- | M] (Sonic Solutions)
(DLAUDF_M) DLAUDF_M [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLAUDF_M.SYS -> [2006/09/21 04:20:00 | 00,088,476 | ---- | M] (Sonic Solutions)
(DRVMCDB) DRVMCDB [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\DRVMCDB.SYS -> [2006/08/18 02:30:00 | 00,089,456 | ---- | M] (Sonic Solutions)
(DRVNDDM) DRVNDDM [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\DRVNDDM.SYS -> [2006/03/17 04:20:00 | 00,040,544 | ---- | M] (Sonic Solutions)
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\e100b325.sys -> [2001/08/17 10:12:10 | 00,117,760 | ---- | M] (Intel Corporation)
(e1express) Intel(R) PRO/1000 PCI Express Network Connection Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\e1e5132.sys -> [2006/07/19 13:42:16 | 00,230,400 | ---- | M] (Intel Corporation)
(emupia) E-mu Plug-in Architecture Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\emupia2k.sys -> [2005/11/08 03:14:44 | 00,077,824 | R--- | M] (Creative Technology Ltd)
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> [2008/01/29 11:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.)
(ha20x2k) Creative 20X HAL Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ha20x2k.sys -> [2006/02/14 21:40:24 | 01,096,192 | R--- | M] (Creative Technology Ltd)
(iaStor) Intel RAID Controller [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\iaStor.sys -> [2006/07/06 04:59:42 | 00,246,784 | ---- | M] (Intel Corporation)
(kbdhid) Keyboard HID Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\kbdhid.sys -> [2008/04/13 10:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation)
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\mraid35x.sys -> [2001/08/17 11:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.)
(MREMPR5) MREMPR5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Motive\MREMPR5.sys -> [2007/03/11 13:37:19 | 00,019,345 | ---- | M] (Motive, Inc.)
(MRENDIS5) MRENDIS5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Motive\MRENDIS5.sys -> [2007/03/11 13:37:20 | 00,018,003 | ---- | M] (Motive, Inc.)
(NAL) Nal Service  [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\iqvw32.sys -> [2006/06/05 01:39:56 | 00,024,064 | ---- | M] (Intel Corporation )
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> [2006/03/09 12:29:00 | 03,650,368 | ---- | M] (NVIDIA Corporation)
(OADevice) OADriver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\OADriver.sys -> [2008/06/11 02:18:34 | 00,075,776 | ---- | M] ()
(OAmon) OAmon [Kernel | System | Running] -> %SystemRoot%\system32\drivers\OAmon.sys -> [2008/06/11 02:18:35 | 00,025,600 | ---- | M] ()
(OAnet) OAnet [Kernel | System | Running] -> %SystemRoot%\system32\drivers\oanet.sys -> [2008/04/17 04:17:34 | 00,028,872 | ---- | M] ()
(ossrv) Creative OS Services Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctoss2k.sys -> [2005/11/08 03:14:54 | 00,114,688 | R--- | M] (Creative Technology Ltd.)
(Point32) Microsoft IntelliPoint Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\point32.sys -> [2006/11/07 23:02:34 | 00,021,760 | ---- | M] (Microsoft Corporation)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2004/08/04 03:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(pxark) pxark [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\pxark.sys -> [2008/04/19 17:00:57 | 00,010,624 | ---- | M] ()
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> [2005/04/25 00:03:00 | 00,020,640 | ---- | M] (Sonic Solutions)
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1080.sys -> [2001/08/17 11:52:20 | 00,040,320 | ---- | M] (QLogic Corporation)
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql12160.sys -> [2001/08/17 11:52:20 | 00,045,312 | ---- | M] (QLogic Corporation)
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1280.sys -> [2001/08/17 11:52:18 | 00,049,024 | ---- | M] (QLogic Corporation)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2007/11/13 02:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sisagp.sys -> [2008/04/13 10:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation)
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sparrow.sys -> [2001/08/17 12:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.)
(symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc810.sys -> [2001/08/17 12:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.)
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc8xx.sys -> [2001/08/17 12:07:36 | 00,032,640 | ---- | M] (LSI Logic)
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_hi.sys -> [2001/08/17 12:07:40 | 00,028,384 | ---- | M] (LSI Logic)
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_u3.sys -> [2001/08/17 12:07:42 | 00,030,688 | ---- | M] (LSI Logic)
(truecrypt) truecrypt [Kernel | System | Running] -> %SystemRoot%\system32\drivers\truecrypt.sys -> [2007/09/09 08:19:44 | 00,188,672 | ---- | M] (TrueCrypt Foundation)
(ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ultra.sys -> [2001/08/17 11:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\"Default_Page_URL" -> www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070321 -> 
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Search\\"Start Page" -> www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070321 -> 
HKEY_LOCAL_MACHINE\: "ProxyEnable" -> 1 -> 
HKEY_LOCAL_MACHINE\: "ProxyOverride" -> *.local;<local> -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Default_Page_URL" -> www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070321 -> 
HKEY_CURRENT_USER\: Main\\"Page_Transitions" ->  -> 
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.google.com -> 
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultName" -> Google -> 
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultURL" -> http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://verizon.my.msn.com/ -> 
HKEY_CURRENT_USER\: Search\\"SearchAssistant" -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: SearchURL\\"" -> http://www.google.com/search?q=%s -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local;<local> -> 
< FireFox Settings [Default Profile] > -> C:\Documents and Settings\Arthel Burkland\Application Data\Mozilla\FireFox\Profiles\ebmf8kpq.default\prefs.js -> 
browser.startup.homepage -> "http://my.msn.com/" ->
browser.startup.homepage_override.mstone -> "rv:1.9.0.4" ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10 ->
extensions.enabledItems -> jqs@sun.com:1.0 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.4 ->
< HOSTS File > (734 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
127.0.0.1	   localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/12/18 03:16:42 | 00,059,032 | ---- | M] (Adobe Systems Incorporated)
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} [HKLM] -> %ProgramFiles%\Skype\toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (mastermind)] -> [2007/05/28 13:52:56 | 00,722,472 | ---- | M] (Skype Technologies S.A.)
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> %SystemRoot%\system32\DLA\DLASHX_W.DLL [DriveLetterAccess] -> [2006/09/21 04:20:00 | 00,114,748 | ---- | M] (Sonic Solutions)
{724d43a9-0d85-11d4-9908-00400523e39a} [HKLM] -> %ProgramFiles%\Siber Systems\AI RoboForm\roboform.dll [Reg Error: Value  does not exist or could not be read.] -> [2008/01/18 16:58:49 | 05,702,472 | ---- | M] (Siber Systems)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2008/11/23 09:40:12 | 00,320,920 | ---- | M] (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2007/09/20 10:30:18 | 00,328,752 | ---- | M] (Microsoft Corporation)
{A48FE9AC-DD02-4FF7-9211-B7BA9A2C8BF2} [HKLM] -> %SystemRoot%\system32\890166\890166.dll [890166 Class] -> File not found
{AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [AcroIEToolbarHelper Class] -> [2003/05/15 00:03:46 | 00,147,456 | ---- | M] ()
{CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKLM] -> %ProgramFiles%\BAE\BAE.dll [CBrowserHelperObject Object] -> [2006/12/08 04:11:06 | 00,098,304 | ---- | M] (Dell Inc.)
