# Asklots.com google redirects, help please.



## nyrob (Oct 20, 2003)

Hey,

I'm getting hijacked from my web searches, most often to Asklots.com redirects. I have no idea how to get rid of this, nothing is showing up in my Malwarebytes or Search and Destroy, both come up clean. This is driving me nuts. I've posted HJT and Malwarebytes Logs below, any help would be greatly appreciated. Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:15:10 PM, on 4/21/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 7.0; AOL 9.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; eMusic DLM/4)" -"http://www.gamehouse.com/realarcade-webgames/ancientsudoku/index.jsp?pread=0&pread=0&ractype=fullclient"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} (Photo Upload Plugin Class) - http://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} (Java Plug-in 1.6.0_15) - 
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712....akamai.com/6712/player/install/installer.exe
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} (Photo Upload Plugin Class) - http://samsclubus.pnimedia.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: McAfee Application Installer Cleanup (0229681271802041) (0229681271802041mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\022968~1.EXE (file missing)
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Documents and Settings\Rob\My Documents\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

--
End of file - 13687 bytes

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4019

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/21/2010 8:53:37 PM
mbam-log-2010-04-21 (20-53-37).txt

Scan type: Quick scan
Objects scanned: 115943
Time elapsed: 7 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


----------



## nyrob (Oct 20, 2003)

bump


----------



## NeonFx (Oct 22, 2008)

Hello there 
My name is *NeonFx*. I'll be glad to help you with your computer problems. Logs can take some time to research, so please be patient with me.

Please note the following:

The fixes are specific to your problem and should only be used on this machine.
Please continue to review my answers until I tell you your machine appears to be clean. Absence of symptoms does not necessarily mean that the system is completely clean.
It's often worth reading through these instructions and printing them for ease of reference. I may ask you to boot into Safe Mode where you will be unable to follow my instructions online.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.

*Step 1*

Download *OTS* to your Desktop


Close *ALL OTHER PROGRAMS*.
Double-click on *OTS.exe* to start the program.
Check the box that says *Scan All Users*
Under Basic Scans please change the radio button under *Registry* from Safe List to *All*.
Under Additional Scans check the following:
Reg - Desktop Components
Reg - Disabled MS Config Items
Reg - NetSvcs
Reg - Shell Spawning
Reg - Uninstall List
File - Lop Check
File - Purity Scan
Evnt - EvtViewer (last 10)

Please paste the contents of the following codebox into the *Custom Scans* box at the bottom


```
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
```

Now click the *Run Scan* button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete *Notepad* will open with the report file loaded in it.
Click the *Format* menu and make sure that *Wordwrap* is not checked. If it is then click on it to uncheck it.
Please *attach* the log in your next post. To do so click on the blue *"Reply"* button or *"Go Advanced"* and click on the "*Manage Attachments*" button

*Step 2*








*GMER Rootkit Scanner* 
Please download *GMER* from one of the following locations and save it to your desktop:
Main Mirror
_This version will download a randomly named file (Recommended)_
Zipped Mirror
_This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop._

Disconnect from the Internet and close all running programs. Make sure you disable your security programs as well, as they may interfere with the program. 
Double-click on the *randomly named* GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
_Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe._










GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. _(do not use the computer while the scan is in progress)_
If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click *NO*.
Now click the *Scan* button. If you see a rootkit warning window, click OK.
When the scan is finished, click the *Save...* button to save the scan results to your Desktop. Save the file as *gmer.log*.
Click the *Copy* button and paste the results into your next reply.
Exit GMER and re-enable your security programs when done.

If you have trouble running GMER, please try running it in Safe Mode. To get to Safe Mode you'll need to repeatedly tap the F8 key on your keyboard as you turn your computer on until a black and white menu appears with the option.

If you continue to have trouble with it, try running it without the "Files" scan checked.


