# Windows XP problem



## bimmeracer (Mar 28, 2007)

Im am having trouble running many different programs on my laptop. WMP, bootvis, spyware doctor and many other programs will not start and will show an error that says "*** has encountered a problem and needs to close. We are sorry for the inconvenience." on top of this, whenever I click debug I keep getting a pop up saying DrWatson Postmortum Debugger needs to close. 
Can anyone help me?
Thanks


----------



## bimmeracer (Mar 28, 2007)

here is my hijackthis file

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:26:48 PM, on 3/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe
C:\Program Files\HiJackThis_v2.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.4 85.255.112.15
O17 - HKLM\System\CS1\Services\Tcpip\..\{3A946766-DD4F-401E-8F35-557EA5FA0054}: NameServer = 85.255.115.4,85.255.112.15
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8074 bytes


----------



## bimmeracer (Mar 28, 2007)

also my cpu shows that my its running at a high percentage which it never did since I have 1gb of ram.


----------



## Blackmirror (Dec 5, 2006)

I have asked that your problem is moved to security forum .. so the experts can look at your log .. so sit tight it will be a smooth ride


----------



## Cookiegal (Aug 27, 2003)

Hi and welcome to TSG,

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads a text file will open (report.txt), you can close it - the file has already been saved.

Run HijackThis. Click "Do a System Scan Only", and place a check next to the following items (if found):

*O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.4 85.255.112.15

O17 - HKLM\System\CS1\Services\Tcpip\..\{3A946766-DD4F-401E-8F35-557EA5FA0054}: NameServer = 85.255.115.4,85.255.112.15
*

Click *FIX CHECKED*. Close HijackThis.

Finally, please post the contents of the text file that opened earlier (you can find it at C:\fixwareout\*report.txt* ), along with a new HijackThis log into this topic.


----------



## bimmeracer (Mar 28, 2007)

Thanks guys for the quick responses

here are the logs

*Fixwareout Last edited 2/11/2007
Post this report in the forums please 
...*
»»»»»Prerun check

»»»»» System restarted

»»»»» Postrun check 
HKLM\SOFTWARE\~\Winlogon\ "System"="" 
....
....
»»»»» Misc files. 
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.

Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other

»»»»» Current runs 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 6.0\\avp.exe\""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"=""
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»
*

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:22:34 PM, on 3/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal*

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HiJackThis_v2.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7918 bytes


----------



## bimmeracer (Mar 28, 2007)

any luck?


----------



## Cookiegal (Aug 27, 2003)

Download *AVG Anti-Spyware* from *HERE* and save that file to your desktop.

When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.


Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
On the main screen select the icon "*Update*" then select the "*Update now*" link.
Next select the "*Start Update*" button. The update will start and a progress bar will show the updates being installed.

Once the update has completed, select the "*Scanner*" icon at the top of the screen, then select the "*Settings*" tab.
Once in the Settings screen click on "*Recommended actions*" and then select "*Quarantine*".
Under "*Reports*"
Select "*Automatically generate report after every scan*"
Un-Select "*Only if threats were found*"

Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
Reboot your computer into *Safe Mode*. You can do this by restarting your computer and continually tapping the *F8* key until a menu appears. Use your up arrow key to highlight *Safe Mode* then hit enter.

*IMPORTANT:* Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:

Launch AVG Anti-Spyware by double clicking the icon on your desktop.
Select the "*Scanner*" icon at the top and then the "*Scan*" tab then click on "*Complete System Scan*".
AVG will now begin the scanning process. Please be patient as this may take a little time.
*Once the scan is complete, do the following:*
If you have any infections you will be prompted. Then select "*Apply all actions.*"
Next select the "*Reports*" icon at the top.
Select the "*Save report as*" button in the lower left-hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
Close AVG Anti-Spyware and reboot your system back into Normal Mode.

Please go *HERE* to run Panda's ActiveScan
You need to use IE to run this scan
Once you are on the Panda site click the *Scan your PC* button
A new window will open...click the *Check Now* button
Enter your *Country*
Enter your *State/Province*
Enter your *e-mail address* and click *send*
Select either *Home User* or *Company*
Click the big *Scan Now* button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on *My Computer* to start the scan
When the scan completes, if anything malicious is detected, click the *See Report* button, *then Save Report* and save it to a convenient location. Post the contents of the ActiveScan report

*Come back here and post a new HijackThis log along with the logs from the AVG and Panda scans.*


----------



## bimmeracer (Mar 28, 2007)

Thanks
Here you go

*---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at:	8:25:18 PM 3/28/2007