{CAD68085-8805-4FD3-AA1E-2E282ED7E7A2} [HKLM] -> %SystemRoot%\system32\367770\367770.dll [367770 Class] -> File not found
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2008/11/23 09:40:09 | 00,034,816 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2008/11/23 09:40:13 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> %ProgramFiles%\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2003/05/15 00:03:46 | 00,147,456 | ---- | M] ()
"{724d43a0-0d85-11d4-9908-00400523e39a}" [HKLM] -> %ProgramFiles%\Siber Systems\AI RoboForm\roboform.dll [&RoboForm] -> [2008/01/18 16:58:49 | 05,702,472 | ---- | M] (Siber Systems)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> %ProgramFiles%\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2003/05/15 00:03:46 | 00,147,456 | ---- | M] ()
WebBrowser\\"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\"{724D43A0-0D85-11D4-9908-00400523E39A}" [HKLM] -> %ProgramFiles%\Siber Systems\AI RoboForm\roboform.dll [&RoboForm] -> [2008/01/18 16:58:49 | 05,702,472 | ---- | M] (Siber Systems)
WebBrowser\\"{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"AppleSyncNotifier" -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe] -> [2008/07/10 08:47:28 | 00,116,040 | ---- | M] (Apple Inc.)
"AudioDrvEmulator" -> %ProgramFiles%\Creative\Shared Files\Module Loader\DLLML.exe ["C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"] -> [2005/11/04 16:07:56 | 00,049,152 | ---- | M] (Creative Technology Ltd.)
"CTDVDDET" -> %ProgramFiles%\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe ["C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"] -> [2003/06/17 23:00:00 | 00,045,056 | ---- | M] (Creative Technology Ltd)
"CTHelper" -> %SystemRoot%\CTHELPER.EXE [CTHELPER.EXE] -> [2005/11/08 03:30:42 | 00,016,384 | ---- | M] (Creative Technology Ltd)
"CTxfiHlp" -> %SystemRoot%\system32\CTXFIHLP.EXE [CTXFIHLP.EXE] -> [2006/03/01 19:00:18 | 00,018,944 | ---- | M] (Creative Technology Ltd)
"DeviceDiscovery" -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe] -> [2003/05/21 18:37:08 | 00,229,437 | ---- | M] (Hewlett-Packard)
"DLA" -> %SystemRoot%\system32\DLA\DLACTRLW.EXE [C:\WINDOWS\System32\DLA\DLACTRLW.EXE] -> [2006/09/21 04:20:00 | 00,127,036 | ---- | M] (Sonic Solutions)
"HP Component Manager" -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe ["C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"] -> [2004/05/12 15:18:56 | 00,241,664 | ---- | M] (Hewlett-Packard Company)
"HPDJ Taskbar Utility" -> %SystemRoot%\system32\spool\drivers\w32x86\3\hpztsb09.exe [C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe] -> [2003/07/28 05:43:44 | 00,188,416 | ---- | M] (HP)
"IAAnotif" -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe [C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe] -> [2006/07/06 05:15:00 | 00,151,552 | ---- | M] (Intel Corporation)
"IntelliPoint" -> %ProgramFiles%\Microsoft IntelliPoint\ipoint.exe ["C:\Program Files\Microsoft IntelliPoint\ipoint.exe"] -> [2007/02/05 15:52:10 | 00,849,280 | ---- | M] (Microsoft Corporation)
"ISUSPM Startup" -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe ["c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup] -> [2007/08/30 10:50:42 | 00,205,480 | ---- | M] (Macrovision Corporation)
"ISUSScheduler" -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> [2007/08/28 17:43:14 | 00,073,728 | ---- | M] (Macrovision Corporation)
"iTunesHelper" -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2008/07/10 09:51:32 | 00,289,064 | ---- | M] (Apple Inc.)
"NvCplDaemon" -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2006/03/09 12:29:00 | 07,561,216 | ---- | M] (NVIDIA Corporation)
"OnlineArmor GUI" -> %ProgramFiles%\Tall Emu\Online Armor\oaui.exe ["C:\Program Files\Tall Emu\Online Armor\oaui.exe"] -> [2008/04/17 04:17:18 | 05,606,464 | ---- | M] (Tall Emu )
"QuickTime Task" -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2008/05/27 09:50:30 | 00,413,696 | ---- | M] (Apple Inc.)
"RealTray" -> %ProgramFiles%\Real\RealPlayer\realplay.exe [C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER] -> [2007/03/21 01:26:27 | 00,026,112 | ---- | M] (RealNetworks, Inc.)
"SunJavaUpdateSched" -> %ProgramFiles%\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2008/11/23 09:40:10 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.)
"sysberay2" -> %SystemRoot%\che6.exe [C:\windows\che6.exe] -> File not found
"systray" -> %SystemRoot%\mstre8.exe [C:\windows\mstre8.exe] -> File not found
"UpdReg" -> %SystemRoot%\Updreg.EXE [C:\WINDOWS\UpdReg.EXE] -> [2000/05/10 23:00:00 | 00,090,112 | ---- | M] (Creative Technology Ltd.)
"VolPanel" -> %ProgramFiles%\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe ["C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r] -> [2005/10/14 09:01:06 | 00,122,880 | ---- | M] (Creative Technology Ltd)
"Windows Defender" -> %ProgramFiles%\Windows Defender\MSASCui.exe ["C:\Program Files\Windows Defender\MSASCui.exe" -hide] -> [2006/11/03 17:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"ISUSPM" -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler] -> [2007/08/30 10:50:42 | 00,205,480 | ---- | M] (Macrovision Corporation)
"Skype" -> %ProgramFiles%\Skype\Phone\Skype.exe ["C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized] -> [2007/05/28 13:52:54 | 23,458,344 | R--- | M] (Skype Technologies S.A.)
"Uniblue RegistryBooster 2009" -> %ProgramFiles%\Uniblue\RegistryBooster\RegistryBooster.exe [C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S] -> File not found
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Acrobat Assistant.lnk -> %ProgramFiles%\Adobe\Acrobat 6.0\Distillr\acrotray.exe -> [2003/10/23 20:37:56 | 00,217,194 | ---- | M] (Adobe Systems Inc.)
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> [1999/11/04 14:06:48 | 00,113,664 | ---- | M] (Adobe Systems, Inc.)
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> [2008/04/23 02:38:16 | 00,029,696 | ---- | M] (Adobe Systems Incorporated)
%AllUsersProfile%\Start Menu\Programs\Startup\Microsoft Office.lnk -> %ProgramFiles%\Microsoft Office\Office\OSA9.EXE -> [1999/02/17 12:05:56 | 00,065,588 | ---- | M] (Microsoft Corporation)
%AllUsersProfile%\Start Menu\Programs\Startup\Windows Search.lnk -> %ProgramFiles%\Windows Desktop Search\WindowsSearch.exe -> [2008/05/26 21:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation)
< Arthel Burkland Startup Folder > -> C:\Documents and Settings\Arthel Burkland\Start Menu\Programs\Startup -> 
%UserProfile%\Start Menu\Programs\Startup\Karen's Replicator.lnk -> %ProgramFiles%\Karen's Power Tools\Replicator\PTReplicator.exe -> [2008/02/25 21:24:24 | 01,009,136 | ---- | M] (Karen Kenworthy)
%UserProfile%\Start Menu\Programs\Startup\Skype.lnk -> %ProgramFiles%\Skype -> [2007/06/03 16:57:24 | 00,000,000 | ---D | M]
%UserProfile%\Start Menu\Programs\Startup\Webshots.lnk -> %ProgramFiles%\Webshots\Launcher.exe -> [2007/10/29 17:28:38 | 00,157,008 | ---- | M] (Webshots.com)
%UserProfile%\Start Menu\Programs\Startup\WkCalRem.LNK -> %CommonProgramFiles%\Microsoft Shared\Works Shared\WkCalRem.exe -> [2006/06/04 16:18:54 | 00,021,504 | ---- | M] (Microsoft® Corporation)
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoCDBurning" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Customize Menu -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html [file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html] -> [2008/04/08 16:55:36 | 00,000,212 | ---- | M] ()
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{77BF5300-1474-4EC7-9980-D32B190E9B07}:{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> %ProgramFiles%\Skype\toolbars\Internet Explorer\SkypeIEPlugin.dll [Button: Skype] -> [2007/05/28 13:52:56 | 00,722,472 | ---- | M] (Skype Technologies S.A.)