----------



## nyrob (Oct 20, 2003)

Here is the log from the OTS scan, I'll work on Step #2 now.


```
OTS logfile created on: 4/22/2010 11:52:37 PM - Run 1
OTS by OldTimer - Version 3.1.29.0     Folder = C:\Documents and Settings\Rob\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 79.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.03 Gb Total Space | 79.73 Gb Free Space | 34.97% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465.76 Gb Total Space | 319.98 Gb Free Space | 68.70% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: D5G1GS91
Current User Name: Rob
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Rob\Desktop\OTS.exe -> [2010/04/22 23:44:36 | 000,638,976 | ---- | M] (OldTimer Tools)
realsched.exe -> C:\Program Files\Common Files\Real\Update_OB\realsched.exe -> [2010/04/07 06:56:17 | 000,202,256 | ---- | M] (RealNetworks, Inc.)
superantispyware.exe -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe -> [2010/03/29 08:29:04 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com)
applemobiledeviceservice.exe -> C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -> [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.)
utorrent.exe -> C:\Program Files\uTorrent\uTorrent.exe -> [2010/03/16 15:47:24 | 000,319,792 | ---- | M] (BitTorrent, Inc.)
mcsacore.exe -> C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -> [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.)
mcagent.exe -> C:\Program Files\McAfee.com\Agent\mcagent.exe -> [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.)
mpfsrv.exe -> C:\Program Files\McAfee\MPF\MpfSrv.exe -> [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.)
mcshield.exe -> C:\Program Files\McAfee\VirusScan\Mcshield.exe -> [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.)
mcsysmon.exe -> C:\Program Files\McAfee\VirusScan\mcsysmon.exe -> [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.)
mcmscsvc.exe -> C:\Program Files\McAfee\MSC\mcmscsvc.exe -> [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.)
mcnasvc.exe -> c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -> [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.)
mcuicnt.exe -> C:\Program Files\Common Files\McAfee\MSC\McUICnt.exe -> [2009/07/07 17:45:22 | 000,436,752 | ---- | M] (McAfee, Inc.)
mcsmtfwk.exe -> C:\Program Files\McAfee\MSM\McSmtFwk.exe -> [2009/05/07 23:30:22 | 000,192,128 | ---- | M] (McAfee, Inc.)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
googletoolbarnotifier.exe -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2007/06/26 22:57:08 | 000,068,856 | ---- | M] (Google Inc.)
aolacsd.exe -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC)
 
[Modules - Safe List]
ots.exe -> C:\Documents and Settings\Rob\Desktop\OTS.exe -> [2010/04/22 23:44:36 | 000,638,976 | ---- | M] (OldTimer Tools)
sahook.dll -> c:\Program Files\McAfee\SiteAdvisor\sahook.dll -> [2009/12/08 14:12:24 | 000,014,544 | ---- | M] (McAfee, Inc.)
serwvdrv.dll -> C:\WINDOWS\system32\serwvdrv.dll -> [2004/08/10 05:00:00 | 000,014,848 | ---- | M] (Microsoft Corporation)
umdmxfrm.dll -> C:\WINDOWS\system32\umdmxfrm.dll -> [2004/08/10 05:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
(0187791271901102mcinstcleanup) McAfee Application Installer Cleanup (0187791271901102) [Auto | Stopped] ->  -> File not found
(Apple Mobile Device) Apple Mobile Device [Auto | Running] -> C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -> [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.)
(McAfee SiteAdvisor Service) McAfee SiteAdvisor Service [On_Demand | Running] -> C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -> [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.)
(MemeoBackgroundService) MemeoBackgroundService [On_Demand | Stopped] -> C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe -> [2009/11/12 22:30:42 | 000,025,824 | ---- | M] (Memeo)
(MpfService) McAfee Personal Firewall Service [On_Demand | Running] -> C:\Program Files\McAfee\MPF\MPFSrv.exe -> [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.)
(McODS) McAfee Scanner [On_Demand | Stopped] -> C:\Program Files\McAfee\VirusScan\mcods.exe -> [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.)
(McShield) McAfee Real-time Scanner [Unknown | Running] -> C:\Program Files\McAfee\VirusScan\Mcshield.exe -> [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.)
(McSysmon) McAfee SystemGuards [On_Demand | Running] -> C:\Program Files\McAfee\VirusScan\mcsysmon.exe -> [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.)
(mcmscsvc) McAfee Services [On_Demand | Running] -> C:\Program Files\McAfee\MSC\mcmscsvc.exe -> [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.)
(MSK80Service) McAfee SpamKiller Service [On_Demand | Stopped] -> C:\Program Files\McAfee\MSK\MskSrver.exe -> [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.)
(McProxy) McAfee Proxy Service [On_Demand | Stopped] -> c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -> [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.)
(McNASvc) McAfee Network Agent [On_Demand | Running] -> c:\program files\common files\mcafee\mna\mcnasvc.exe -> [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.)
(TomTomHOMEService) TomTomHOMEService [On_Demand | Stopped] -> C:\Documents and Settings\Rob\My Documents\TomTom HOME 2\TomTomHOMEService.exe -> [2009/04/24 07:57:30 | 000,092,008 | ---- | M] (TomTom)
(sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) [On_Demand | Stopped] -> C:\Program Files\Dell Support Center\bin\sprtsvc.exe -> [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.)
(GoToAssist) GoToAssist [On_Demand | Stopped] -> C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -> [2008/05/30 12:44:40 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
(WDBtnMgrSvc.exe) WD Drive Manager Service [On_Demand | Stopped] -> C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -> [2008/01/30 05:52:22 | 000,106,496 | ---- | M] (WDC)
(DSBrokerService) DSBrokerService [On_Demand | Stopped] -> C:\Program Files\DellSupport\brkrsvc.exe -> [2007/03/07 16:47:46 | 000,076,848 | ---- | M] ()
(AOL ACS) AOL Connectivity Service [Auto | Running] -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC)
(AdobeActiveFileMonitor5.0) Adobe Active File Monitor V5 [On_Demand | Stopped] -> C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -> [2006/09/14 07:56:06 | 000,102,400 | ---- | M] ()
(Creative Labs Licensing Service) Creative Labs Licensing Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -> [2006/04/11 02:05:14 | 000,069,632 | ---- | M] (Creative Labs)
(WANMiniportService) WAN Miniport (ATW) Service [On_Demand | Stopped] -> C:\WINDOWS\wanmpsvc.exe -> [2003/08/27 10:29:46 | 000,065,536 | ---- | M] (America Online, Inc.)
 
[Driver Services - Safe List]
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -> [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -> [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASENUM) SASENUM [Kernel | On_Demand | Running] -> C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -> [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
(mfehidk) McAfee Inc. mfehidk [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\mfehidk.sys -> [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.)
(mfeavfk) McAfee Inc. mfeavfk [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\mfeavfk.sys -> [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.)
(mfesmfk) McAfee Inc. mfesmfk [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\mfesmfk.sys -> [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.)
(mfebopk) McAfee Inc. mfebopk [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\mfebopk.sys -> [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.)
(mferkdk) McAfee Inc. mferkdk [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\mferkdk.sys -> [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.)
(MPFP) MPFP [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\Mpfp.sys -> [2009/07/16 12:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.)
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\amdagp.sys -> [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.)
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sisagp.sys -> [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hdaudbus.sys -> [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(dsunidrv) DellSupport UniDriver [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\dsunidrv.sys -> [2007/02/25 13:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.)
(DSproct) DSproct [Kernel | On_Demand | Stopped] -> C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -> [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.)
(Angel2) Angel II MPEG Device [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\Angel2.sys -> [2005/09/12 22:34:22 | 000,380,032 | ---- | M] (Lumanate, Inc.)
(DRVMCDB) DRVMCDB [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -> [2005/09/12 03:30:00 | 000,089,264 | ---- | M] (Sonic Solutions)
(DLAUDFAM) DLAUDFAM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -> [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions)
(DLAUDF_M) DLAUDF_M [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -> [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions)
(DLAIFS_M) DLAIFS_M [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -> [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions)
(DLABOIOM) DLABOIOM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLABOIOM.SYS -> [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions)
(DLAOPIOM) DLAOPIOM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -> [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions)
(DLAPoolM) DLAPoolM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAPoolM.SYS -> [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions)
(DLADResN) DLADResN [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLADResN.SYS -> [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions)
(DLACDBHM) DLACDBHM [File_System | System | Running] -> C:\WINDOWS\system32\drivers\DLACDBHM.SYS -> [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions)
(DLARTL_N) DLARTL_N [File_System | System | Running] -> C:\WINDOWS\system32\drivers\DLARTL_N.SYS -> [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions)
(DRVNDDM) DRVNDDM [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\DRVNDDM.SYS -> [2005/08/12 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions)
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ati2mtag.sys -> [2005/08/04 04:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.)
(STHDA) High Definition Audio Driver (WDM) - SigmaTel CODEC [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\sthda.sys -> [2005/06/06 21:40:48 | 000,180,736 | ---- | M] (SigmaTel, Inc.)
(CTUSFSYN) Creative SoundFont Synthesizer [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\CTUSFSYN.SYS -> [2005/05/25 22:34:00 | 000,158,464 | ---- | M] (Creative Technology Ltd.)
(sigfilt) sigfilt [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\sigfilt.sys -> [2005/03/25 16:11:00 | 001,350,272 | ---- | M] (Creative Technology Ltd.)
(ctsfm2k) Creative SoundFont Management Device Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\CTSFM2K.SYS -> [2005/01/11 00:15:00 | 000,138,752 | ---- | M] (Creative Technology Ltd)
(ossrv) Creative OS Services Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\CTOSS2K.SYS -> [2005/01/11 00:15:00 | 000,106,496 | ---- | M] (Creative Technology Ltd.)
(nv) nv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nv4_mini.sys -> [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation)
(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\HSFHWBS2.sys -> [2003/11/17 21:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.)
(winachsf) winachsf [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\HSF_CNXT.sys -> [2003/11/17 21:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.)
(HSF_DP) HSF_DP [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\HSF_DP.sys -> [2003/11/17 21:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.)
(MTDVC2) Panasonic DVC USB-SERIAL2 Driver for NT Technology [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\mtdv2ku2.sys -> [2003/10/15 17:07:38 | 000,012,288 | ---- | M] (Matsu****a Electric Industrial Co., Ltd.)
(MTDVC2_ENUM) Panasonic DVC COM2 Driver for NT Technology [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\mtdv2ks2.sys -> [2003/10/11 08:39:52 | 000,011,648 | ---- | M] (Matsu****a Electric Industrial Co., Ltd.)
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\wanatw4.sys -> [2003/01/10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.)
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sparrow.sys -> [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.)
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sym_u3.sys -> [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic)
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sym_hi.sys -> [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic)
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\symc8xx.sys -> [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic)
(symc810) symc810 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\symc810.sys -> [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.)
(MODEMCSA) Unimodem Streaming Filter Device [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\MODEMCSA.sys -> [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation)
(ultra) ultra [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ultra.sys -> [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.)
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql12160.sys -> [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation)
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql1080.sys -> [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation)
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql1280.sys -> [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation)
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -> [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation)
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\mraid35x.sys -> [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.)
(asc) asc [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\asc.sys -> [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.)
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\asc3550.sys -> [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.)
(AliIde) AliIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\aliide.sys -> [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.)
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\cmdide.sys -> [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.)
 
[Registry - All]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  [binary data] -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\"Default_Page_URL" -> http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us -> 
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
HKEY_LOCAL_MACHINE\: Search\\"Start Page" -> http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: Main\\"Default_Page_URL" -> http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us -> 
HKEY_USERS\.DEFAULT\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\.DEFAULT\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: Main\\"Default_Page_URL" -> http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us -> 