+ Scan result:	
*

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{39F25B12-74FF-4079-A51F-1D70F5B08B84} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{39F25B12-74FF-4079-A51F-1D70F5B08B84} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-790525478-484763869-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{39F25B12-74FF-4079-A51F-1D70F5B08B84} -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
:mozilla.378:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.401:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.402:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.403:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.404:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.405:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.406:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.407:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.408:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.409:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.410:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.411:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.412:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.413:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.414:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.415:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.416:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.417:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.418:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.419:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.420:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.421:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.422:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.423:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.424:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.425:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.426:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.427:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.428:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.429:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.430:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.431:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.432:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.433:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.434:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.435:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.436:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.437:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.438:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.439:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.440:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.441:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.442:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.443:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.445:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.446:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.447:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.448:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.449:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.450:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.451:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.452:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.464:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.512:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.433:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.434:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.435:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.528:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.529:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.535:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.56:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.61:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.648:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.539:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.540:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.541:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.55:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.57:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.58:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.59:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.60:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.62:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.63:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.640:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.649:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.64:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.35:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.36:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.37:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.38:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.39:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.41:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.41:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\s8kqefej.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.584:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.46:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.136:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.174:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.178:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.179:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.274:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.581:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.582:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.650:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.400:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Cnn : Cleaned.
:mozilla.711:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.712:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.713:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.714:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.780:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.45:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.208:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.236:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.269:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.381:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.387:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.511:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.512:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.525:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.546:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.547:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.548:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.578:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.580:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.602:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.717:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.735:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.278:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.408:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.409:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.


----------



## bimmeracer (Mar 28, 2007)

:mozilla.410:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.411:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.43:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.44:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.236:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.237:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.238:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.344:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.345:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.353:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.519:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.559:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.637:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.793:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.575:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.453:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.454:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.195:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.196:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.197:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.561:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.122:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned.
:mozilla.123:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned.
:mozilla.606:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.607:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.608:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.697:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.698:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.718:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.154:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.155:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.376:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.377:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.610:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.611:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.612:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.338:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.375:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.48:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\s8kqefej.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.181:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.182:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.183:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.184:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.172:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.173:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.262:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.263:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.264:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.100:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.101:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.102:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.103:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.159:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.160:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.161:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.162:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.163:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.164:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.165:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.166:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.167:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.168:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.169:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.170:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.171:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.172:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.173:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.174:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.175:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.176:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.177:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.178:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.179:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.180:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.181:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.83:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.84:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.85:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.86:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.87:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.88:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.89:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.90:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.91:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.92:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.93:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.94:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.95:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.96:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.97:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.98:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.99:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.268:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.269:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.270:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.271:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.630:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.631:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.632:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.633:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.634:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.635:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.553:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.554:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.53:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.54:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.71:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.72:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.73:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.74:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.75:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.76:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.77:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.78:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.79:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.80:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.81:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.82:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.138:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.139:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.180:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.334:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.335:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.336:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.337:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.338:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.455:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Texttbnru : Cleaned.
:mozilla.265:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.266:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.267:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.50:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.807:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.808:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.198:C:\Documents and Settings\Chad P\Application Data\Mozilla\Firefox\Profiles\ci515h2m.default\cookies.txt -> TrackingCookie.Vortexmediagroup : Cleaned.
:mozilla.699:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\Chad P\Cookies\chad [email protected][2].txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.398:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.525:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.168:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.169:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.170:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.171:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.47:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.48:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.49:C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.

::Report end


----------



## bimmeracer (Mar 28, 2007)

Active Scan

Incident Status Location

Adware:adware/whenusearch Not disinfected Windows Registry 
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt[.atwola.com/] 
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Chad P\Application Data\Flock\Browser\Profiles\g14qpkad.default\cookies.txt[.go.com/] 
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Chad P\My Documents\EXE Files\SmitfraudFix\Process.exe 
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\fixwareout\FindT\nircmd.exe 
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe


----------



## bimmeracer (Mar 28, 2007)

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:07:32 PM, on 3/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\HiJackThis_v2.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8404 bytes


----------



## Cookiegal (Aug 27, 2003)

Go to Control Panel - Add/Remove programs and remove:

*Viewpoint
Viewpoint Manager*

Then reboot and post a new HijackThis log please.


----------



## bimmeracer (Mar 28, 2007)

here you go

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:49:56 PM, on 3/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7680 bytes


----------



## Cookiegal (Aug 27, 2003)

How are things running now?

You also need to replace your Sun java with the newest version. There are more vulnerabilities in the older versions that can be exploited.

Go to Add/Remove programs and uninstall all previous versions.

Now go *here* and install the latest version of Java.


----------



## bimmeracer (Mar 28, 2007)

all of my windows programs such as wmp, my pics, bootvis, etc, are still not running.
anymore suggestions?
I think my computer is mssing files to make these programs work. how would I be able to find out what I need to fix?
Thanks


----------



## Cookiegal (Aug 27, 2003)

What happens when you try to run them?


----------



## bimmeracer (Mar 28, 2007)

a screen pops up saying blank program has encountered a problem and needs to close. We are sorry for the inconvenience.
when I click debug it says DrWatson Postmortem Debugger has encountered a problem and needs to close. We are sorry for the inconvenience.