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{320AF880-6646-11D3-ABEE-C5DBF3571F46}" [HKLM] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\"{320AF880-6646-11D3-ABEE-C5DBF3571F49}" [HKLM] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\"{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}" [HKLM] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\"{724d43aa-0d85-11d4-9908-00400523e39a}" [HKLM] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\"{77BF5300-1474-4EC7-9980-D32B190E9B07}" [HKLM] -> %ProgramFiles%\Skype\toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (button)] -> [2007/05/28 13:52:56 | 00,722,472 | ---- | M] (Skype Technologies S.A.)
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. -> 
online_musicmatch.com [https] -> Trusted sites -> 
2 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3 domain(s) found. -> 
www_gamehouse.com [https] -> Trusted sites -> 
www_pogo.com [https] -> Trusted sites -> 
turbotax.com .[https] -> Trusted sites -> 
2 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{02BCC737-B171-4746-94C9-0D8A0B2C0089} [HKLM] -> http://office.microsoft.com/templates/ieawsdc.cab[Microsoft Office Template and Media Control] -> 
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [HKLM] -> http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab[Office Genuine Advantage Validation Tool] -> 
{05D44720-58E3-49E6-BDF6-D00330E511D3} [HKLM] -> http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab[StagingUI Object] -> 
{0CCA191D-13A6-4E29-B746-314DEE697D83} [HKLM] -> http://upload.facebook.com/controls/FacebookPhotoUploader5.cab[Facebook Photo Uploader 5] -> 
{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} [HKLM] -> http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab[Reg Error: Key does not exist or could not be opened.] -> 
{233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> 
{3107C2A8-9F0B-4404-A58B-21BD85268FBC} [HKLM] -> http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB[PogoWebLauncher Control] -> 
{3BB54395-5982-4788-8AF4-B5388FFDD0D8} [HKLM] -> http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab[MSN Games – Buddy Invite] -> 
{493ACF15-5CD9-4474-82A6-91670C3DD66E} [HKLM] -> http://www.linkedin.com/cab/LinkedInContactFinderControl.cab[LinkedIn ContactFinderControl] -> 
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> 
{54D53429-945C-4188-B460-C81356541882} [HKLM] -> http://photosmart.hpphoto.com/Download/HPeServicesLocalPrint.CAB[SaveImageFiles Class] -> 
{5736C456-EA94-4AAC-BB08-917ABDD035B3} [HKLM] -> http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab[ZonePAChat Object] -> 
{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} [HKLM] -> http://upload.facebook.com/controls/FacebookPhotoUploader3.cab[Facebook Photo Uploader 4 Control] -> 
{67DABFBF-D0AB-41FA-9C46-CC0F21721616} [HKLM] -> http://go.divx.com/plugin/DivXBrowserPlugin.cab[DivXBrowserPlugin Object] -> 
{7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} [HKLM] -> http://clubgames.pogo.com/online2/pogop/mahjong_escape_ancient_japan/SpinTopGamesLauncher.cab[SpinTop Games Launcher] -> 
{8A94C905-FF9D-43B6-8708-F0F22D22B1CB} [HKLM] -> http://www.worldwinner.com/games/shared/wwlaunch.cab[Wwlaunch Control] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab[Java Plug-in 1.6.0_10] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{9BDF4724-10AA-43D5-BD15-AEA0D2287303} [HKLM] -> http://zone.msn.com/bingame/zpagames/zpa_txhe.cab75406.cab[MSN Games – Texas Holdem Poker] -> 
{A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} [HKLM] -> http://www.worldwinner.com/games/v57/wof/wof.cab[WoF Control] -> 
{B8BE5E93-A60C-4D26-A2DC-220313175592} [HKLM] -> http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab[MSN Games - Installer] -> 
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} [HKLM] -> http://office.microsoft.com/officeupdate/content/opuc4.cab[Office Update Installation Engine] -> 
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab[Java Plug-in 1.6.0_10] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab[Java Plug-in 1.6.0_10] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} [HKLM] -> http://zone.msn.com/binframework/v10/StProxy.cab55579.cab[MSN Games – Game Communicator] -> 
Microsoft XML Parser for Java [HKLM] -> file:///C:/WINDOWS/Java/classes/xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{8E4A5940-014F-4F7D-B26E-24F4A72E2A65} ->	(Intel(R) 82566DC Gigabit Network Connection) -> 
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{4F07DA45-8170-4859-9B5F-037EF2970034}" [HKLM] -> %ProgramFiles%\Tall Emu\Online Armor\oaevent.dll [OA Shell Helper] -> [2008/04/17 04:17:42 | 00,671,432 | ---- | M] (Tall Emu)
"{56F9679E-7826-4C84-81F3-532071A8BCC5}" [HKLM] -> %ProgramFiles%\Windows Desktop Search\MSNLNamespaceMgr.dll [] -> [2008/05/26 21:19:02 | 00,304,128 | ---- | M] (Microsoft Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 16:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\America Online 9.0\waol.exe" -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0] -> File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found
"C:\Program Files\Windows Live\Messenger\livecall.exe" -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> [2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 16:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\America Online 9.0\waol.exe" -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Disabled:America Online 9.0] -> File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL] -> File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL] -> File not found
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" -> C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe [C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent] -> File not found
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2008/07/10 09:51:26 | 20,246,824 | ---- | M] (Apple Inc.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> [2008/05/21 03:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft Plus! Photo Story 2 LE\PS2Trial.exe" -> C:\Program Files\Microsoft Plus! Photo Story 2 LE\PS2Trial.exe [C:\Program Files\Microsoft Plus! Photo Story 2 LE\PS2Trial.exe:*:Enabled:Plus! Photo Story 2 LE] -> [2003/09/18 13:40:56 | 00,032,256 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe" -> C:\Program Files\Mozilla Thunderbird\thunderbird.exe [C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird] -> [2008/05/03 11:23:06 | 08,490,608 | ---- | M] (Mozilla Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> [2007/05/28 13:52:54 | 23,458,344 | R--- | M] (Skype Technologies S.A.)
"C:\Program Files\tinyproxy\tinyproxy.exe" -> C:\Program Files\tinyproxy\tinyproxy.exe [C:\Program Files\tinyproxy\tinyproxy.exe:*:Enabled:tinyproxy] -> File not found
"C:\Program Files\TurboTax\Basic 2006\32bit\ttax.exe" -> C:\Program Files\TurboTax\Basic 2006\32bit\ttax.exe [C:\Program Files\TurboTax\Basic 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax] -> [2007/03/08 01:25:56 | 09,950,760 | ---- | M] (Intuit, Inc.)
"C:\Program Files\TurboTax\Basic 2006\32bit\updatemgr.exe" -> C:\Program Files\TurboTax\Basic 2006\32bit\updatemgr.exe [C:\Program Files\TurboTax\Basic 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager] -> [2007/03/29 19:37:15 | 03,679,784 | ---- | M] (Intuit, Inc.)
"C:\Program Files\Windows Live\Messenger\livecall.exe" -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> [2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" -> C:\WINDOWS\system32\dpvsetup.exe [C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test] -> [2008/04/13 16:12:18 | 00,083,456 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\mshta.exe" -> C:\WINDOWS\system32\mshta.exe [C:\WINDOWS\system32\mshta.exe:*:Enabled:Microsoft (R) HTML Application host] -> [2007/08/13 17:32:30 | 00,045,568 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019] -> [2008/04/13 16:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/04/13 10:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2004/08/11 15:15:00 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
 