HKEY_USERS\S-1-5-18\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\S-1-5-18\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-3899734009-1239871535-3738898179-1005\] > -> -> 
HKEY_USERS\S-1-5-21-3899734009-1239871535-3738898179-1005\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
HKEY_USERS\S-1-5-21-3899734009-1239871535-3738898179-1005\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\S-1-5-21-3899734009-1239871535-3738898179-1005\: Main\\"SearchMigratedDefaultName" -> Google -> 
HKEY_USERS\S-1-5-21-3899734009-1239871535-3738898179-1005\: Main\\"SearchMigratedDefaultURL" -> http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 -> 
HKEY_USERS\S-1-5-21-3899734009-1239871535-3738898179-1005\: Main\\"Start Page" -> http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us -> 
HKEY_USERS\S-1-5-21-3899734009-1239871535-3738898179-1005\: SearchURL\\"" -> http://www.google.com/search?q=%s -> 
HKEY_USERS\S-1-5-21-3899734009-1239871535-3738898179-1005\: URLSearchHooks\\"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2009/11/23 11:26:38 | 000,204,048 | ---- | M] (McAfee, Inc.)
HKEY_USERS\S-1-5-21-3899734009-1239871535-3738898179-1005\: URLSearchHooks\\"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" [HKLM] -> C:\WINDOWS\system32\ieframe.dll [Microsoft Url Search Hook] -> [2010/02/25 11:54:36 | 011,070,976 | ---- | M] (Microsoft Corporation)
HKEY_USERS\S-1-5-21-3899734009-1239871535-3738898179-1005\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2008/05/15 15:40:40 | 000,817,936 | ---- | M] (Yahoo! Inc.)
HKEY_USERS\S-1-5-21-3899734009-1239871535-3738898179-1005\: "ProxyEnable" -> 0 -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\eMusic Download Manager\Extensions ->  -> 
HKLM\software\mozilla\eMusic Download Manager\Extensions\\Components -> C:\Program Files\eMusic Download Manager\xulrunner\components [C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\COMPONENTS] -> [2010/04/07 06:57:35 | 000,000,000 | ---D | M]
HKLM\software\mozilla\eMusic Download Manager\Extensions\\Plugins -> C:\Program Files\eMusic Download Manager\xulrunner\plugins [C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\PLUGINS] -> [2010/04/20 14:54:20 | 000,000,000 | ---D | M]
HKLM\software\mozilla\eMusic Remote\Extensions ->  -> 
HKLM\software\mozilla\eMusic Remote\Extensions\\Components -> C:\Program Files\eMusic Remote\xulrunner\components [C:\PROGRAM FILES\EMUSIC REMOTE\XULRUNNER\COMPONENTS] -> [2010/04/07 06:57:35 | 000,000,000 | ---D | M]
HKLM\software\mozilla\eMusic Remote\Extensions\\Plugins -> C:\Program Files\eMusic Remote\xulrunner\plugins [C:\PROGRAM FILES\EMUSIC REMOTE\XULRUNNER\PLUGINS] -> [2010/04/20 14:54:21 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45} -> C:\Program Files\McAfee\SiteAdvisor [C:\PROGRAM FILES\MCAFEE\SITEADVISOR] -> [2010/04/21 17:07:20 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON2] -> [2009/09/18 11:26:16 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} -> C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext [C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT] -> [2009/09/24 10:25:09 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\Program Files\Java\jre6\lib\deploy\jqs\ff [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2009/02/11 16:29:07 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} -> C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\] -> [2010/01/26 04:01:02 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
  -> C:\Documents and Settings\Rob\Application Data\Mozilla\Extensions -> [2009/05/22 00:12:42 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\Rob\Application Data\Mozilla\Extensions\[email protected] -> [2009/05/22 00:12:42 | 000,000,000 | ---D | M]
< HOSTS File > ([2009/02/11 17:25:10 | 000,291,346 | R--- | M] - 10083 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
First 25 entries...
Reset Hosts
127.0.0.1       localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	www.1001namen.com
127.0.0.1	1001namen.com
127.0.0.1	www.100888290cs.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	www.10sek.com
127.0.0.1	10sek.com
127.0.0.1	www.1-2005-search.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> [2008/05/15 15:40:40 | 000,817,936 | ---- | M] (Yahoo! Inc.)
{0347C33E-8762-4905-BF09-768834316C61} [HKLM] -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [HP Print Enhancer] -> [2008/10/16 18:26:40 | 000,322,864 | ---- | M] (Hewlett-Packard Co.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2010/04/02 08:03:56 | 000,061,888 | ---- | M] (Adobe Systems Incorporated)
{27B4851A-3207-45A2-B947-BE8AFE6163AB} [HKLM] -> c:\Program Files\McAfee\MSK\mskapbho.dll [McAfee Phishing Filter] -> [2009/07/08 14:48:48 | 000,246,800 | ---- | M] ()
{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKLM] -> c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> [2009/09/24 10:25:08 | 000,329,312 | ---- | M] (RealPlayer)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 16:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> C:\Program Files\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> [2009/09/16 10:22:16 | 000,062,784 | ---- | M] (McAfee, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar Helper] -> [2010/01/29 10:22:08 | 000,279,664 | ---- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [Google Toolbar Notifier BHO] -> [2010/01/29 12:40:45 | 000,812,528 | ---- | M] (Google Inc.)
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} [HKLM] -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor BHO] -> [2009/11/23 11:26:38 | 000,204,048 | ---- | M] (McAfee, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/10/11 05:17:12 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.)
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} [HKLM] -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [HP Smart BHO Class] -> [2008/10/16 18:26:40 | 000,505,136 | ---- | M] (Hewlett-Packard Co.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2009/11/23 11:26:38 | 000,204,048 | ---- | M] (McAfee, Inc.)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/01/29 10:22:08 | 000,279,664 | ---- | M] (Google Inc.)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2008/05/15 15:40:40 | 000,817,936 | ---- | M] (Yahoo! Inc.)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3899734009-1239871535-3738898179-1005\] > -> HKEY_USERS\S-1-5-21-3899734009-1239871535-3738898179-1005\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" [HKLM] -> C:\WINDOWS\system32\browseui.dll [&Address] -> [2008/04/13 20:11:50 | 001,025,024 | ---- | M] (Microsoft Corporation)
WebBrowser\\"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" [HKLM] -> C:\WINDOWS\system32\browseui.dll [&Address] -> [2008/04/13 20:11:50 | 001,025,024 | ---- | M] (Microsoft Corporation)
WebBrowser\\"{0E5CBF21-D15F-11D0-8301-00AA005B4383}" [HKLM] -> C:\WINDOWS\system32\shell32.dll [&Links] -> [2008/06/17 15:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation)
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/01/29 10:22:08 | 000,279,664 | ---- | M] (Google Inc.)
WebBrowser\\"{9EE802E8-C931-47AB-B570-AA8F791598CA}" [HKLM] -> C:\Program Files\eMusic\tbeMu0.dll [eMusic Toolbar] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Adobe ARM" -> C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe ["C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"] -> [2010/03/24 14:17:47 | 000,952,768 | ---- | M] (Adobe Systems Incorporated)
"Adobe Reader Speed Launcher" -> C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> [2010/04/02 14:05:30 | 000,040,368 | ---- | M] (Adobe Systems Incorporated)
"AppleSyncNotifier" -> C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe] -> [2010/03/16 21:58:34 | 000,047,392 | ---- | M] (Apple Inc.)
"iTunesHelper" -> C:\Program Files\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2010/03/26 01:10:02 | 000,142,120 | ---- | M] (Apple Inc.)
"mcagent_exe" -> C:\Program Files\McAfee.com\Agent\mcagent.exe ["C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey] -> [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.)
"QuickTime Task" -> C:\Program Files\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2010/03/17 21:53:36 | 000,421,888 | ---- | M] (Apple Inc.)
"TkBellExe" -> C:\Program Files\Common Files\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot] -> [2010/04/07 06:56:17 | 000,202,256 | ---- | M] (RealNetworks, Inc.)
< Run [HKEY_USERS\S-1-5-21-3899734009-1239871535-3738898179-1005\] > -> HKEY_USERS\S-1-5-21-3899734009-1239871535-3738898179-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"ctfmon.exe" -> C:\WINDOWS\system32\ctfmon.exe [C:\WINDOWS\system32\ctfmon.exe] -> [2008/04/13 20:12:16 | 000,015,360 | ---- | M] (Microsoft Corporation)
"SUPERAntiSpyware" -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> [2010/03/29 08:29:04 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com)
"swg" -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ["C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"] -> [2007/06/26 22:57:08 | 000,068,856 | ---- | M] (Google Inc.)
"uTorrent" -> C:\Program Files\uTorrent\uTorrent.exe ["C:\Program Files\uTorrent\uTorrent.exe"] -> [2010/03/16 15:47:24 | 000,319,792 | ---- | M] (BitTorrent, Inc.)
< RunOnce [HKEY_USERS\S-1-5-21-3899734009-1239871535-3738898179-1005\] > -> HKEY_USERS\S-1-5-21-3899734009-1239871535-3738898179-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
"Shockwave Updater" ->  [C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 7.0; AOL 9.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; eMusic DLM/4)" -"http://www.gamehouse.com/realarcade-webgames/ancientsudoku/index.jsp?pread=0&pread=0&ractype=fullclient"] -> File not found
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> 
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
< Rob Startup Folder > -> C:\Documents and Settings\Rob\Start Menu\Programs\Startup -> 
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< Software Policy Settings [HKEY_USERS\S-1-5-21-3899734009-1239871535-3738898179-1005] > -> HKEY_USERS\S-1-5-21-3899734009-1239871535-3738898179-1005\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoCDBurning" ->  [0] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDriveTypeAutoRun" ->  [255] -> File not found
\\"NoDrives" ->  [0] -> File not found
\\"HonorAutoRunSetting" ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
\\"InstallVisualStyle" -> C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> [2004/08/10 03:39:00 | 001,347,728 | ---- | M] (Microsoft)
\\"InstallTheme" -> C:\WINDOWS\Resources\Themes\Royale.Theme [C:\WINDOWS\Resources\Themes\Royale.theme] -> [2004/07/28 02:03:28 | 000,001,293 | ---- | M] ()
\\"DisableRegistryTools" ->  [0] -> File not found
\\"HideLegacyLogonScripts" ->  [0] -> File not found
\\"HideLogoffScripts" ->  [0] -> File not found
\\"RunLogonScriptSync" ->  [1] -> File not found
\\"RunStartupScriptSync" ->  [0] -> File not found
\\"HideStartupScripts" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3899734009-1239871535-3738898179-1005] > -> HKEY_USERS\S-1-5-21-3899734009-1239871535-3738898179-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-3899734009-1239871535-3738898179-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3899734009-1239871535-3738898179-1005] > -> HKEY_USERS\S-1-5-21-3899734009-1239871535-3738898179-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_USERS\S-1-5-21-3899734009-1239871535-3738898179-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"HideLegacyLogonScripts" ->  [0] -> File not found
\\"HideLogoffScripts" ->  [0] -> File not found
\\"RunLogonScriptSync" ->  [1] -> File not found
\\"RunStartupScriptSync" ->  [0] -> File not found
\\"HideStartupScripts" ->  [0] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-3899734009-1239871535-3738898179-1005\] > -> HKEY_USERS\S-1-5-21-3899734009-1239871535-3738898179-1005\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000] -> [2010/01/15 01:57:10 | 018,343,272 | ---- | M] (Microsoft Corporation)
Google Sidewiki... -> C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll [res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html] -> [2010/01/29 10:22:25 | 000,848,896 | ---- | M] (Google Inc.)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2009/02/26 19:45:52 | 000,603,040 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2009/02/26 19:45:52 | 000,603,040 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2009/03/06 04:04:56 | 000,039,464 | ---- | M] (Microsoft Corporation)
{DDE87865-83C5-48c4-8357-2F5B1AA84522}:{DDE87865-83C5-48c4-8357-2F5B1AA84522} [HKLM] -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [Button: HP Smart Select] -> [2008/10/16 18:26:40 | 000,505,136 | ---- | M] (Hewlett-Packard Co.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 16:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 000,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
CmdMapping\\"{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] ->  [Reg Error: Value error.] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
CmdMapping\\"{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] ->  [Reg Error: Value error.] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-3899734009-1239871535-3738898179-1005\] > -> HKEY_USERS\S-1-5-21-3899734009-1239871535-3738898179-1005\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
CmdMapping\\"{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2009/03/06 04:04:56 | 000,039,464 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] ->  [Reg Error: Value error.] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5256 domain(s) found. -> 
online_musicmatch.com [https] -> Trusted sites -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5254 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5254 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-3899734009-1239871535-3738898179-1005\] > -> HKEY_USERS\S-1-5-21-3899734009-1239871535-3738898179-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-3899734009-1239871535-3738898179-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5255 domain(s) found. -> 
objects_aol.com [*] -> Out of zone range - ( 5 ) -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3899734009-1239871535-3738898179-1005\] > -> HKEY_USERS\S-1-5-21-3899734009-1239871535-3738898179-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-3899734009-1239871535-3738898179-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{01A88BB1-1174-41EC-ACCB-963509EAE56B} [HKLM] -> http://support.dell.com/systemprofiler/SysPro.CAB [SysProWmi Class] -> 
{215B8138-A3CF-44C5-803F-8226143CFC0A} [HKLM] -> http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab [Trend Micro ActiveX Scan Agent 6.6] -> 
{26B2A5DA-BFD6-422F-A89A-28A54C74B12B} [HKLM] -> http://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab [Photo Upload Plugin Class] -> 
{362C56AA-6E4F-40C7-A0B5-85501DBDAD77} [HKLM] -> http://i.dell.com/images/global/js/scanner/SysProExe.cab [Scanner.SysScanner] -> 
{4871A87A-BFDD-4106-8153-FFDE2BAC2967} [HKLM] -> http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab [DLM Control] -> 
{4C39376E-FA9D-4349-BACC-D305C1750EF3} [HKLM] -> http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab [EPUImageControl Class] -> 