 
[Files/Folders - Created Within 30 Days]
7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
topic182424.pdf -> %UserProfile%\Desktop\topic182424.pdf -> [2008/11/29 12:43:44 | 00,238,808 | ---- | C] ()
OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2008/11/29 12:41:09 | 00,000,000 | ---D | C]
OTScanIt2(2).exe -> %UserProfile%\Desktop\OTScanIt2(2).exe -> [2008/11/29 12:40:48 | 00,536,648 | ---- | C] ()
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2008/11/29 12:38:47 | 00,536,648 | ---- | C] ()
Ad-Watch.lnk -> %AllUsersProfile%\Desktop\Ad-Watch.lnk -> [2008/11/29 11:52:59 | 00,000,793 | ---- | C] ()
Ad-Aware.lnk -> %AllUsersProfile%\Desktop\Ad-Aware.lnk -> [2008/11/29 11:52:58 | 00,000,793 | ---- | C] ()
Lavasoft -> %ProgramFiles%\Lavasoft -> [2008/11/29 11:52:55 | 00,000,000 | ---D | C]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [2008/11/29 11:52:19 | 00,000,000 | ---D | C]
{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185} -> %AllUsersProfile%\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185} -> [2008/11/29 08:31:32 | 00,000,000 | ---D | C]
TV -> %UserProfile%\My Documents\TV -> [2008/11/28 12:07:48 | 00,000,000 | ---D | C]
rsit -> %SystemDrive%\rsit -> [2008/11/27 11:26:56 | 00,000,000 | ---D | C]
RSIT.exe -> %UserProfile%\Desktop\RSIT.exe -> [2008/11/27 11:26:36 | 00,305,705 | ---- | C] ()
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2008/11/27 11:11:29 | 00,001,734 | ---- | C] ()
Trend Micro -> %ProgramFiles%\Trend Micro -> [2008/11/27 11:11:29 | 00,000,000 | ---D | C]
HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> [2008/11/27 11:11:09 | 00,812,344 | ---- | C] (Trend Micro Inc.)
Play Mystery Case Files - Return to Ravenhearst.lnk -> %AllUsersProfile%\Desktop\Play Mystery Case Files - Return to Ravenhearst.lnk -> [2008/11/27 10:38:46 | 00,002,040 | ---- | C] ()
More Great Games.lnk -> %AllUsersProfile%\Desktop\More Great Games.lnk -> [2008/11/27 10:38:46 | 00,001,632 | ---- | C] ()
msoffice.ini -> %SystemRoot%\msoffice.ini -> [2008/11/26 18:41:52 | 00,000,002 | ---- | C] ()
Play Miss Teri Tale - Vote 4 Me.lnk -> %AllUsersProfile%\Desktop\Play Miss Teri Tale - Vote 4 Me.lnk -> [2008/11/25 19:28:39 | 00,001,884 | ---- | C] ()
Play The Mysterious City - Golden Prague.lnk -> %AllUsersProfile%\Desktop\Play The Mysterious City - Golden Prague.lnk -> [2008/11/25 19:22:48 | 00,001,963 | ---- | C] ()
TfKbMon.sys -> %SystemRoot%\System32\drivers\TfKbMon.sys -> [2008/11/23 20:24:31 | 00,012,576 | ---- | C] (PC Tools)
ThreatFire -> %ProgramFiles%\ThreatFire -> [2008/11/23 20:24:30 | 00,000,000 | ---D | C]
PC Tools -> %AllUsersProfile%\Application Data\PC Tools -> [2008/11/23 20:24:30 | 00,000,000 | ---D | C]
tfinstall(2).exe -> %UserProfile%\Desktop\tfinstall(2).exe -> [2008/11/23 19:37:29 | 23,150,144 | ---- | C] (PC Tools													)
tfinstall.exe -> %UserProfile%\Desktop\tfinstall.exe -> [2008/11/23 19:36:28 | 00,119,425 | ---- | C] (PC Tools													)
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft -> [2008/11/23 11:43:05 | 00,000,000 | ---D | C]
aaw2008.exe -> %UserProfile%\Desktop\aaw2008.exe -> [2008/11/23 11:36:56 | 23,804,784 | ---- | C] ()
Play Book of Legends.lnk -> %AllUsersProfile%\Desktop\Play Book of Legends.lnk -> [2008/11/21 18:15:27 | 00,001,785 | ---- | C] ()
bolivar27.exe -> %SystemRoot%\bolivar27.exe -> [2008/11/20 21:31:02 | 00,027,136 | -H-- | C] ()
Minidump -> %SystemRoot%\Minidump -> [2008/11/20 21:26:01 | 00,000,000 | ---D | C]
SWF Studio -> %CommonProgramFiles%\SWF Studio -> [2008/11/17 20:54:56 | 00,000,000 | ---D | C]
367770 -> %SystemRoot%\System32\367770 -> [2008/11/16 09:19:42 | 00,000,000 | ---D | C]
Artogon -> %AppData%\Artogon -> [2008/11/15 17:31:46 | 00,000,000 | ---D | C]
Play Mystery Stories - Berlin Nights.lnk -> %AllUsersProfile%\Desktop\Play Mystery Stories - Berlin Nights.lnk -> [2008/11/15 11:40:00 | 00,001,927 | ---- | C] ()
Play Interpol 2 - Most Wanted.lnk -> %AllUsersProfile%\Desktop\Play Interpol 2 - Most Wanted.lnk -> [2008/11/11 18:24:28 | 00,001,866 | ---- | C] ()
mrxsmb.sys -> %SystemRoot%\System32\dllcache\mrxsmb.sys -> [2008/11/11 18:06:16 | 00,455,296 | ---- | C] (Microsoft Corporation)
msxml3.dll -> %SystemRoot%\System32\dllcache\msxml3.dll -> [2008/11/11 18:05:34 | 01,106,944 | ---- | C] (Microsoft Corporation)
Add to my crew.doc -> %UserProfile%\Desktop\Add to my crew.doc -> [2008/11/09 22:10:00 | 00,023,552 | ---- | C] ()
Trojans found.doc -> %UserProfile%\My Documents\Trojans found.doc -> [2008/11/09 13:21:07 | 17,996,288 | ---- | C] ()
be49f4daa.dat -> %SystemRoot%\be49f4daa.dat -> [2008/11/09 10:30:18 | 00,000,001 | -H-- | C] ()
f49f4daa.dat -> %SystemRoot%\f49f4daa.dat -> [2008/11/09 10:30:13 | 00,000,001 | -H-- | C] ()
890166 -> %SystemRoot%\System32\890166 -> [2008/11/09 10:30:12 | 00,000,000 | ---D | C]
tinyproxy -> %ProgramFiles%\tinyproxy -> [2008/11/09 10:30:07 | 00,000,000 | ---D | C]
tmark2.dat -> %SystemRoot%\tmark2.dat -> [2008/11/09 10:30:06 | 00,000,001 | -H-- | C] ()
bemark2.dat -> %SystemRoot%\bemark2.dat -> [2008/11/09 10:29:58 | 00,000,001 | -H-- | C] ()
fmark2.dat -> %SystemRoot%\fmark2.dat -> [2008/11/09 10:29:26 | 00,000,001 | -H-- | C] ()
Play My Games.lnk -> %UserProfile%\Desktop\Play My Games.lnk -> [2008/11/08 22:27:42 | 00,001,578 | ---- | C] ()
Redrum -> %AllUsersProfile%\Application Data\Redrum -> [2008/11/08 20:25:28 | 00,000,000 | ---D | C]
ERS G-Studio -> %AllUsersProfile%\Application Data\ERS G-Studio -> [2008/11/08 17:01:55 | 00,000,000 | ---D | C]
Super Collapse! Puzzle Gallery 4.lnk -> %AllUsersProfile%\Desktop\Super Collapse! Puzzle Gallery 4.lnk -> [2008/11/06 20:56:30 | 00,000,994 | ---- | C] ()
SecretIslandEng -> %AppData%\SecretIslandEng -> [2008/11/05 19:21:57 | 00,000,000 | ---D | C]
Play Redrum.lnk -> %AllUsersProfile%\Desktop\Play Redrum.lnk -> [2008/11/05 18:46:53 | 00,001,688 | ---- | C] ()
Mystic Inn -> %ProgramFiles%\Mystic Inn -> [2008/11/03 22:22:04 | 00,000,000 | ---D | C]
ReflexiveArcade -> %ProgramFiles%\ReflexiveArcade -> [2008/11/03 22:21:33 | 00,000,000 | ---D | C]
View Mini Snapshots.URL -> %UserProfile%\Desktop\View Mini Snapshots.URL -> [2008/10/30 18:14:59 | 00,000,089 | ---- | C] ()
OGAPluginInstall.exe -> %UserProfile%\Desktop\OGAPluginInstall.exe -> [2008/10/30 17:32:44 | 00,473,120 | ---- | C] (Microsoft Corporation)
 
[Files/Folders - Modified Within 30 Days]
7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [2007/03/21 01:32:23 | 00,000,000 | ---D | M]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2008/11/28 11:34:30 | 00,004,232 | ---- | M] ()
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2008/11/28 11:33:43 | 00,005,485 | ---- | M] ()
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [2008/05/24 11:31:02 | 00,000,000 | ---D | M]
opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [2008/05/24 11:31:02 | 00,008,406 | ---- | M] ()
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc -> [2008/11/29 11:40:37 | 00,000,000 | ---D | M]
Perflib_Perfdata_940.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_940.dat -> [2008/11/29 11:40:37 | 00,016,384 | ---- | M] ()
C:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works -> [2008/11/29 11:42:31 | 00,000,000 | ---D | M]
CalMRU.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\CalMRU.dat -> [2008/07/22 17:35:50 | 00,003,596 | ---- | M] ()
wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [2007/04/08 06:51:00 | 00,016,384 | ---- | M] ()
wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat -> [2007/04/08 18:48:28 | 00,162,475 | ---- | M] ()
C:\Documents and Settings\Arthel Burkland\Local Settings\Temp\mpp.tmp\ -> C:\Documents and Settings\Arthel Burkland\Local Settings\Temp\mpp.tmp\ -> [2008/03/15 20:04:53 | 00,000,000 | ---D | M]
webstart.mpowerplayer.com-token-4a3d1fa67e7e0736-4be60118b5c28eba -> C:\Documents and Settings\Arthel Burkland\Local Settings\Temp\mpp.tmp\webstart.mpo -> [2008/03/15 20:04:51 | 00,000,081 | ---- | M] ()
C:\Documents and Settings\Arthel Burkland\Local Settings\Temp\ -> C:\Documents and Settings\Arthel Burkland\Local Settings\Temp -> [2008/11/29 13:01:56 | 00,000,000 | ---D | M]
FFTB-REAL_signed.exe -> C:\Documents and Settings\Arthel Burkland\Local Settings\Temp\FFTB-REAL_signed.exe -> [2007/09/17 14:10:36 | 06,871,480 | ---- | M] ()
GDSSetup.exe -> C:\Documents and Settings\Arthel Burkland\Local Settings\Temp\GDSSetup.exe -> [2008/11/15 11:50:47 | 01,827,640 | ---- | M] (Google)
GoogleInstApp.exe -> C:\Documents and Settings\Arthel Burkland\Local Settings\Temp\GoogleInstApp.exe -> [2008/10/03 15:54:26 | 06,026,528 | ---- | M] (RealNetworks)
GoogleToolbarInstaller_en_signed.exe -> C:\Documents and Settings\Arthel Burkland\Local Settings\Temp\GoogleToolbarInstaller_en_signed.exe -> [2008/11/15 11:50:47 | 01,145,896 | ---- | M] (Google)
jre-6u10-windows-i586-p-iftw_3ca5d6e4.exe -> C:\Documents and Settings\Arthel Burkland\Local Settings\Temp\jre-6u10-windows-i586-p-iftw_3ca5d6e4.exe -> [2008/11/09 15:49:19 | 00,607,640 | ---- | M] (Sun Microsystems, Inc.)
jre-6u7-windows-i586-p-iftw_bdb28397.exe -> C:\Documents and Settings\Arthel Burkland\Local Settings\Temp\jre-6u7-windows-i586-p-iftw_bdb28397.exe -> [2008/06/10 04:53:46 | 00,382,352 | ---- | M] (Sun Microsystems, Inc.)
McAfeeUpdate.exe -> C:\Documents and Settings\Arthel Burkland\Local Settings\Temp\McAfeeUpdate.exe -> [2007/08/08 18:58:18 | 00,275,776 | ---- | M] (McAfee, Inc.)
MysticInnSetup26923.exe -> C:\Documents and Settings\Arthel Burkland\Local Settings\Temp\MysticInnSetup26923.exe -> [2008/11/03 22:21:34 | 23,018,294 | ---- | M] (															)
ose00000.exe -> C:\Documents and Settings\Arthel Burkland\Local Settings\Temp\ose00000.exe -> [2006/10/27 22:30:09 | 00,145,184 | R--- | M] (Microsoft Corporation)
SkypeSetup.exe -> C:\Documents and Settings\Arthel Burkland\Local Settings\Temp\SkypeSetup.exe -> [2008/04/13 12:33:46 | 22,690,600 | ---- | M] (Skype Technologies S.A.)
the-count-of-monte-cristo_s1_l1_gF2357T1L1_d162094308[1].exe -> C:\Documents and Settings\Arthel Burkland\Local Settings\Temp\the-count-of-monte-cristo_s1_l1_gF2357T1L1_d162094308[1].exe -> [2008/03/05 21:51:11 | 01,582,816 | ---- | M] (Big Fish Games)
unhelper.exe -> C:\Documents and Settings\Arthel Burkland\Local Settings\Temp\unhelper.exe -> [2008/02/27 13:25:50 | 00,102,400 | ---- | M] (GameHouse)
735 C:\Documents and Settings\Arthel Burkland\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Arthel Burkland\Local Settings\Temp\*.tmp -> 
C:\Documents and Settings\Arthel Burkland\Local Settings\Temp\_ir_sf7_temp_0\ -> C:\Documents and Settings\Arthel Burkland\Local Settings\Temp\_ir_sf7_temp_0 -> [2007/12/12 17:24:48 | 00,000,000 | ---D | M]
irsetup.exe -> C:\Documents and Settings\Arthel Burkland\Local Settings\Temp\_ir_sf7_temp_0\irsetup.exe -> [2007/12/12 17:24:35 | 00,473,600 | ---- | M] ()
C:\Documents and Settings\Arthel Burkland\Local Settings\Temp\ICD1.tmp\ -> C:\Documents and Settings\Arthel Burkland\Local Settings\Temp\ICD1.tmp\ -> [2008/05/31 15:09:16 | 00,000,000 | ---D | M]
jinstall.exe -> C:\Documents and Settings\Arthel Burkland\Local Settings\Temp\ICD1.tmp\jinstall.exe -> [2008/04/25 04:02:34 | 00,376,832 | ---- | M] (Sun Microsystems, Inc.)
C:\Documents and Settings\Arthel Burkland\Local Settings\Temp\mia4B.tmp\ -> C:\Documents and Settings\Arthel Burkland\Local Settings\Temp\mia4B.tmp\ -> [2008/11/27 10:56:42 | 00,000,000 | ---D | M]