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} [HKLM] -> http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab [Reg Error: Key error.] -> 
{6F750202-1362-4815-A476-88533DE61D0C} [HKLM] -> http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab [Kodak Gallery Easy Upload Manager Class] -> 
{8A0019EB-51FA-4AE5-A40B-C0496BBFC739} [HKLM] -> http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab [Verizon Wireless Media Upload] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab [Reg Error: Key error.] -> 
{A1662FB6-39BE-41BB-ACDC-0448FB1B5817} [HKLM] -> http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab [Photo Upload Plugin Class] -> 
{C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} [HKLM] -> http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab [EPUImageControl Class] -> 
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [HKLM] -> Reg Error: Value error. [Reg Error: Key error.] -> 
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> 
{D4323BF2-006A-4440-A2F5-27E3E7AB25F8} [HKLM] -> http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe [Virtools WebPlayer Class] -> 
{EFD1E13D-1CB3-4545-B754-CA410FE7734F} [HKLM] -> http://samsclubus.pnimedia.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab [Photo Upload Plugin Class] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{7900A3D2-7BC8-47C1-995A-B1E1C1538251}\\DhcpNameServer -> 192.168.1.1   (Intel(R) PRO/100 VE Network Connection) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> C:\WINDOWS\system32\userinit.exe -> [2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
logonui.exe -> C:\WINDOWS\System32\logonui.exe -> [2008/04/13 20:12:24 | 000,514,560 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> C:\WINDOWS\System32\shell32.dll -> [2008/06/17 15:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation)
Control_RunDLL "sysdm.cpl" -> C:\WINDOWS\System32\sysdm.cpl -> [2008/04/13 20:12:41 | 000,300,544 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -> [2009/09/03 15:21:42 | 000,548,352 | ---- | M] (SUPERAntiSpyware.com)
crypt32chain -> C:\WINDOWS\System32\crypt32.dll -> [2008/04/13 20:11:51 | 000,599,040 | ---- | M] (Microsoft Corporation)
cryptnet -> C:\WINDOWS\System32\cryptnet.dll -> [2008/04/13 20:11:51 | 000,064,512 | ---- | M] (Microsoft Corporation)
cscdll -> C:\WINDOWS\System32\cscdll.dll -> [2008/04/13 20:11:51 | 000,101,888 | ---- | M] (Microsoft Corporation)
dimsntfy -> C:\WINDOWS\system32\dimsntfy.dll -> [2008/04/13 20:11:52 | 000,019,456 | ---- | M] (Microsoft Corporation)
GoToAssist -> C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll -> [2008/05/30 12:44:39 | 000,010,536 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
ScCertProp -> C:\WINDOWS\System32\wlnotify.dll -> [2008/04/13 20:12:09 | 000,092,672 | ---- | M] (Microsoft Corporation)
Schedule -> C:\WINDOWS\System32\wlnotify.dll -> [2008/04/13 20:12:09 | 000,092,672 | ---- | M] (Microsoft Corporation)
sclgntfy -> C:\WINDOWS\System32\sclgntfy.dll -> [2008/04/13 20:12:05 | 000,020,480 | ---- | M] (Microsoft Corporation)
SensLogn -> C:\WINDOWS\System32\wlnotify.dll -> [2008/04/13 20:12:09 | 000,092,672 | ---- | M] (Microsoft Corporation)
termsrv -> C:\WINDOWS\System32\wlnotify.dll -> [2008/04/13 20:12:09 | 000,092,672 | ---- | M] (Microsoft Corporation)
WgaLogon -> C:\WINDOWS\System32\WgaLogon.dll -> [2007/03/15 19:16:42 | 000,236,928 | ---- | M] (Microsoft Corporation)
wlballoon -> C:\WINDOWS\System32\wlnotify.dll -> [2008/04/13 20:12:09 | 000,092,672 | ---- | M] (Microsoft Corporation)
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{fbeb8a05-beee-4442-804e-409d6c4515e9}" [HKLM] -> C:\WINDOWS\system32\shell32.dll [CDBurn] -> [2008/06/17 15:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation)
"{7849596a-48ea-486e-8937-a2a3009f31a9}" [HKLM] -> C:\WINDOWS\system32\shell32.dll [PostBootReminder] -> [2008/06/17 15:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation)
"{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKLM] -> C:\WINDOWS\system32\stobject.dll [SysTray] -> [2008/04/13 20:12:07 | 000,121,856 | ---- | M] (Microsoft Corporation)
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> C:\WINDOWS\system32\webcheck.dll [WebCheck] -> [2009/03/08 04:34:48 | 000,236,544 | ---- | M] (Microsoft Corporation)
"{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKLM] -> C:\WINDOWS\system32\WPDShServiceObj.dll [WPDShServiceObj] -> [2006/10/18 22:47:22 | 000,133,632 | ---- | M] (Microsoft Corporation)
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler -> 
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}" [HKLM] -> C:\WINDOWS\system32\browseui.dll [Browseui preloader] -> [2008/04/13 20:11:50 | 001,025,024 | ---- | M] (Microsoft Corporation)
"{8C7461EF-2B13-11d2-BE35-3078302C2030}" [HKLM] -> C:\WINDOWS\system32\browseui.dll [Component Categories cache daemon] -> [2008/04/13 20:11:50 | 001,025,024 | ---- | M] (Microsoft Corporation)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [] -> [2008/05/13 10:13:36 | 000,077,824 | ---- | M] (SuperAdBlocker.com)
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
msapsspc.dll -> C:\WINDOWS\System32\msapsspc.dll -> [2008/04/13 20:11:58 | 000,086,016 | ---- | M] (Microsoft Corporation)
schannel.dll -> C:\WINDOWS\System32\schannel.dll -> [2009/06/25 04:25:26 | 000,147,456 | ---- | M] (Microsoft Corporation)
digest.dll -> C:\WINDOWS\System32\digest.dll -> [2008/04/13 20:11:52 | 000,068,608 | ---- | M] (Microsoft Corporation)
msnsspc.dll -> C:\WINDOWS\System32\msnsspc.dll -> [2008/04/13 20:12:00 | 000,290,816 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
*LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> C:\WINDOWS\System32\msv1_0.dll -> [2009/09/11 10:18:39 | 000,136,192 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< LSA Security Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
*LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> C:\WINDOWS\System32\kerberos.dll -> [2009/06/25 04:25:26 | 000,301,568 | ---- | M] (Microsoft Corporation)
msv1_0 -> C:\WINDOWS\System32\msv1_0.dll -> [2009/09/11 10:18:39 | 000,136,192 | ---- | M] (Microsoft Corporation)
schannel -> C:\WINDOWS\System32\schannel.dll -> [2009/06/25 04:25:26 | 000,147,456 | ---- | M] (Microsoft Corporation)
wdigest -> C:\WINDOWS\System32\wdigest.dll -> [2009/06/25 04:25:26 | 000,054,272 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 14:53:32 | 000,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 20:12:34 | 000,141,312 | ---- | M] (Microsoft Corporation)
"C:\Nexon\Combat Arms\CombatArms.exe" -> C:\Nexon\Combat Arms\CombatArms.exe [C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe] -> File not found
"C:\Nexon\Combat Arms\Engine.exe" -> C:\Nexon\Combat Arms\Engine.exe [C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe] -> File not found
"C:\Program Files\America Online 9.0\waol.exe" -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL] -> [2005/01/25 18:04:34 | 000,259,672 | ---- | M] (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> [2006/10/23 08:50:37 | 000,071,216 | R--- | M] (AOL LLC)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" -> C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe [C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe] -> [2008/08/20 10:54:00 | 000,544,768 | ---- | M] (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe] -> [2008/10/15 18:49:34 | 000,172,032 | ---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe [C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe] -> [2008/10/15 18:49:44 | 001,576,960 | ---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> [2008/10/31 12:43:50 | 000,075,096 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe] -> [2008/10/16 20:12:28 | 000,283,992 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe [C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe] -> [2008/10/16 20:12:28 | 000,229,376 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe] -> [2008/10/16 20:12:28 | 000,053,248 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> [2008/10/31 12:43:50 | 000,107,864 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe] -> [2008/10/16 20:12:28 | 000,122,880 | ---- | M] (TODO: <Company name>)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe [C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe] -> [2009/05/21 19:57:00 | 000,362,496 | ---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe [C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe] -> [2009/05/21 19:57:00 | 000,237,568 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> [2008/10/15 18:49:32 | 000,200,704 | ---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe] -> [2008/08/20 10:54:06 | 003,993,600 | ---- | M] (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe [C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe] -> [2008/08/20 10:54:02 | 000,087,456 | ---- | M] (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> [2008/10/16 20:11:26 | 000,184,320 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe [C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe] -> [2008/08/20 10:54:08 | 000,143,360 | ---- | M] (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> [2008/10/16 19:23:30 | 000,214,360 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe] -> [2008/10/16 20:12:30 | 000,562,520 | ---- | M] (Hewlett-Packard Co.)
"D:\setup\hpznui01.exe" -> D:\setup\hpznui01.exe [D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe] -> File not found
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 14:53:32 | 000,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 20:12:34 | 000,141,312 | ---- | M] (Microsoft Corporation)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" -> C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe [C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager] -> [2009/05/03 16:39:31 | 000,167,936 | ---- | M] (Nexon)
"C:\Nexon\Combat Arms\CombatArms.exe" -> C:\Nexon\Combat Arms\CombatArms.exe [C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe] -> File not found
"C:\Nexon\Combat Arms\Engine.exe" -> C:\Nexon\Combat Arms\Engine.exe [C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe] -> File not found
"C:\Nexon\Combat Arms\NMService.exe" -> C:\Nexon\Combat Arms\NMService.exe [C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core] -> File not found
"C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe" -> C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe [C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server] -> [2006/09/14 07:55:52 | 004,374,528 | ---- | M] ()
"C:\Program Files\America Online 9.0\waol.exe" -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL] -> [2005/01/25 18:04:34 | 000,259,672 | ---- | M] (America Online, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service] -> [2010/02/12 11:46:12 | 000,345,376 | ---- | M] (Apple Inc.)
"C:\Program Files\Common Files\AOL\1168463600\ee\aolsoftware.exe" -> C:\Program Files\Common Files\AOL\1168463600\ee\aolsoftware.exe [C:\Program Files\Common Files\AOL\1168463600\ee\aolsoftware.exe:*:Enabled:AOL Shared Components] -> [2007/10/08 17:50:56 | 000,041,824 | ---- | M] (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> [2006/10/23 08:50:37 | 000,071,216 | R--- | M] (AOL LLC)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" -> C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe [C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe] -> [2008/08/20 10:54:00 | 000,544,768 | ---- | M] (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" -> C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe [C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent] -> [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe] -> [2008/10/15 18:49:34 | 000,172,032 | ---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe [C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe] -> [2008/10/15 18:49:44 | 001,576,960 | ---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> [2008/10/31 12:43:50 | 000,075,096 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe] -> [2008/10/16 20:12:28 | 000,283,992 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe [C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe] -> [2008/10/16 20:12:28 | 000,229,376 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe] -> [2008/10/16 20:12:28 | 000,053,248 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> [2008/10/31 12:43:50 | 000,107,864 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe] -> [2008/10/16 20:12:28 | 000,122,880 | ---- | M] (TODO: <Company name>)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe [C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe] -> [2009/05/21 19:57:00 | 000,362,496 | ---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe [C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe] -> [2009/05/21 19:57:00 | 000,237,568 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> [2008/10/15 18:49:32 | 000,200,704 | ---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe] -> [2008/08/20 10:54:06 | 003,993,600 | ---- | M] (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe [C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe] -> [2008/08/20 10:54:02 | 000,087,456 | ---- | M] (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> [2008/10/16 20:11:26 | 000,184,320 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe [C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe] -> [2008/08/20 10:54:08 | 000,143,360 | ---- | M] (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> [2008/10/16 19:23:30 | 000,214,360 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe] -> [2008/10/16 20:12:30 | 000,562,520 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2010/03/26 01:09:58 | 010,358,568 | ---- | M] (Apple Inc.)
"C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" -> C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> [2009/02/26 15:24:50 | 001,001,840 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" -> C:\Program Files\Pando Networks\Media Booster\PMB.exe [C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster] -> [2009/05/03 16:28:37 | 002,919,752 | ---- | M] ()
"C:\Program Files\uTorrent\uTorrent.exe" -> C:\Program Files\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [2010/03/16 15:47:24 | 000,319,792 | ---- | M] (BitTorrent, Inc.)
"C:\WINDOWS\system32\rundll32.exe" -> C:\WINDOWS\System32\rundll32.exe [C:\WINDOWS\system32\rundll32.exe:*:Enabled:Service] -> [2008/04/13 20:12:33 | 000,033,280 | ---- | M] (Microsoft Corporation)
"D:\setup\hpznui01.exe" -> D:\setup\hpznui01.exe [D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe] -> File not found
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2005/08/16 04:43:04 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
\{0215843f-45b0-11de-87c0-00038a000015}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0215843f-45b0-11de-87c0-00038a000015}\Shell\AutoRun\command
\{0215843f-45b0-11de-87c0-00038a000015}\Shell\AutoRun\command\\"" -> E:\InstallTomTomHOME.exe [E:\InstallTomTomHOME.exe] -> File not found
\{361ac05d-0e0d-11da-9aa9-806d6172696f}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell
\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun
\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command
\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command\\"" -> E:\setup.exe [E:\setup.exe] -> File not found