Uniblue RegistryBooster.exe -> C:\Documents and Settings\Arthel Burkland\Local Settings\Temp\mia4B.tmp\Uniblue RegistryBooster.exe -> [2008/11/23 22:05:51 | 02,567,189 | ---- | M] (Uniblue Systems																																																																							 )
C:\Documents and Settings\Arthel Burkland\Local Settings\Temp\ -> C:\Documents and Settings\Arthel Burkland\Local Settings\Temp -> [2008/11/29 13:01:56 | 00,000,000 | ---D | M]
fftbapi.dll -> C:\Documents and Settings\Arthel Burkland\Local Settings\Temp\fftbapi.dll -> [2007/09/17 14:10:36 | 00,050,688 | ---- | M] ()
GoogleToolbar.dll -> C:\Documents and Settings\Arthel Burkland\Local Settings\Temp\GoogleToolbar.dll -> [2008/11/15 11:50:47 | 02,403,392 | ---- | M] (Google Inc.)
uninst.dll -> C:\Documents and Settings\Arthel Burkland\Local Settings\Temp\uninst.dll -> [2004/09/01 11:56:56 | 00,114,688 | ---- | M] ()
735 C:\Documents and Settings\Arthel Burkland\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Arthel Burkland\Local Settings\Temp\*.tmp -> 
C:\Documents and Settings\Arthel Burkland\Local Settings\Temp\mrt199.tmp\ -> C:\Documents and Settings\Arthel Burkland\Local Settings\Temp\mrt199.tmp\ -> [2008/08/24 12:31:51 | 00,000,000 | ---D | M]
cctrans.dll -> C:\Documents and Settings\Arthel Burkland\Local Settings\Temp\mrt199.tmp\cctrans.dll -> [2008/08/24 12:31:51 | 00,069,632 | ---- | M] ()
mmfs2.dll -> C:\Documents and Settings\Arthel Burkland\Local Settings\Temp\mrt199.tmp\mmfs2.dll -> [2008/08/24 12:31:51 | 00,307,200 | ---- | M] ()
C:\Documents and Settings\Arthel Burkland\Local Settings\Temp\nsm72.tmp\ -> C:\Documents and Settings\Arthel Burkland\Local Settings\Temp\nsm72.tmp\ -> [2008/04/12 10:37:27 | 00,000,000 | ---D | M]
NSISdl.dll -> C:\Documents and Settings\Arthel Burkland\Local Settings\Temp\nsm72.tmp\NSISdl.dll -> [2008/04/12 10:37:27 | 00,012,800 | ---- | M] ()
System.dll -> C:\Documents and Settings\Arthel Burkland\Local Settings\Temp\nsm72.tmp\System.dll -> [2008/04/12 10:37:27 | 00,010,240 | ---- | M] ()
C:\Documents and Settings\Arthel Burkland\Local Settings\Temp\ -> C:\Documents and Settings\Arthel Burkland\Local Settings\Temp -> [2008/11/29 13:01:56 | 00,000,000 | ---D | M]
Perflib_Perfdata_f34.dat -> C:\Documents and Settings\Arthel Burkland\Local Settings\Temp\Perflib_Perfdata_f34.dat -> [2008/05/31 14:53:12 | 00,016,384 | ---- | M] ()
735 C:\Documents and Settings\Arthel Burkland\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Arthel Burkland\Local Settings\Temp\*.tmp -> 
C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [2008/11/29 12:34:16 | 00,000,000 | ---D | M]
CTPBSeq.exe -> C:\WINDOWS\Temp\CTPBSeq.exe -> [2005/05/31 16:02:00 | 00,065,536 | R--- | M] (Creative Technology Ltd.)
C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [2008/11/29 12:34:16 | 00,000,000 | ---D | M]
Perflib_Perfdata_5b0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5b0.dat -> [2008/11/29 11:40:33 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_fe4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_fe4.dat -> [2008/11/29 11:54:44 | 00,016,384 | ---- | M] ()
Cloudmark Desktop Config Guard.job -> %SystemRoot%\tasks\Cloudmark Desktop Config Guard.job -> [2008/11/29 13:02:00 | 00,000,280 | ---- | M] ()
topic182424.pdf -> %UserProfile%\Desktop\topic182424.pdf -> [2008/11/29 12:43:44 | 00,238,808 | ---- | M] ()
OTScanIt2(2).exe -> %UserProfile%\Desktop\OTScanIt2(2).exe -> [2008/11/29 12:40:48 | 00,536,648 | ---- | M] ()
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2008/11/29 12:38:48 | 00,536,648 | ---- | M] ()
nvapps.xml -> %SystemRoot%\System32\nvapps.xml -> [2008/11/29 12:08:57 | 00,050,257 | ---- | M] ()
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2008/11/29 12:08:41 | 00,002,206 | ---- | M] ()
Ad-Watch.lnk -> %AllUsersProfile%\Desktop\Ad-Watch.lnk -> [2008/11/29 11:52:59 | 00,000,793 | ---- | M] ()
Ad-Aware.lnk -> %AllUsersProfile%\Desktop\Ad-Aware.lnk -> [2008/11/29 11:52:58 | 00,000,793 | ---- | M] ()
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [2008/11/29 11:43:25 | 00,000,330 | -H-- | M] ()
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2008/11/29 11:40:26 | 00,000,006 | -H-- | M] ()
bootstat.dat -> %SystemRoot%\bootstat.dat -> [2008/11/29 11:40:20 | 00,002,048 | --S- | M] ()
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2008/11/29 11:40:18 | 21,453,04576 | -HS- | M] ()
DVCState-{00000004-00000000-00000003-00001102-00000005-10031102}.rfx -> %SystemRoot%\System32\DVCState-{00000004-00000000-00000003-00001102-00000005-10031102}.rfx -> [2008/11/29 11:39:40 | 00,064,980 | ---- | M] ()
BMXStateBkp-{00000004-00000000-00000003-00001102-00000005-10031102}.rfx -> %SystemRoot%\System32\BMXStateBkp-{00000004-00000000-00000003-00001102-00000005-10031102}.rfx -> [2008/11/29 11:39:40 | 00,055,176 | ---- | M] ()
BMXState-{00000004-00000000-00000003-00001102-00000005-10031102}.rfx -> %SystemRoot%\System32\BMXState-{00000004-00000000-00000003-00001102-00000005-10031102}.rfx -> [2008/11/29 11:39:40 | 00,055,176 | ---- | M] ()