\{4eee9e4a-1213-11df-8881-00038a000015}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4eee9e4a-1213-11df-8881-00038a000015}\Shell
\{4eee9e4a-1213-11df-8881-00038a000015}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4eee9e4a-1213-11df-8881-00038a000015}\Shell\AutoRun
\{4eee9e4a-1213-11df-8881-00038a000015}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4eee9e4a-1213-11df-8881-00038a000015}\Shell\AutoRun\command
\{4eee9e4a-1213-11df-8881-00038a000015}\Shell\AutoRun\command\\"" -> F:\LaunchU3.exe [F:\LaunchU3.exe -a] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
[Registry - Additional Scans - Safe List]
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ -> 
0 -> [Key] -> 
0 -> FriendlyName = My Current Home Page -> 
0 -> Source = About:Home -> 
0 -> SubscribedURL = About:Home -> 
< Desktop WallPaper > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General -> 
WallPaper -> C:\Documents and Settings\Rob\Local Settings\Application Data\Microsoft\Wallpaper1.bmp -> 
BackupWallPaper -> C:\Documents and Settings\Rob\Local Settings\Application Data\Microsoft\Wallpaper1.bmp -> 
< Disabled MSConfig Services [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services -> 
"iPod Service" -> -> 
< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ -> 
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk -> C:\Program Files\America Online 9.0\aoltray.exe -> [2004/09/01 11:56:34 | 000,156,784 | -H-- | M] (America Online, Inc.)
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe -> [2008/10/16 19:23:30 | 000,214,360 | ---- | M] (Hewlett-Packard Co.)
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HPAiODevice(hp officejet 7100 series) - 1.lnk -> C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe -> [2003/06/25 00:23:40 | 000,495,682 | ---- | M] (Hewlett-Packard Co.)
C:^Documents and Settings^Rob^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE -> [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation)
C:^Documents and Settings^Rob^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk -> C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe -> [2007/11/22 11:49:08 | 000,385,024 | ---- | M] (Sony Corporation)
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> 
Adobe ARM hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe -> [2010/03/24 14:17:47 | 000,952,768 | ---- | M] (Adobe Systems Incorporated)
Adobe Reader Speed Launcher hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe -> [2010/04/02 14:05:30 | 000,040,368 | ---- | M] (Adobe Systems Incorporated)
AOLDialer hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> [2006/10/23 08:50:37 | 000,071,216 | R--- | M] (AOL LLC)
AppleSyncNotifier hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe -> File not found
ATIPTA hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe -> [2005/08/05 21:05:00 | 000,344,064 | ---- | M] (ATI Technologies, Inc.)
Corel Photo Downloader hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe -> [2005/11/16 20:08:40 | 000,106,496 | ---- | M] (Corel, Inc.)
ctfmon.exe hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
CTSysVol hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe -> [2005/09/15 09:47:22 | 000,057,344 | ---- | M] (Creative Technology Ltd)
DellSupportCenter hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Dell Support Center\bin\sprtcmd.exe -> [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.)
DLA hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
DMXLauncher hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Dell\Media Experience\DMXLauncher.exe -> File not found
dscactivate hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe -> [2007/11/15 10:24:00 | 000,016,384 | ---- | M] ( )
ehTray hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\WINDOWS\ehome\ehtray.exe -> [2005/09/29 14:01:14 | 000,067,584 | ---- | M] (Microsoft Corporation)
HostManager hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\AOL\1168463600\ee\aolsoftware.exe -> [2007/10/08 17:50:56 | 000,041,824 | ---- | M] (AOL LLC)
HP Software Update hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\HP\HP Software Update\hpwuschd2.exe -> [2008/12/08 15:50:04 | 000,054,576 | ---- | M] (Hewlett-Packard)
hpqSRMon hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe -> [2008/08/20 10:54:08 | 000,150,016 | ---- | M] (Hewlett-Packard)
ISUSScheduler hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -> [2008/10/24 10:14:38 | 000,079,136 | ---- | M] (Macrovision Corporation)
iTunesHelper hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\iTunes\iTunesHelper.exe -> [2010/03/26 01:10:02 | 000,142,120 | ---- | M] (Apple Inc.)
MBMon hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
MimBoot hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mimboot.exe -> [2005/09/08 19:20:46 | 000,008,192 | ---- | M] (Musicmatch, Inc.)
MMTray hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe -> [2005/09/08 19:20:46 | 000,110,592 | ---- | M] (Musicmatch, Inc.)
MSMSGS hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Messenger\msmsgs.exe -> [2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation)
QuickTime Task hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\QuickTime\qttask.exe -> [2010/03/17 21:53:36 | 000,421,888 | ---- | M] (Apple Inc.)
SetDefaultMIDI hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\WINDOWS\MIDIDEF.EXE -> [2004/12/22 17:40:02 | 000,024,576 | ---- | M] (Creative Technology Ltd)
SigmatelSysTrayApp hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\WINDOWS\stsystra.exe -> [2005/03/23 00:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.)
SpybotSD TeaTimer hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -> [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.)
SS_MW hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Radica\Stylin' Studio\SS_MW.exe -> File not found
swg hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2007/06/26 22:57:08 | 000,068,856 | ---- | M] (Google Inc.)
TkBellExe hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\Real\Update_OB\realsched.exe -> [2010/04/07 06:56:17 | 000,202,256 | ---- | M] (RealNetworks, Inc.)
TomTomHOME.exe hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Documents and Settings\Rob\My Documents\TomTom HOME 2\TomTomHOMERunner.exe -> [2009/04/24 07:57:28 | 000,251,240 | ---- | M] (TomTom)
Uniblue RegistryBooster 2009 hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe -> File not found
UpdReg hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\WINDOWS\Updreg.EXE -> [2000/05/11 01:00:00 | 000,090,112 | ---- | M] (Creative Technology Ltd.)
uTorrent hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\uTorrent\uTorrent.exe -> [2010/03/16 15:47:24 | 000,319,792 | ---- | M] (BitTorrent, Inc.)
VoiceCenter hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Creative\VoiceCenter\AndreaVC.exe -> [2005/09/19 07:42:06 | 001,159,168 | ---- | M] (Andrea Electronics Corporation)
WD Anywhere Backup hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\WD\WD Anywhere Backup\MemeoLauncher2.exe -> [2009/11/12 22:30:44 | 000,222,432 | ---- | M] (Memeo Inc.)
WD Drive Manager hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe -> [2008/01/30 05:50:26 | 000,438,272 | ---- | M] (WDC)
< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> 
"bootini" -> 0 -> 
"services" -> 2 -> 
"startup" -> 2 -> 
"system.ini" -> 0 -> 
"win.ini" -> 0 -> 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
6to4 ->  -> File not found
Ias -> C:\WINDOWS\system32\ias -> [2005/08/16 04:22:48 | 000,000,000 | ---D | M]
Iprip ->  -> File not found
Irmon ->  -> File not found
NWCWorkstation ->  -> File not found
Nwsapagent ->  -> File not found
WmdmPmSp ->  -> File not found
*MultiFile Done* -> -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
batfile [open] -> "%1" %* -> 
cmdfile [open] -> "%1" %* -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
htmlfile [edit] -> "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 -> [2008/11/10 10:50:30 | 000,068,472 | ---- | M] (Microsoft Corporation)
htmlfile [print] -> "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 -> [2008/11/10 10:50:30 | 000,068,472 | ---- | M] (Microsoft Corporation)
piffile [open] -> "%1" %* -> 
scrfile [config] -> "%1" -> 
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2008/04/13 20:12:41 | 000,135,168 | ---- | M] (Microsoft Corporation)
scrfile [open] -> "%1" /S -> 
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> 
Directory [AddToPlaylistVLC] -> "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" -> [2009/10/30 07:28:54 | 000,135,592 | ---- | M] ()
Directory [find] -> %SystemRoot%\Explorer.exe -> [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
Directory [OneNote.Open] -> C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" -> [2009/02/26 15:24:50 | 001,001,840 | ---- | M] (Microsoft Corporation)
Directory [PlayWithVLC] -> "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" -> [2009/10/30 07:28:54 | 000,135,592 | ---- | M] ()
Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
Drive [find] -> %SystemRoot%\Explorer.exe -> [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3} -> Status
{06040048-3E21-46D6-9A91-D927BA08F41D} -> Microsoft Encarta Encyclopedia Standard 2006
{075473F5-846A-448B-BCB3-104AA1760205} -> Roxio RecordNow Data
{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0} -> WebReg
{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B} -> WD Diagnostics
{0BEDBD4E-2D34-47B5-9973-57E62B29307C} -> ATI Control Panel
{0D499481-22C6-4B25-8AC2-6D3F6C885FB9} -> OpenOffice.org Installer 1.0
{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B} -> Microsoft Plus! Photo Story 2 LE
{0F756CD9-4A1E-409B-B101-601DDC4C03AA} -> Qualxserve Service Agreement
{1206EF92-2E83-4859-ACCB-2048C3CB7DA6} -> Roxio DLA
{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F} -> Microsoft Works Suite Add-in for Microsoft Word
{18455581-E099-4BA8-BC6B-F34B2F06600C} -> Google Toolbar for Internet Explorer
{19a5dd5e-9675-41ef-b02a-5bdb53fb5557} -> C309a
{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8} -> HPPhotoSmartDiscLabel_PrintOnDisc
{21657574-BD54-48A2-9450-EB03B2C7FC29} -> Roxio MyDVD LE
{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52} -> Rhapsody Player Engine
{2318C2B1-4965-11d4-9B18-009027A5CD4F} -> Google Toolbar for Internet Explorer
{25569723-DC5A-4467-A639-79535BF01B71} -> Adobe Help Center 2.1
{26A24AE4-039D-4CA4-87B4-2F83216012FF} -> Java(TM) 6 Update 17
{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD} -> QuickTime
{2A329FB6-389D-4396-A974-29656D6864AE} -> MarketResearch
{2D250E57-9890-44a6-B08F-5C02C991EF24} -> HP Photosmart C309a All-In-One Driver Software 12.0 Rel .5
{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC} -> Creative MediaSource
{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C} -> BufferChm
{30465B6C-B53F-49A1-9EBA-A3F187AD502E} -> Roxio Update Manager
{33BB4982-DC52-4886-A03B-F4C5C80BEE89} -> Windows Media Player 10
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP
{352310C3-E46B-42D3-8F32-54721FDD72D9} -> NetZeroInstallers
{3700194C-C5DD-439A-BE06-A66960CA4C70} -> MSVCSetup
{3F92ABBB-6BBF-11D5-B229-002078017FBF} -> NetWaiting
{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54} -> Dell CinePlayer
{4667B940-BB01-428B-986E-A0CC46497BF7} -> ELIcon
{46C73DE4-E96D-4F7C-8371-F28052183B12} -> Sonic Advanced Decoder
{47ECCB1F-2811-49C0-B6A7-26778639ABA0} -> 32 Bit HP CIO Components Installer
{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4} -> SolutionCenter
{4D304678-738E-42a0-931A-2B022F49DEB8} -> TrayApp
{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35} -> UnloadSupport
{51B833D8-66B0-4E72-92B9-4E4977EF37F2} -> WD Drive Manager (x86)
{51F96AEC-D902-4434-A0DC-B9692A21AE7C} -> MobileMe Control Panel
{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB} -> Sound Blaster Audigy ADVANCED MB
{553255F3-78FD-40F1-A6F8-6882140265FE} -> Apple Application Support
{55937F00-A69B-4049-8D3A-1C7729742B6F} -> BUM
{5905F42D-3F5F-4916-ADA6-94A3646AEE76} -> Dell Driver Reset Tool
{5B6BE547-21E2-49CA-B2E2-6A5F470593B1} -> Sonic Activation Module
{5D95AD35-368F-47D5-B63A-A082DDF00116} -> Microsoft Digital Image Standard 2006 Editor
{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C} -> AOLIcon
{63FF21C9-A810-464F-B60A-3111747B1A6D} -> GPBaseService2
{676981B7-A2D9-49D0-9F4C-03018F131DA9} -> DocProc
{67F69C6C-8F2F-4C18-AAA8-9BD64BA1B7FB} -> HyperLoad - Wiffle Baseball
{68131B0A-D78D-4aed-B74E-33A6C7324E50} -> WD Anywhere Backup
{681B698F-C997-42C3-B184-B489C6CA24C9} -> HPPhotoSmartDiscLabelContent1
{691F4068-81BF-49E3-B32E-FE3E16400112} -> Microsoft Digital Image Standard 2006 Library
{6956856F-B6B3-4BE0-BA0B-8F495BE32033} -> Apple Software Update
{6D52C408-B09A-4520-9B18-475B81D393F1} -> Microsoft Works
{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33} -> Digital Content Portal
{6E45BA47-383C-4C1E-8ED0-0D4845C293D7} -> Microsoft Plus! Digital Media Edition Installer
{6EED4269-588D-45b8-A80C-26A9CA62EE4E} -> HPSSupply
{74DC0593-6BC6-4001-AD5F-D810AFB68D86} -> HP Update
{74F7662C-B1DB-489E-A8AC-07A06B24978B} -> Dell System Restore
{76BC2442-0002-47FA-9617-43BAD82BEF4C} -> Bonjour
{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D} -> DellSupport
{800E784D-53E3-4948-B491-9E7FA5EACBDC} -> SmartWebPrinting
{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B} -> Microsoft Streets & Trips 2006
{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA} -> Intel(R) PROSet for Wired Connections
{85D3CC30-8859-481A-9654-FD9B74310BEF} -> Musicmatch® Jukebox
{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5} -> Network
{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} -> Microsoft Silverlight
{8A9B8148-DDD7-448F-BD6C-358386D32354} -> Corel Photo Album 6
{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF} -> URGE
{8D2AE3F6-79DF-423C-91CB-389F6FB5837B} -> Andrea VoiceCenter
{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533} -> TomTom HOME Visual Studio Merge Modules
{90120000-0010-0409-0000-0000000FF1CE} -> Microsoft Software Update for Web Folders  (English) 12
{90120000-0015-0409-0000-0000000FF1CE} -> Microsoft Office Access MUI (English) 2007
{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0016-0409-0000-0000000FF1CE} -> Microsoft Office Excel MUI (English) 2007
{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0018-0409-0000-0000000FF1CE} -> Microsoft Office PowerPoint MUI (English) 2007
{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0019-0409-0000-0000000FF1CE} -> Microsoft Office Publisher MUI (English) 2007
{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-001A-0409-0000-0000000FF1CE} -> Microsoft Office Outlook MUI (English) 2007
{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-001B-0409-0000-0000000FF1CE} -> Microsoft Office Word MUI (English) 2007
{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-001F-0409-0000-0000000FF1CE} -> Microsoft Office Proof (English) 2007
{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045} -> Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045} -> Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
{90120000-001F-040C-0000-0000000FF1CE} -> Microsoft Office Proof (French) 2007
{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787} -> Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787} -> Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
{90120000-001F-0C0A-0000-0000000FF1CE} -> Microsoft Office Proof (Spanish) 2007
{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9} -> Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9} -> Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
{90120000-002C-0409-0000-0000000FF1CE} -> Microsoft Office Proofing (English) 2007
{90120000-006E-0409-0000-0000000FF1CE} -> Microsoft Office Shared MUI (English) 2007
{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-00A1-0409-0000-0000000FF1CE} -> Microsoft Office OneNote MUI (English) 2007
{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0115-0409-0000-0000000FF1CE} -> Microsoft Office Shared Setup Metadata MUI (English) 2007
{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0117-0409-0000-0000000FF1CE} -> Microsoft Office Access Setup Metadata MUI (English) 2007
{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{91120000-0014-0000-0000-0000000FF1CE} -> Microsoft Office Professional 2007
{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} -> Microsoft Office 2007 Service Pack 2 (SP2)
{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF} -> Security Update for Microsoft Office system 2007 (972581)
{91120000-002F-0000-0000-0000000FF1CE} -> Microsoft Office Home and Student 2007
{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} -> Microsoft Office 2007 Service Pack 2 (SP2)
{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF} -> Security Update for Microsoft Office system 2007 (972581)
{980A182F-E0A2-4A40-94C1-AE0C1235902E} -> Pando Media Booster
{9941F0AA-B903-4AF4-A055-83A9815CC011} -> Sonic Encoders
{996A2FAA-7514-4628-9D12-A8FC34A0016E} -> iTunes
{9CCCFD9C-248F-47FE-9496-1680E3E5C163} -> Scan
{9F7FC79B-3059-4264-9450-39EB368E3225} -> Microsoft Digital Image Library 9 - Blocker
{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} -> Microsoft .NET Framework 3.0 Service Pack 2
{A683A2C0-821C-486F-858C-FA634DB5E864} -> EducateU
{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B} -> Adobe Photoshop Elements 5.0
{AB708C9B-97C8-4AC9-899B-DBF226AC9382} -> Roxio RecordNow Audio
{AC13BA3A-336B-45a4-B3FE-2D3058A7B533} -> Toolbox
{AC76BA86-7AD7-1033-7B44-A82000000003} -> Adobe Reader 8.2.2
{B12665F4-4E93-4AB4-B7FC-37053B524629} -> Roxio RecordNow Copy
{B28635AB-1DF3-4F07-BFEA-975D911B549B} -> hpphotosmartdisclabelplugin
{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 -> Spybot - Search & Destroy
{B5C3B892-0849-476C-9F46-B12F84819D57} -> Apple Mobile Device Support
{BA156277-D012-4509-9F9D-5587357B7207} -> Costco Photo Organizer
{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} -> Microsoft .NET Framework 2.0 Service Pack 2
{C43326F5-F135-4551-8270-7F7ABA0462E1} -> HPProductAssistant
{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1
{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} -> SUPERAntiSpyware Free Edition
{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} -> Microsoft .NET Framework 3.5 SP1
{D2988E9B-C73F-422C-AD4B-A66EBE257120} -> MCU
{d3c33f97-7936-4301-815f-2cf4ea5a467f} -> PS_AIO_05_C309_Software_Min
{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC} -> iPod for Windows 2005-09-23
{D5068583-D569-468B-9755-5FBF5848F46F} -> Sony Picture Utility
{D79113E7-274C-470B-BD46-01B10219DF6A} -> HPPhotosmartEssential
{D9D8F2CF-FE2D-4644-9762-01F916FE90A9} -> HPPhotoSmartDiscLabel_PaperLabel
{DE1AF137-C455-494A-A817-EFE44BCCFDEE} -> Works Upgrade
{E3BFEE55-39E2-4BE0-B966-89FE583822C1} -> Dell Support Center (Support Software)
{E93E5EF6-D361-481E-849D-F16EF5C78EBC} -> Musicmatch for Windows Media Player
{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F} -> Fax
{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96} -> Destination Component
{F2A5C8F0-623B-4C96-9BE7-C00D5B80FC78} -> iPod Reset Utility
{F4F4F84E-804F-4E9A-84D7-C34283F0088F} -> RealUpgrade 1.0
{F6B2ED65-7378-4065-802D-F2E5689F3A4E} -> Photo Viewer
{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE} -> DeviceDiscovery
12133444-BF36-4d4e-B7FB-A3424C645DE4 -> GemMaster Mystic
7-Zip -> 7-Zip 4.65
Adobe Flash Player ActiveX -> Adobe Flash Player 10 ActiveX
Adobe Photoshop Elements 5 -> Adobe Photoshop Elements 5.0
Adobe Shockwave Player -> Adobe Shockwave Player 11
America Online us -> America Online (Choose which version to remove)
AOL Uninstaller -> AOL Uninstaller (Choose which Products to Remove)
ATI Display Driver -> ATI Display Driver
B3EE3001-DC24-4cd1-8743-5692C716659F -> Otto
CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1 -> Conexant D850 56K V.9x DFVc Modem
Dell Digital Jukebox Driver -> Dell Digital Jukebox Driver
EmeraldQFE2 -> Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
eMusic Download Manager -> eMusic Download Manager 4.1.3
eMusic Remote -> eMusic Remote 1.0.0.2
eMusic Toolbar -> eMusic Toolbar
ESPNMotion -> ESPNMotion
GoToAssist -> GoToAssist 8.0.0.514
HijackThis -> HijackThis 2.0.2
HOMESTUDENTR -> Microsoft Office Home and Student 2007
HP Imaging Device Functions -> HP Imaging Device Functions 12.0
hp officejet 7100 series 1166721200 -> hp officejet 7100 series
HP Photosmart Essential -> HP Photosmart Essential 3.5
HP Smart Web Printing -> HP Smart Web Printing
HP Solution Center & Imaging Support Tools -> HP Solution Center 13.0
HPExtendedCapabilities -> HP Customer Participation Program 12.0
HPOCR -> OCR Software by I.R.I.S. 12.0
IDNMitigationAPIs -> Microsoft Internationalized Domain Names Mitigation APIs
ie7 -> Windows Internet Explorer 7
ie8 -> Windows Internet Explorer 8
InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC} -> iPod for Windows 2005-09-23
Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware
McAfee Uninstall Utility -> McAfee Uninstaller
Microsoft .NET Framework 1.1  (1033) -> Microsoft .NET Framework 1.1
Microsoft .NET Framework 3.5 SP1 -> Microsoft .NET Framework 3.5 SP1
Money2006b -> Microsoft Money 2006
MSC -> McAfee SecurityCenter
MSCompPackV1 -> Microsoft Compression Client Pack 1.0 for Windows XP
NLSDownlevelMapping -> Microsoft National Language Support Downlevel APIs
OfotoEZUpload -> KODAK EASYSHARE Gallery Upload ActiveX Control
PictureItPrem_v11 -> Microsoft Digital Image Standard 2006
PROR -> Microsoft Office Professional 2007 Trial
PROSet -> Intel(R) PRO Network Connections Drivers
RealPlayer 12.0 -> RealPlayer
Scholastic's I SPY Treasure Hunt -> Scholastic's I SPY Treasure Hunt
Shop for HP Supplies -> Shop for HP Supplies
Sound Blaster Audigy ADVANCED MB Product Registration -> Sound Blaster Audigy ADVANCED MB Product Registration
SpywareBlaster_is1 -> SpywareBlaster 4.1
StreetPlugin -> Learn2 Player (Uninstall Only)
TomTom HOME -> TomTom HOME 2.6.3.1609
uTorrent -> µTorrent
Verizon FiOS Activation_is1 -> Verizon FiOS Activation
ViewpointMediaPlayer -> Viewpoint Media Player
Virtools3DLifePlayer -> Virtools 3D Life Player
VLC media player -> VLC media player 1.0.3
WebCyberCoach_wtrb -> WebCyberCoach 3.2 Dell
Windows Media Format Runtime -> Windows Media Format 11 runtime
Windows Media Player -> Windows Media Player 11
Windows XP Service Pack -> Windows XP Service Pack 3
WMFDist11 -> Windows Media Format 11 runtime
wmp11 -> Windows Media Player 11
Works2006Setup -> Microsoft Works Suite 2006 Setup Launcher
Wudf01000 -> Microsoft User-Mode Driver Framework Feature Pack 1.0
Yahoo! Companion -> Yahoo! Toolbar
< Uninstall List [HKEY_USERS\S-1-5-21-3899734009-1239871535-3738898179-1005\] > -> HKEY_USERS\S-1-5-21-3899734009-1239871535-3738898179-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
{9863F141-7A33-4c9a-A5F2-96996461B216} -> KODAK EASYSHARE Gallery Easy Upload, v2.1
DivXCodecPack -> DivXCodecPack
Move Networks Player - IE -> Move Networks Media Player for Internet Explorer
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 4/15/2010 7:14:55 PM Computer Name = D5G1GS91 | Source = Application Hang | ID = 1002 -> Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 4/15/2010 7:14:59 PM Computer Name = D5G1GS91 | Source = Application Hang | ID = 1001 -> Description = Fault bucket 1180947459.
Application [ Error ] 4/15/2010 7:16:40 PM Computer Name = D5G1GS91 | Source = Application Hang | ID = 1002 -> Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 4/15/2010 7:16:44 PM Computer Name = D5G1GS91 | Source = Application Hang | ID = 1001 -> Description = Fault bucket 1180947459.
Application [ Error ] 4/22/2010 12:43:12 PM Computer Name = D5G1GS91 | Source = Bonjour Service | ID = 100 -> Description = 244: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)
Application [ Error ] 4/22/2010 12:43:12 PM Computer Name = D5G1GS91 | Source = Bonjour Service | ID = 100 -> Description = 232: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)
Application [ Error ] 4/22/2010 12:43:12 PM Computer Name = D5G1GS91 | Source = Bonjour Service | ID = 100 -> Description = 400: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)
Application [ Error ] 4/22/2010 12:43:12 PM Computer Name = D5G1GS91 | Source = Bonjour Service | ID = 100 -> Description = 392: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)
Application [ Error ] 4/22/2010 12:43:12 PM Computer Name = D5G1GS91 | Source = Bonjour Service | ID = 100 -> Description = 412: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)
Application [ Error ] 4/22/2010 12:43:12 PM Computer Name = D5G1GS91 | Source = Bonjour Service | ID = 100 -> Description = 424: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)
OSession [ Error ] 1/28/2008 10:08:03 PM Computer Name = D5G1GS91 | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 97 seconds with 60 seconds of active time.  This session ended with a crash.
OSession [ Error ] 6/24/2008 9:05:45 AM Computer Name = D5G1GS91 | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6308.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 45 seconds with 0 seconds of active time.  This session ended with a crash.
OSession [ Error ] 6/24/2008 9:07:26 AM Computer Name = D5G1GS91 | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6308.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 36 seconds with 0 seconds of active time.  This session ended with a crash.
OSession [ Error ] 3/10/2009 9:36:52 PM Computer Name = D5G1GS91 | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 70 seconds with 60 seconds of active time.  This session ended with a crash.
OSession [ Error ] 3/11/2009 10:00:43 AM Computer Name = D5G1GS91 | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 27 seconds with 0 seconds of active time.  This session ended with a crash.
System [ Error ] 4/20/2010 11:01:01 PM Computer Name = D5G1GS91 | Source = DCOM | ID = 10010 -> Description = The server {6A972E27-93E2-4F98-8367-4101B2073814} did not register with DCOM within the required timeout.
 
[Files/Folders - Created Within 30 Days]
 OTS.exe -> C:\Documents and Settings\Rob\Desktop\OTS.exe -> [2010/04/22 23:44:21 | 000,638,976 | ---- | C] (OldTimer Tools)
 RealArcade -> C:\Program Files\RealArcade -> [2010/04/22 23:31:15 | 000,000,000 | ---D | C]
 SUPERAntiSpyware.com -> C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com -> [2010/04/22 22:23:36 | 000,000,000 | ---D | C]
 SUPERAntiSpyware.com -> C:\Documents and Settings\Rob\Application Data\SUPERAntiSpyware.com -> [2010/04/22 22:23:17 | 000,000,000 | ---D | C]
 SUPERAntiSpyware -> C:\Program Files\SUPERAntiSpyware -> [2010/04/22 22:23:17 | 000,000,000 | ---D | C]
 Wise Installation Wizard -> C:\Program Files\Common Files\Wise Installation Wizard -> [2010/04/22 22:22:50 | 000,000,000 | ---D | C]
 New Folder (2) -> C:\Documents and Settings\Rob\My Documents\New Folder (2) -> [2010/04/22 10:48:12 | 000,000,000 | ---D | C]
 New Folder -> C:\Documents and Settings\Rob\My Documents\New Folder -> [2010/04/09 13:13:19 | 000,000,000 | ---D | C]
 Real -> C:\Documents and Settings\Rob\Local Settings\Application Data\Real -> [2010/04/07 06:59:18 | 000,000,000 | ---D | C]
 xing shared -> C:\Program Files\Common Files\xing shared -> [2010/04/07 06:57:13 | 000,000,000 | ---D | C]
 iTunes -> C:\Program Files\iTunes -> [2010/04/02 11:07:10 | 000,000,000 | ---D | C]
 {429CAD59-35B1-4DBC-BB6D-1DB246563521} -> C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} -> [2010/04/02 11:07:10 | 000,000,000 | ---D | C]
 QuickTime -> C:\Program Files\QuickTime -> [2010/04/02 11:03:16 | 000,000,000 | ---D | C]
 Bonjour -> C:\Program Files\Bonjour -> [2010/04/02 10:58:54 | 000,000,000 | ---D | C]
 8th Grade Baseball -> C:\Documents and Settings\Rob\My Documents\8th Grade Baseball -> [2010/03/30 13:22:36 | 000,000,000 | ---D | C]
 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 
[Files/Folders - Modified Within 30 Days]
 OTS.exe -> C:\Documents and Settings\Rob\Desktop\OTS.exe -> [2010/04/22 23:44:36 | 000,638,976 | ---- | M] (OldTimer Tools)
 SUPERAntiSpyware Free Edition.lnk -> C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2010/04/22 22:23:22 | 000,000,780 | ---- | M] ()
 VETlog.dmp -> C:\VETlog.dmp -> [2010/04/22 21:28:55 | 000,089,399 | ---- | M] ()
 win.ini -> C:\WINDOWS\win.ini -> [2010/04/22 21:28:54 | 000,000,646 | ---- | M] ()
 wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010/04/22 15:50:01 | 000,002,206 | ---- | M] ()
 Jceqhv.job -> C:\WINDOWS\tasks\Jceqhv.job -> [2010/04/22 15:48:42 | 000,000,306 | -HS- | M] ()
 SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010/04/22 15:48:42 | 000,000,006 | -H-- | M] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/04/22 15:48:38 | 000,002,048 | --S- | M] ()
 Config.MPF -> C:\WINDOWS\System32\Config.MPF -> [2010/04/22 12:47:23 | 000,039,137 | ---- | M] ()
 NTUSER.DAT -> C:\Documents and Settings\Rob\NTUSER.DAT -> [2010/04/22 12:47:18 | 012,582,912 | -H-- | M] ()
 ntuser.ini -> C:\Documents and Settings\Rob\ntuser.ini -> [2010/04/22 12:47:18 | 000,000,178 | -HS- | M] ()
 GirlsYouthSoftballSchedule-5thGrade.pdf -> C:\Documents and Settings\Rob\Desktop\GirlsYouthSoftballSchedule-5thGrade.pdf -> [2010/04/22 10:48:32 | 000,076,621 | ---- | M] ()
 iTunes.lnk -> C:\Documents and Settings\All Users\Desktop\iTunes.lnk -> [2010/04/22 09:04:42 | 000,002,137 | ---- | M] ()
 imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2010/04/20 22:58:52 | 000,001,374 | ---- | M] ()
 Adobe Reader 8.lnk -> C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk -> [2010/04/20 14:54:21 | 000,001,729 | ---- | M] ()
 20100420113640862.pdf -> C:\Documents and Settings\Rob\Desktop\20100420113640862.pdf -> [2010/04/20 12:22:59 | 000,765,059 | ---- | M] ()
 wklnhst.dat -> C:\Documents and Settings\Rob\Application Data\wklnhst.dat -> [2010/04/20 12:19:17 | 000,046,806 | ---- | M] ()
 AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2010/04/16 12:46:03 | 000,000,284 | ---- | M] ()
 HousecallLauncher.exe -> C:\Documents and Settings\Rob\Desktop\HousecallLauncher.exe -> [2010/04/15 21:21:32 | 001,840,232 | ---- | M] (Trend Micro)
 McDefragTask.job -> C:\WINDOWS\tasks\McDefragTask.job -> [2010/04/15 01:40:45 | 000,000,346 | ---- | M] ()
 BirthdayList2010.doc -> C:\Documents and Settings\Rob\Desktop\BirthdayList2010.doc -> [2010/04/12 12:22:52 | 000,728,064 | ---- | M] ()
 MovingSale-232PondfieldRdW-April10-10am.xls -> C:\Documents and Settings\Rob\Desktop\MovingSale-232PondfieldRdW-April10-10am.xls -> [2010/04/10 10:01:33 | 000,032,256 | ---- | M] ()
 Payments.xlsx -> C:\Documents and Settings\Rob\My Documents\Payments.xlsx -> [2010/04/08 15:57:54 | 000,012,552 | ---- | M] ()