settingsbkup.sfm -> %SystemRoot%\System32\settingsbkup.sfm -> [2008/11/29 11:39:40 | 00,001,080 | ---- | M] ()
settings.sfm -> %SystemRoot%\System32\settings.sfm -> [2008/11/29 11:39:40 | 00,001,080 | ---- | M] ()
Digital Locker Assistant.lnk -> %AllUsersProfile%\Desktop\Digital Locker Assistant.lnk -> [2008/11/29 09:02:04 | 00,002,385 | ---- | M] ()
THANK YOU.doc -> %UserProfile%\Desktop\THANK YOU.doc -> [2008/11/29 08:56:28 | 00,019,456 | ---- | M] ()
PACK.doc -> %UserProfile%\Desktop\PACK.doc -> [2008/11/29 08:51:57 | 00,020,480 | ---- | M] ()
passwords FINAL.xls -> %UserProfile%\My Documents\passwords FINAL.xls -> [2008/11/28 15:05:44 | 00,073,216 | ---- | M] ()
RSIT.exe -> %UserProfile%\Desktop\RSIT.exe -> [2008/11/27 11:26:36 | 00,305,705 | ---- | M] ()
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2008/11/27 11:11:29 | 00,001,734 | ---- | M] ()
HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> [2008/11/27 11:11:09 | 00,812,344 | ---- | M] (Trend Micro Inc.)
Play Mystery Case Files - Return to Ravenhearst.lnk -> %AllUsersProfile%\Desktop\Play Mystery Case Files - Return to Ravenhearst.lnk -> [2008/11/27 10:38:46 | 00,002,040 | ---- | M] ()
More Great Games.lnk -> %AllUsersProfile%\Desktop\More Great Games.lnk -> [2008/11/27 10:38:46 | 00,001,632 | ---- | M] ()
be49f4daa.dat -> %SystemRoot%\be49f4daa.dat -> [2008/11/26 19:39:28 | 00,000,001 | -H-- | M] ()
win.ini -> %SystemRoot%\win.ini -> [2008/11/26 18:42:02 | 00,000,733 | ---- | M] ()
msoffice.ini -> %SystemRoot%\msoffice.ini -> [2008/11/26 18:41:52 | 00,000,002 | ---- | M] ()
Play Miss Teri Tale - Vote 4 Me.lnk -> %AllUsersProfile%\Desktop\Play Miss Teri Tale - Vote 4 Me.lnk -> [2008/11/25 19:28:39 | 00,001,884 | ---- | M] ()
Play The Mysterious City - Golden Prague.lnk -> %AllUsersProfile%\Desktop\Play The Mysterious City - Golden Prague.lnk -> [2008/11/25 19:22:48 | 00,001,963 | ---- | M] ()
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [2008/11/24 08:24:01 | 00,000,284 | ---- | M] ()
tfinstall(2).exe -> %UserProfile%\Desktop\tfinstall(2).exe -> [2008/11/23 19:39:23 | 23,150,144 | ---- | M] (PC Tools													)
tfinstall.exe -> %UserProfile%\Desktop\tfinstall.exe -> [2008/11/23 19:36:28 | 00,119,425 | ---- | M] (PC Tools													)
aaw2008.exe -> %UserProfile%\Desktop\aaw2008.exe -> [2008/11/23 11:38:03 | 23,804,784 | ---- | M] ()
Play Book of Legends.lnk -> %AllUsersProfile%\Desktop\Play Book of Legends.lnk -> [2008/11/21 18:15:27 | 00,001,785 | ---- | M] ()
bolivar27.exe -> %SystemRoot%\bolivar27.exe -> [2008/11/21 17:42:12 | 00,027,136 | -H-- | M] ()
Pogo Games.lnk -> %UserProfile%\Desktop\Pogo Games.lnk -> [2008/11/17 20:54:32 | 00,001,420 | ---- | M] ()
f49f4daa.dat -> %SystemRoot%\f49f4daa.dat -> [2008/11/16 14:47:39 | 00,000,001 | -H-- | M] ()
Play Mystery Stories - Berlin Nights.lnk -> %AllUsersProfile%\Desktop\Play Mystery Stories - Berlin Nights.lnk -> [2008/11/15 11:40:00 | 00,001,927 | ---- | M] ()
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [2008/11/11 20:57:28 | 03,179,296 | -H-- | M] ()
imsins.BAK -> %SystemRoot%\imsins.BAK -> [2008/11/11 20:04:04 | 00,001,393 | ---- | M] ()
Play Interpol 2 - Most Wanted.lnk -> %AllUsersProfile%\Desktop\Play Interpol 2 - Most Wanted.lnk -> [2008/11/11 18:24:28 | 00,001,866 | ---- | M] ()
Webshots.lnk -> %UserProfile%\Start Menu\Programs\Startup\Webshots.lnk -> [2008/11/10 20:06:41 | 00,000,676 | ---- | M] ()
Add to my crew.doc -> %UserProfile%\Desktop\Add to my crew.doc -> [2008/11/09 22:10:00 | 00,023,552 | ---- | M] ()
Trojans found.doc -> %UserProfile%\My Documents\Trojans found.doc -> [2008/11/09 19:19:06 | 17,996,288 | ---- | M] ()
tmark2.dat -> %SystemRoot%\tmark2.dat -> [2008/11/09 10:30:06 | 00,000,001 | -H-- | M] ()
bemark2.dat -> %SystemRoot%\bemark2.dat -> [2008/11/09 10:29:58 | 00,000,001 | -H-- | M] ()
fmark2.dat -> %SystemRoot%\fmark2.dat -> [2008/11/09 10:29:26 | 00,000,001 | -H-- | M] ()
Play My Games.lnk -> %UserProfile%\Desktop\Play My Games.lnk -> [2008/11/08 22:27:42 | 00,001,578 | ---- | M] ()
Super Collapse! Puzzle Gallery 4.lnk -> %AllUsersProfile%\Desktop\Super Collapse! Puzzle Gallery 4.lnk -> [2008/11/06 20:56:30 | 00,000,994 | ---- | M] ()
Play Redrum.lnk -> %AllUsersProfile%\Desktop\Play Redrum.lnk -> [2008/11/05 18:46:53 | 00,001,688 | ---- | M] ()
MRT.exe -> %SystemRoot%\System32\MRT.exe -> [2008/11/03 16:10:26 | 17,318,336 | ---- | M] (Microsoft Corporation)
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [2008/11/02 12:58:32 | 00,466,914 | ---- | M] ()
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [2008/11/02 12:58:32 | 00,079,878 | ---- | M] ()
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [2008/11/02 12:58:31 | 00,558,006 | ---- | M] ()
View Mini Snapshots.URL -> %UserProfile%\Desktop\View Mini Snapshots.URL -> [2008/10/30 18:14:59 | 00,000,089 | ---- | M] ()
OGAPluginInstall.exe -> %UserProfile%\Desktop\OGAPluginInstall.exe -> [2008/10/30 17:32:45 | 00,473,120 | ---- | M] (Microsoft Corporation)
< End of report >


#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:05 PM

Posted 29 November 2008 - 04:53 PM

Hi arthel. Let's see what we can do. Follow the steps below in order:

Step #1

Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
%systemroot%\be49f4daa.dat
%systemroot%\bemark2.dat
%systemroot%\bolivar27.exe
%systemroot%\f49f4daa.dat
%systemroot%\fmark2.dat
%systemroot%\tmark2.dat
%userprofile%\desktop\otscanit2(2).exe
c:\documents and settings\all users\application data\microsoft\network\downloader\qmgr0.dat
c:\documents and settings\all users\application data\microsoft\network\downloader\qmgr1.dat
Folders to delete:
%programfiles%\tinyproxy
%systemroot%\system32\367770
%systemroot%\system32\890166

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
  • Click in the window labeled Input Scrupt Here and paste the text copied to the clipboard into it by pressing (Ctrl+V).
  • Click the Execute button
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger?s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Step #2

Start OTScanIt2. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {A48FE9AC-DD02-4FF7-9211-B7BA9A2C8BF2} [HKLM] -> %SystemRoot%\system32\890166\890166.dll [890166 Class]
YN -> {CAD68085-8805-4FD3-AA1E-2E282ED7E7A2} [HKLM] -> %SystemRoot%\system32\367770\367770.dll [367770 Class]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\"{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "sysberay2" -> %SystemRoot%\che6.exe [C:\windows\che6.exe]
YN -> "systray" -> %SystemRoot%\mstre8.exe [C:\windows\mstre8.exe]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{320AF880-6646-11D3-ABEE-C5DBF3571F46}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\"{320AF880-6646-11D3-ABEE-C5DBF3571F49}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\"{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\"{724d43aa-0d85-11d4-9908-00400523e39a}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} [HKLM] -> http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab[Reg Error: Key does not exist or could not be opened.]
YN -> {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} [HKLM] -> [Reg Error: Key does not exist or could not be opened.]
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List
YN -> "C:\Program Files\America Online 9.0\waol.exe" -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0]
YN -> "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL]
YN -> "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL]
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "C:\Program Files\America Online 9.0\waol.exe" -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Disabled:America Online 9.0]
YN -> "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL]
YN -> "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL]
YN -> "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" -> C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe [C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent]
[Files/Folders - Created Within 30 Days]
NY -> 7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> bolivar27.exe -> %SystemRoot%\bolivar27.exe
NY -> 367770 -> %SystemRoot%\System32\367770
NY -> be49f4daa.dat -> %SystemRoot%\be49f4daa.dat
NY -> f49f4daa.dat -> %SystemRoot%\f49f4daa.dat
NY -> 890166 -> %SystemRoot%\System32\890166
NY -> tinyproxy -> %ProgramFiles%\tinyproxy
NY -> tmark2.dat -> %SystemRoot%\tmark2.dat
NY -> bemark2.dat -> %SystemRoot%\bemark2.dat
NY -> fmark2.dat -> %SystemRoot%\fmark2.dat
[Files/Folders - Modified Within 30 Days]
NY -> 7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
NY -> qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
NY -> OTScanIt2(2).exe -> %UserProfile%\Desktop\OTScanIt2(2).exe
NY -> be49f4daa.dat -> %SystemRoot%\be49f4daa.dat
NY -> bolivar27.exe -> %SystemRoot%\bolivar27.exe
NY -> f49f4daa.dat -> %SystemRoot%\f49f4daa.dat
NY -> tmark2.dat -> %SystemRoot%\tmark2.dat
NY -> bemark2.dat -> %SystemRoot%\bemark2.dat
NY -> fmark2.dat -> %SystemRoot%\fmark2.dat
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt2 will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.

Step #3

Now let's run an online virus scan. Both of these require Internet Explorer. Try F-Secure first. Sometimes it doesn't play nice with other system components so if it cannot complete then try the Kaspersky scan. You only need to complete one of the two.

Run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Click on Online Services and then Online Scanner
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
If the F-Secure scan did not work then try an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (if available otherwise Standard)
    • Scan Options:Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • The program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Step #4

Run a new OTScanIt2 scan with the following options

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program.
  • Just use the default settings.
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it and close Notepad (save changes if necessary).
  • Close OTScanIt2 and locate the OTScanIt.txt file in the folder where OTScanIt2.exe is located.
  • Attach that file back here in your next reply.
Step #5

Copy/paste the following back here in your next reply:
  • The Avenger report (c:\Avenger.txt)
  • The latest OTScanIt2 fix log (look in the OTScanIt2 folder for a file with a name in the form of mmddyyyy_hhmmss.log for month, day, year, hours, minutes, and seconds that the scan was run. )
  • The online virus scan report (whichever one you ran)
Attach the following back here in your next reply: (do NOT copy/paste it this time)
  • The new OTScanIt2 scan log
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 arthel

arthel
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington State
  • Local time:08:05 PM

Posted 29 November 2008 - 09:09 PM

Here are the files. There IS now an Attachments section for me to use. THANK YOU for your help. I do not yet know the status of my system since the last scan DOES show infections that I have not yet dealt with. Should I do Clean Up or something else in your OTScanIt2 program? F-Secure would not work, even after allowing everything that was asked of me. When I finish sending this I should probably reboot but I think I'd better wait until I hear back from you about the infections still reported. Thanks again for your help! Arthel

Attached Files



#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:05 PM

Posted 29 November 2008 - 09:48 PM

Hi arthel. It doesn't appear that the fix copied correctly. Let's try that part again.

Start OTScanIt2. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {A48FE9AC-DD02-4FF7-9211-B7BA9A2C8BF2} [HKLM] -> %SystemRoot%\system32\890166\890166.dll [890166 Class]
YN -> {CAD68085-8805-4FD3-AA1E-2E282ED7E7A2} [HKLM] -> %SystemRoot%\system32\367770\367770.dll [367770 Class]
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List
YN -> "C:\Program Files\America Online 9.0\waol.exe" -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0]
YN -> "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL]
YN -> "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL]
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "C:\Program Files\America Online 9.0\waol.exe" -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Disabled:America Online 9.0]
YN -> "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL]
YN -> "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL]
YN -> "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" -> C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe [C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent]
YN -> "C:\Program Files\tinyproxy\tinyproxy.exe" -> C:\Program Files\tinyproxy\tinyproxy.exe [C:\Program Files\tinyproxy\tinyproxy.exe:*:Enabled:tinyproxy]

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt2 will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time.

Post that information back here and I'll take a look at it.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#9 arthel

arthel
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington State
  • Local time:08:05 PM

Posted 29 November 2008 - 10:15 PM

Here it is. Thanks again!

Arthel

Attached Files



#10 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:05 PM

Posted 29 November 2008 - 10:29 PM

Hi arthel. That looks better. Everything looks good. Go ahead and run the system normally for a couple of days to see if there are any more problems and then get back with me so we can do some final cleanup.

Cheers.

OT

Edited by OldTimer, 29 November 2008 - 10:30 PM.

I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#11 arthel

arthel
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington State
  • Local time:08:05 PM

Posted 29 November 2008 - 11:37 PM

Will do. Thanks, OT! :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users