 pndx5016.dll -> C:\WINDOWS\System32\pndx5016.dll -> [2010/04/07 06:57:32 | 000,006,656 | ---- | M] (RealNetworks, Inc.)
 pndx5032.dll -> C:\WINDOWS\System32\pndx5032.dll -> [2010/04/07 06:57:32 | 000,005,632 | ---- | M] (RealNetworks, Inc.)
 msvcr71.dll -> C:\WINDOWS\System32\msvcr71.dll -> [2010/04/07 06:56:22 | 000,348,160 | ---- | M] (Microsoft Corporation)
 pncrt.dll -> C:\WINDOWS\System32\pncrt.dll -> [2010/04/07 06:56:22 | 000,278,528 | ---- | M] (Real Networks, Inc)
 QuickTime Player.lnk -> C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk -> [2010/04/02 11:03:52 | 000,001,604 | ---- | M] ()
 McQcTask.job -> C:\WINDOWS\tasks\McQcTask.job -> [2010/04/01 01:00:04 | 000,000,348 | ---- | M] ()
 mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation)
 mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation)
 Fire1.mpa -> C:\Documents and Settings\Rob\My Documents\Fire1.mpa -> [2010/03/26 15:47:28 | 003,418,116 | ---- | M] ()
 Power_Hockey_Holiday_Poster.docx -> C:\Documents and Settings\Rob\Desktop\Power_Hockey_Holiday_Poster.docx -> [2010/03/25 14:09:16 | 000,013,375 | ---- | M] ()
 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 
[Files - No Company Name]
 SUPERAntiSpyware Free Edition.lnk -> C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2010/04/22 22:23:22 | 000,000,780 | ---- | C] ()
 GirlsYouthSoftballSchedule-5thGrade.pdf -> C:\Documents and Settings\Rob\Desktop\GirlsYouthSoftballSchedule-5thGrade.pdf -> [2010/04/22 10:48:32 | 000,076,621 | ---- | C] ()
 20100420113640862.pdf -> C:\Documents and Settings\Rob\Desktop\20100420113640862.pdf -> [2010/04/20 12:22:57 | 000,765,059 | ---- | C] ()
 BirthdayList2010.doc -> C:\Documents and Settings\Rob\Desktop\BirthdayList2010.doc -> [2010/04/12 12:22:50 | 000,728,064 | ---- | C] ()
 iTunes.lnk -> C:\Documents and Settings\All Users\Desktop\iTunes.lnk -> [2010/04/02 11:08:25 | 000,002,137 | ---- | C] ()
 QuickTime Player.lnk -> C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk -> [2010/04/02 11:03:52 | 000,001,604 | ---- | C] ()
 MovingSale-232PondfieldRdW-April10-10am.xls -> C:\Documents and Settings\Rob\Desktop\MovingSale-232PondfieldRdW-April10-10am.xls -> [2010/03/29 16:33:13 | 000,032,256 | ---- | C] ()
 Fire1.mpa -> C:\Documents and Settings\Rob\My Documents\Fire1.mpa -> [2010/03/26 15:47:20 | 003,418,116 | ---- | C] ()
 Power_Hockey_Holiday_Poster.docx -> C:\Documents and Settings\Rob\Desktop\Power_Hockey_Holiday_Poster.docx -> [2010/03/25 14:09:16 | 000,013,375 | ---- | C] ()
 actmovie1.dll -> C:\WINDOWS\System32\actmovie1.dll -> [2010/01/20 02:10:11 | 000,129,536 | RHS- | C] ()
 rmoc3260.dll -> C:\WINDOWS\System32\rmoc3260.dll -> [2009/09/24 10:24:59 | 000,185,920 | ---- | C] ()
 liveup.ini -> C:\WINDOWS\liveup.ini -> [2007/06/10 09:53:00 | 000,000,044 | ---- | C] ()
 sbwin.ini -> C:\WINDOWS\sbwin.ini -> [2007/04/25 11:52:21 | 000,000,072 | ---- | C] ()
 cdplayer.ini -> C:\WINDOWS\cdplayer.ini -> [2007/01/28 19:42:36 | 000,000,048 | ---- | C] ()
 KGyGaAvL.sys -> C:\WINDOWS\System32\KGyGaAvL.sys -> [2006/12/21 16:56:31 | 000,003,350 | -HS- | C] ()
 D4F454FC07.sys -> C:\WINDOWS\System32\D4F454FC07.sys -> [2006/12/21 16:56:31 | 000,000,056 | RHS- | C] ()
 DevMgr.ini -> C:\WINDOWS\DevMgr.ini -> [2006/12/21 13:13:32 | 000,002,723 | ---- | C] ()
 Hposcv07.INI -> C:\WINDOWS\Hposcv07.INI -> [2006/12/21 13:09:30 | 000,000,020 | ---- | C] ()
 GlobalUserInterface.CompositeFont -> C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont -> [2006/06/29 15:58:52 | 000,030,808 | ---- | C] ()
 GlobalSansSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont -> [2006/06/29 15:53:56 | 000,026,489 | ---- | C] ()
 GlobalSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSerif.CompositeFont -> [2006/04/18 16:39:28 | 000,029,779 | ---- | C] ()
 GlobalMonospace.CompositeFont -> C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont -> [2006/04/18 16:39:28 | 000,026,040 | ---- | C] ()
 smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2006/04/11 02:23:19 | 000,000,061 | ---- | C] ()
 wininit.ini -> C:\WINDOWS\wininit.ini -> [2006/04/11 02:17:10 | 000,000,300 | ---- | C] ()
 ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2006/04/11 02:13:47 | 000,000,376 | ---- | C] ()
 CTSBMB.INI -> C:\WINDOWS\System32\CTSBMB.INI -> [2006/04/11 02:05:39 | 000,005,811 | ---- | C] ()
 Sigfilt.ini -> C:\WINDOWS\System32\Sigfilt.ini -> [2006/04/11 01:39:30 | 000,004,969 | ---- | C] ()
 ctzapxx.ini -> C:\WINDOWS\System32\ctzapxx.ini -> [2006/04/11 01:39:30 | 000,000,029 | ---- | C] ()
 CTMBHA.DLL -> C:\WINDOWS\System32\CTMBHA.DLL -> [2006/04/11 01:39:14 | 001,345,520 | ---- | C] ()
 EzRating.dll -> C:\WINDOWS\System32\EzRating.dll -> [2006/04/11 01:38:52 | 000,102,480 | ---- | C] ()
 EzdCoIns.dll -> C:\WINDOWS\System32\EzdCoIns.dll -> [2006/04/11 01:38:52 | 000,045,056 | ---- | C] ()
 OEMINFO.INI -> C:\WINDOWS\System32\OEMINFO.INI -> [2006/04/11 01:38:14 | 000,000,392 | ---- | C] ()
 px.ini -> C:\WINDOWS\System32\px.ini -> [2005/11/10 08:56:34 | 000,000,000 | ---- | C] ()
 fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2005/08/16 04:37:24 | 000,001,793 | ---- | C] ()
 psisdecd.dll -> C:\WINDOWS\System32\psisdecd.dll -> [2005/08/05 14:01:54 | 000,235,008 | ---- | C] ()
 win2000.dll -> C:\WINDOWS\System32\win2000.dll -> [2003/06/25 02:38:06 | 000,159,744 | ---- | C] ()
 
[File - Lop Check]
 Citrix -> C:\Documents and Settings\All Users\Application Data\Citrix -> [2008/05/30 12:45:08 | 000,000,000 | ---D | M]
 DIGStream -> C:\Documents and Settings\All Users\Application Data\DIGStream -> [2005/08/16 20:54:52 | 000,000,000 | ---D | M]
 DriverScanner -> C:\Documents and Settings\All Users\Application Data\DriverScanner -> [2009/01/09 10:43:14 | 000,000,000 | ---D | M]
 espionServerData -> C:\Documents and Settings\All Users\Application Data\espionServerData -> [2007/06/08 13:40:34 | 000,000,000 | ---D | M]
 NexonUS -> C:\Documents and Settings\All Users\Application Data\NexonUS -> [2009/05/03 16:46:28 | 000,000,000 | ---D | M]
 PMB Files -> C:\Documents and Settings\All Users\Application Data\PMB Files -> [2009/05/03 16:28:56 | 000,000,000 | ---D | M]
 SupportSoft -> C:\Documents and Settings\All Users\Application Data\SupportSoft -> [2007/11/20 11:25:35 | 000,000,000 | ---D | M]
 TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2009/02/14 13:01:03 | 000,000,000 | ---D | M]
 TomTom -> C:\Documents and Settings\All Users\Application Data\TomTom -> [2009/05/22 00:13:03 | 000,000,000 | ---D | M]
 Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint -> [2007/01/18 12:24:35 | 000,000,000 | ---D | M]
 {00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} -> C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} -> [2009/03/13 13:27:34 | 000,000,000 | ---D | M]
 {429CAD59-35B1-4DBC-BB6D-1DB246563521} -> C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} -> [2010/04/02 11:08:23 | 000,000,000 | ---D | M]
 {755AC846-7372-4AC8-8550-C52491DAA8BD} -> C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} -> [2009/09/11 14:15:32 | 000,000,000 | ---D | M]
 {8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} -> C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} -> [2009/04/10 00:06:22 | 000,000,000 | ---D | M]
 SACore -> C:\Documents and Settings\LocalService\Application Data\SACore -> [2009/09/13 06:41:12 | 000,000,000 | ---D | M]
 Costco Photo Organizer -> C:\Documents and Settings\Rob\Application Data\Costco Photo Organizer -> [2008/06/01 13:11:51 | 000,000,000 | ---D | M]
 Costco Photo Viewer US -> C:\Documents and Settings\Rob\Application Data\Costco Photo Viewer US -> [2008/01/31 12:31:04 | 000,000,000 | ---D | M]
 eMusic -> C:\Documents and Settings\Rob\Application Data\eMusic -> [2007/10/24 18:21:27 | 000,000,000 | ---D | M]
 Leadertech -> C:\Documents and Settings\Rob\Application Data\Leadertech -> [2006/12/21 15:39:26 | 000,000,000 | ---D | M]
 Opera -> C:\Documents and Settings\Rob\Application Data\Opera -> [2007/06/08 23:45:33 | 000,000,000 | ---D | M]
 Printer Info Cache -> C:\Documents and Settings\Rob\Application Data\Printer Info Cache -> [2007/02/13 12:39:38 | 000,000,000 | ---D | M]
 Snapfish -> C:\Documents and Settings\Rob\Application Data\Snapfish -> [2007/06/09 00:46:01 | 000,000,000 | ---D | M]
 TomTom -> C:\Documents and Settings\Rob\Application Data\TomTom -> [2009/05/22 00:12:38 | 000,000,000 | ---D | M]
 Uniblue -> C:\Documents and Settings\Rob\Application Data\Uniblue -> [2009/01/09 10:43:14 | 000,000,000 | ---D | M]
 uTorrent -> C:\Documents and Settings\Rob\Application Data\uTorrent -> [2010/04/22 23:55:15 | 000,000,000 | ---D | M]
 Viewpoint -> C:\Documents and Settings\Rob\Application Data\Viewpoint -> [2007/01/18 12:24:35 | 000,000,000 | ---D | M]
 WD -> C:\Documents and Settings\Rob\Application Data\WD -> [2010/01/23 14:33:14 | 000,000,000 | ---D | M]
 Jceqhv.job -> C:\WINDOWS\Tasks\Jceqhv.job -> [2010/04/22 15:48:42 | 000,000,306 | -HS- | M] ()
 McDefragTask.job -> C:\WINDOWS\Tasks\McDefragTask.job -> [2010/04/15 01:40:45 | 000,000,346 | ---- | M] ()
 McQcTask.job -> C:\WINDOWS\Tasks\McQcTask.job -> [2010/04/01 01:00:04 | 000,000,348 | ---- | M] ()
 
[File - Purity Scan]
 
[Custom Scans]
< %SYSTEMDRIVE%\*.exe >
 aolconnfix.exe -> C:\aolconnfix.exe -> [2006/12/21 13:27:46 | 000,010,920 | ---- | M] ()
< MD5 Scans Start>
< %systemdrive%\AGP440.SYS  /md5 /s >
 AGP440.sys : .cab file  -> C:\i386\sp2.cab:AGP440.sys -> [2004/08/10 05:00:00 | 016,971,599 | ---- | M] ()
 AGP440.sys : .cab file  -> C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys -> [2004/08/10 05:00:00 | 016,971,599 | ---- | M] ()
 AGP440.sys : .cab file  -> C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys -> [2008/07/18 00:29:56 | 023,852,652 | ---- | M] ()
 AGP440.sys : .cab file  -> C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys -> [2008/07/18 00:29:56 | 023,852,652 | ---- | M] ()
 agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7 -> C:\WINDOWS\ServicePackFiles\i386\agp440.sys -> [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation)
 agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7 -> C:\WINDOWS\system32\drivers\agp440.sys -> [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation)
 AGP440.SYS : MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -> C:\i386\AGP440.SYS -> [2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation)
 agp440.sys : MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -> C:\WINDOWS\$NtServicePackUninstall$\agp440.sys -> [2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation)
< %systemdrive%\ATAPI.SYS  /md5 /s >
 atapi.sys : .cab file  -> C:\i386\sp2.cab:atapi.sys -> [2004/08/10 05:00:00 | 016,971,599 | ---- | M] ()
 atapi.sys : .cab file  -> C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys -> [2004/08/10 05:00:00 | 016,971,599 | ---- | M] ()
 atapi.sys : .cab file  -> C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys -> [2008/07/18 00:29:56 | 023,852,652 | ---- | M] ()
 atapi.sys : .cab file  -> C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys -> [2008/07/18 00:29:56 | 023,852,652 | ---- | M] ()
 atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674 -> C:\WINDOWS\ServicePackFiles\i386\atapi.sys -> [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation)
 atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674 -> C:\WINDOWS\system32\drivers\atapi.sys -> [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation)
 atapi.sys : MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -> C:\i386\atapi.sys -> [2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation)
 atapi.sys : MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -> C:\WINDOWS\$NtServicePackUninstall$\atapi.sys -> [2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation)
 atapi.sys : MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -> C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys -> [2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation)
 atapi.sys : MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -> C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys -> [2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation)
< %systemdrive%\EVENTLOG.DLL  /md5 /s >
 eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656 -> C:\WINDOWS\ServicePackFiles\i386\eventlog.dll -> [2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation)
 eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656 -> C:\WINDOWS\system32\eventlog.dll -> [2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation)
 eventlog.dll : MD5=82B24CB70E5944E6E34662205A2A5B78 -> C:\i386\eventlog.dll -> [2004/08/10 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation)
 eventlog.dll : MD5=82B24CB70E5944E6E34662205A2A5B78 -> C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll -> [2004/08/10 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation)
< %systemdrive%\NETLOGON.DLL  /md5 /s >
 netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550 -> C:\WINDOWS\ServicePackFiles\i386\netlogon.dll -> [2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation)
 netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550 -> C:\WINDOWS\system32\netlogon.dll -> [2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation)
 netlogon.dll : MD5=96353FCECBA774BB8DA74A1C6507015A -> C:\i386\netlogon.dll -> [2004/08/10 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation)
 netlogon.dll : MD5=96353FCECBA774BB8DA74A1C6507015A -> C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll -> [2004/08/10 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation)
< %systemdrive%\SCECLI.DLL  /md5 /s >
 scecli.dll : MD5=0F78E27F563F2AAF74B91A49E2ABF19A -> C:\i386\scecli.dll -> [2004/08/10 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation)
 scecli.dll : MD5=0F78E27F563F2AAF74B91A49E2ABF19A -> C:\WINDOWS\$NtServicePackUninstall$\scecli.dll -> [2004/08/10 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation)
 scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -> C:\WINDOWS\ServicePackFiles\i386\scecli.dll -> [2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation)
 scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -> C:\WINDOWS\system32\scecli.dll -> [2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation)
< MD5 Scans End>
< %systemroot%\*. /mp /s >
Restore point Set: OTS Restore Point (0)
< %systemroot%\system32\*.dll /lockedfiles >
 actmovie1.dll : Unable to obtain MD5  -> C:\WINDOWS\system32\actmovie1.dll -> [2010/01/20 02:10:11 | 000,129,536 | RHS- | M] ()
 comsvcs.dll : Unable to obtain MD5  -> C:\WINDOWS\system32\comsvcs.dll -> [2008/04/13 20:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation)
 1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> 
< %systemroot%\Tasks\*.job /lockedfiles >
 Jceqhv.job : Unable to obtain MD5  -> C:\WINDOWS\Tasks\Jceqhv.job -> [2010/04/22 15:48:42 | 000,000,306 | -HS- | M] ()
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
 default.sav -> C:\WINDOWS\system32\config\default.sav -> [2005/08/16 04:27:08 | 000,094,208 | ---- | M] ()
 software.sav -> C:\WINDOWS\system32\config\software.sav -> [2005/08/16 04:27:08 | 000,659,456 | ---- | M] ()
 system.sav -> C:\WINDOWS\system32\config\system.sav -> [2005/08/16 04:27:08 | 000,876,544 | ---- | M] ()
 
[Alternate Data Streams]
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >
```


----------



## NeonFx (Oct 22, 2008)

Please attach results if they're really long so we don't have scroll down the page too much. I gave you instructions on how to do that at the end of step 1.

It's ok to copy and paste results if they're short.


----------



## nyrob (Oct 20, 2003)

Sorry about that, I used the "manage attachments" button and uploaded the OST log file. I have to re-run the GMER scan, it took a long time to run last night, and I think in the middle of it my pc shut down. When I got up this morning it was off, did it by itself, I noticed this has been happening lately for some reason overnight. Today though, I had a message "System recovered from a serious error", then I reported it and it took me to a Windows Error page saying I may have a Device Driver Problem. Can this be part of whatever is infecting my pc? ANyway, I'm running the GMER right now and will post as soon as it's done. Thanks for your help.


----------



## NeonFx (Oct 22, 2008)

Yeah that's common. It's the best antirootkit we have but it is delicate. Do try running it in Safe Mode or without the "Files" scan checked as I suggested earlier if you have trouble.


----------



## nyrob (Oct 20, 2003)

I just ran GMER for 2.5 hours and the thing suddenly stopped and went to a blue screen with the following:

A problem has been detected and windows shut down to prevent damage.

PFN_List_Corrupt

Tech Info: ***STOP: 0x0000004E (0x00000007, 0x00005A7C, 0x00000002, 0x00000000)

Begin Dump of Physical Memory

I am going to try to run it in Safe Mode now and see if that works.


----------



## NeonFx (Oct 22, 2008)

Alright. We're not causing damage to the system, what broke was GMER but because it's trying to embed its components so deeply into Windows, Windows will show a blue screen error when it happens. There's no need to worry about that.


----------



## nyrob (Oct 20, 2003)

Same thing just happened in Safe Mode, quickly this time though. I'll try to uncheck "Files" and see if I can run it.


----------



## NeonFx (Oct 22, 2008)

There are cases when users that have CD/DVD emulators like Daemon Tools or MagicISO will have these problems. Try the following:

(I'm sorry for the trouble)

Please download *DeFogger* to your *desktop*.

Double click *DeFogger* to run the tool.

 The application window will appear
 Click the *Disable* button to disable your CD Emulation drivers
 Click *Yes* to continue
 A *'Finished!'* message will appear
 Click *OK*
 DeFogger will now ask to reboot the machine - click *OK*
*IMPORTANT!* If you receive an error message while running DeFogger, please post the log *defogger_disable* which will appear on your desktop.

*Do not* re-enable these drivers until otherwise instructed.

Try running GMER again after doing that.


----------



## nyrob (Oct 20, 2003)

I ran GMER under Safe Mode, unchecked "Files" and ran it two times, it came back "hasn't found any system modifications" message both times. Do you want me to run Defogger or is that enough info?


----------



## NeonFx (Oct 22, 2008)

We can skip that. Let's do this now:

*NOTE: ComboFix should NOT be used without supervision by someone trained in its use. It does a whole lot more to a system than just remove infected files.*

Download ComboFix from one of these locations:

*Link 1*
*Link 2*

** IMPORTANT !!! Save ComboFix.exe to your Desktop*


*Disable your AntiVirus and AntiSpyware applications*, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. *Note*: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : *Disabling Security Programs*
Double click on ComboFix.exe & follow the prompts.

*Note:* Combofix will run without the Recovery Console installed.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.








Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.

*Notes:*

1.* Do not mouse-click Combofix's window while it is running. That may cause it to stall.*
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of *ALL* CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you please let me know. A increasing number of infections are spreading using Autoplay and leaving it disabled is a good idea. 
4. *CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.*


----------



## nyrob (Oct 20, 2003)

NeonFx:

Did the Combo Fix scan and attached the log file below. Do I have to turn Virus Scan etc back on now?

Thanks again for the help.


----------



## NeonFx (Oct 22, 2008)

Yes, you can turn them on while we're not doing stuff. Did you run this before already?

ComboFix should never be run unless you're authorized to or someone authorized to use it asks you to.

Please attach C:\QooBox\*ComboFix-quarantined-files.txt* and C:\QooBox\*ComboFix2.txt* so that I can see what happened the first time it was run.


----------



## nyrob (Oct 20, 2003)

I've attached the two files. When you ask if I've run this before already, do you mean before today? I ran it once before, maybe two years ago when another person from this website was helping me out. If that's what you meant, then yes, I ran this once before, I think I deleted that log file earlier so I wouldn't confuse them with the new one from today.

Thanks.


----------



## NeonFx (Oct 22, 2008)

I offer you my apologies then. Either you or the person who helped you neglected to properly remove ComboFix from the system that last time though and that's what threw me off. Please make sure you follow my cleanup instructions when I give them to you later as it's an important step.

I'm not seeing anything in your logs. Are you still experiencing the symptoms?

*STEP 1*

Run OTS


Under the *Paste Fix Here* box on the right, paste in the contents of following code box


```
[Unregister Dlls]
[Registry - All]
< HOSTS File > ([2009/02/11 17:25:10 | 000,291,346 | R--- | M] - 10083 lines) -> C:\WINDOWS\system32\drivers\etc\hosts
YN -> Reset Hosts -> 
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
YN -> \{0215843f-45b0-11de-87c0-00038a000015} -> 
YN -> \{361ac05d-0e0d-11da-9aa9-806d6172696f} -> 
YN -> \{4eee9e4a-1213-11df-8881-00038a000015} -> 
[Files/Folders - Modified Within 30 Days]
NY ->  Jceqhv.job -> C:\WINDOWS\tasks\Jceqhv.job
[Empty Temp Folders]
[EmptyFlash]
[ClearAllRestorePoints]
[Reboot]
```

Then click the *Run Fix* button at the top
Let the program run unhindered, reboot the PC when it is done
This will create a log in *C:\_OTS\MovedFiles\<date>_.log* where date and time are those of when the fix was run. Open it from there if it does not appear automatically on reboot. Please copy and paste or attach the contents of that file here.

Note: You may receive some errors while running the fix. Just press Ok and the fix should continue normally. 
If it seems to get stuck, give it some time. It's probably still working.

*STEP 2*








Please run Malwarebytes' Anti-Malware

Update it by clicking on the Update tab and then on the button. 
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Full Scan*", then click *Scan*. Scan all of your harddrives.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

*If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.*

*STEP 3*

*Run ESET Online Scan*


Hold down Control and click on the following link to open ESET OnlineScan in a new window.
*ESET OnlineScan*
Click the








button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on







to download the ESET Smart Installer. *Save* it to your desktop.
Double click on the







icon on your desktop.

Check








Click the







button.
Accept any security warnings from your browser.
Check








Push the *Start* button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push








Push







, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the







button.
Push








You can refer to this animation by *neomage* if needed.


----------



## nyrob (Oct 20, 2003)

Still getting same issues, I did a google search, clicked on one link and it took me to asklots.com page which was hard to maneuver off of. I'm running the OTS and will post when done. Thanks.


----------



## NeonFx (Oct 22, 2008)

Ok. There's still a couple things we can try after these steps.


----------



## nyrob (Oct 20, 2003)

Here's the OTS Log:

All Processes Killed
[Registry - All]
HOSTS file reset successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0215843f-45b0-11de-87c0-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0215843f-45b0-11de-87c0-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4eee9e4a-1213-11df-8881-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4eee9e4a-1213-11df-8881-00038a000015}\ not found.
[Files/Folders - Modified Within 30 Days]
File C:\WINDOWS\tasks\Jceqhv.job not found!
[Empty Temp Folders]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes
->Flash cache emptied: 348 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Rob
->Temp folder emptied: 3577 bytes
->Temporary Internet Files folder emptied: 11269742 bytes
->Java cache emptied: 247225143 bytes
->Flash cache emptied: 539260 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11090 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 247.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: Rob
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restorepoints cleared and new OTS Restore Point set!
< End of fix log >
OTS by OldTimer - Version 3.1.29.0 fix logfile created on 04232010_235043

Files\Folders moved on Reboot...
C:\WINDOWS\temp\HPSLPSVC0004.log moved successfully.

Registry entries deleted on Reboot...


----------



## nyrob (Oct 20, 2003)

Malwarebytes log:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4029

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/24/2010 1:33:10 AM
mbam-log-2010-04-24 (01-33-10).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 239311
Time elapsed: 1 hour(s), 31 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


----------



## NeonFx (Oct 22, 2008)

Alright  Let me know if you have trouble with the last one and if it finds and deletes anything, let me know if that solved the problem.


----------



## nyrob (Oct 20, 2003)

ESET scan comes back after 3.5 hours with No Threats Found.


----------



## NeonFx (Oct 22, 2008)

Alright. Either it's something new that no one has seen before, or the infection isn't on this computer. My guess is that it's your router but let's try the following first:

Please download *GooredFix* from one of the locations below and *save it to your Desktop*
*Download Mirror #1*
*Download Mirror #2*

Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select *Run As Administrator* (Vista).
When prompted to run the scan, click *Yes*.
GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Could you also tell me the make and model of your router/modem?


----------



## nyrob (Oct 20, 2003)

I ran Gooredfix, and it only ran for a few seconds and came back with the log below. I don't have Firefox, not sure if that matters, I know you said to shut it down in your last post.

My router is an Actiontec M1424-WR Rev. D I got from Verizon Fios.

GooredFix log file:

GooredFix by jpshortstuff (08.01.10.1)
Log created at 01:28 on 26/04/2010 (Rob)
Firefox version [Unable to determine]

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files\McAfee\SiteAdvisor" [04:53 26/09/2008]
"[email protected]"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2" [15:26 18/09/2009]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="c:\program files\real\realplayer\browserrecord\firefox\ext" [14:25 24/09/2009]
"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [20:29 11/02/2009]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [08:09 25/01/2010]

-=E.O.F=-


----------



## NeonFx (Oct 22, 2008)

Alright. I just wanted to make sure there wasn't anything there and that was the last place to check. Since you're still experiencing symptoms, lets try resetting your router to it's factory defaults. The only downside to this is that it will also reset all the custom settings like your network's name and whatever passwords you had set.

I accessed the manual for your router here:

http://www.actiontec.com/support/product_details.php?pid=41&typ=all#man

You can use that if you run into trouble or wish to know how to set up the network name and passwords later.

With the router on, use the tip of a ballpoint pen and press and hold the "Reset" button on the back of
the router for at least ten seconds. You'll see the lights on the router turn off and then flash. It'll probably take a little while before internet is restored.

Test out the internet after doing that and let me know if the problems have been resolved.


----------



## nyrob (Oct 20, 2003)

Resetting the router seems to have worked. Do I need to remove any of the stuff I've downloaded or do anything further? Thanks for all your help, I really appreciate it.

nyrob


----------



## NeonFx (Oct 22, 2008)

The main cause of these infections is that the default password on the router was never changed. I don't mean the password on the wireless (though you really should set that as well); I mean the password that is used when connecting to it through your browser.

Excellent. Let's cleanup.

*STEP 1*

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

(If you use Vista or 7 just paste it into the text box that appears next to your start button)

*ComboFix /Uninstall*

Note: If you have trouble and it doesn't want to uninstall using the method described above, you can rename ComboFix.exe to Uninstall.exe and double click on it to uninstall it.

*STEP 2*

To clean up OldTimer's tools, along with a few others, do the following:


Run OTS.exe by double clicking on it
Click on the *"CleanUp"* button on the top.
You will be asked if you wish to reboot your system, select *"Yes"*

*STEP 3*

Remove any other tools or files we used by right-clicking on them or any folders they created, hold down the *Shift* key, and select *"Delete"* by clicking on it. This will delete the files without sending them to the RecycleBin.

You can also uninstall the other programs (HijackThis or MalwareBytes if we used them) by going to Start > Control Panel > Add/Remove programs (The Control Panel is different in different versions of Windows. It will be Programs and Features in Vista and Programs > Uninstall a Program in 7)

You might want to keep MalwareBytes AntiMalware though and that's fine  Make sure you update it before you run the scans in the future.

*All Clean*

Congratulations!,







, *your system is now clean*. Now that your system is safe we would like you to keep it that way. Take the time to follow these instructions and it will greatly reduce the risk of further infections and greatly diminish the chances of you having to visit here again.

*Microsoft Windows Update*
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to *(Start) > (All) Programs > Windows Update*
To update Office
Open up any Office program.
Go to *Help > Check for Updates*

*Install WinPatrol*
Download it HERE
You can find information about how WinPatrol works HERE and HERE

Note: This program will work alongside all other security programs without conflicts. It might ask you to allow certain actions that security programs perform often, but if you tell Scotty to remember the action by checking the option, the alerts will lessen.

*Other Software Updates*
It is very important to update the other software on your computer to patch up any security issues you may have. Go HERE to scan your computer for any out of date software. In particular make sure you download the updates for *Java* and *Adobe* as these are subject to many security vulnerabilities.

*Setting up Automatic Updates*
So that it is not necessary to have to remember to update your computer regularly (something very important to securing your system), automatic updates should be configured on your computer. Microsoft has guides for XP and Vista on how to do this. See HERE for Windows 7.

*Read further information* HERE, HERE, and HERE on how to prevent Malware infections and keep yourself clean.

Please mark this thread as Solved by clicking on the button at the top of this page. Let me know if you need anything else.


----------



## nyrob (Oct 20, 2003)

NeonFX,

Thanks for all your help, but I'm getting some problems again. My PC had shut itself down again, this time though it gets hung up on re-boot. I get a messgage that says "Drive 2 not found: Parallel ATA, PATA-O (PRI IDE Master)

Then there is a delay and I hear some noise on the drive and then a message saying Strike F1 to continue, F2 to run setup utility.

I hit F1 and I get back to "normal", but now my dvd/cd drive is dead and I can't find it anywhere. It won't open, won't do anything, I don't even think it shows up on my system anymore. Also, I think I got a re-direct from a webpage earlier, which I haven't had since you helped me out last week and we reset my router etc.

Let me know what you think.

Thanks.

nyrob


----------



## NeonFx (Oct 22, 2008)

I don't think there is anything we can do about the drive as it has most probably gone bad or something is physically wrong with it. You should create a new topic in our Hardware Forum where others can work together to figure out what happened and what to do about it.

As for the redirection problem, please create a new topic in this forum with the results of a HijackThis scan. I have way too many topics open to take on another at this time. Post a link to it here so that I can keep an eye on it.


----------