----------



## bimmeracer (Mar 28, 2007)

ttt


----------



## Cookiegal (Aug 27, 2003)

Download *WinPFind3U.exe* to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

Open the WinPFind3u folder and double-click on *WinPFind3U.exe* to start the program.
In the *Processes * group click *ALL* 
In the *Win32 Services * group click *ALL* 
In the *Driver Services * group click *ALL* 
In the *Registry * group click *ALL* 
In the *Files Created Within* group click *30 days* Make sure Non-Microsoft only is *UNCHECKED*
In the *Files Modified Within* group select *30 days* Make sure Non-Microsoft only is *UNCHECKED*
In the *File String Search* group select *ALL*
in the Additional scans sections please press select all 
Now click the *Run Scan* button on the toolbar.
The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file 
Copy/Paste the information back here.


----------



## bimmeracer (Mar 28, 2007)

I have been trying to use that program, but it keeps on freezing. I even left it running for 3 hours and nothing happened. 
Is there anything else I can do?
Thanks


----------



## Cookiegal (Aug 27, 2003)

Can you remove it and redownload it and try again please. There may have been a bug that's been fixed.


----------



## bimmeracer (Mar 28, 2007)

wow that worked thanks.
here is the info

WinPFind3 logfile created on: 4/2/2007 10:54:24 PM
WinPFind3U by OldTimer - Version 1.0.33	Folder = C:\Program Files\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

1022.98 Mb Total Physical Memory | 675.06 Mb Available Physical Memory | 65.99% Memory free
1.28 Gb Paging File | 1.07 Gb Available in Paging File | 83.70% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 33.59 Gb Free Space | 45.07% Space Free
D: Drive not present or media not loaded
Drive E: | 581.17 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free
F: Drive not present or media not loaded

Computer Name: BIMMERACER
Current User Name: Chad P
Logged in as Administrator.
Current Boot Mode: Normal

[Processes - All]
smss.exe -> %System32%\smss.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 50688 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
csrss.exe -> %System32%\csrss.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6144 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
winlogon.exe -> %System32%\winlogon.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 502272 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
services.exe -> %System32%\services.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 108032 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
lsass.exe -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> [Ver = | Size = 323584 bytes | Modified Date = 7/29/2003 2:11:36 PM | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\rpcss.dll [DcomLaunch] -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:50 AM | Attr = ]
-> %System32%\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 295424 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 295424 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\rpcss.dll [RpcSs] -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:50 AM | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\appmgmts.dll [AppMgmt] -> File not found
-> %System32%\audiosrv.dll [AudioSrv] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 42496 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\qmgr.dll [BITS] -> Microsoft Corporation [Ver = 6.6.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 382464 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\browser.dll [Browser] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 77312 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\cryptsvc.dll [CryptSvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 60416 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\dhcpcsvc.dll [Dhcp] -> Microsoft Corporation [Ver = 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003) | Size = 111616 bytes | Modified Date = 5/19/2006 8:59:42 AM | Attr = ]
-> %System32%\dmserver.dll [dmserver] -> Microsoft Corp. [Ver = 2600.2180.503.0 | Size = 23552 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\ersvc.dll [ERSvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 23040 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\es.dll [EventSystem] -> Microsoft Corporation [Ver = 2001.12.4414.308 | Size = 243200 bytes | Modified Date = 7/26/2005 12:39:46 AM | Attr = ]
-> %System32%\shsvcs.dll [FastUserSwitchingCompatibility] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 12/19/2006 5:52:18 PM | Attr = ]
-> %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll [helpsvc] -> File not found
-> %System32%\hidserv.dll [HidServ] -> File not found
-> %System32%\srvsvc.dll [lanmanserver] -> Microsoft Corporation [Ver = 5.1.2600.2577 (xpsp_sp2_gdr.041130-1729) | Size = 96768 bytes | Modified Date = 12/7/2004 3:32:34 PM | Attr = ]
-> %System32%\wkssvc.dll [lanmanworkstation] -> Microsoft Corporation [Ver = 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106) | Size = 132096 bytes | Modified Date = 8/17/2006 8:28:28 AM | Attr = ]
-> %System32%\msgsvc.dll [Messenger] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33792 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\netman.dll [Netman] -> Microsoft Corporation [Ver = 5.1.2600.2743 (xpsp_sp2_gdr.050819-1525) | Size = 197632 bytes | Modified Date = 8/22/2005 2:29:46 PM | Attr = ]
-> %System32%\mswsock.dll [Nla] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\ntmssvc.dll [NtmsSvc] -> Microsoft Corporation [Ver = 5.1.2400.2180 | Size = 435200 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\rasauto.dll [RasAuto] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 89088 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\rasmans.dll [RasMan] -> Microsoft Corporation [Ver = 5.1.2600.2936 (xpsp_sp2_gdr.060621-2347) | Size = 181248 bytes | Modified Date = 6/22/2006 6:47:18 AM | Attr = ]
-> %System32%\mprdim.dll [RemoteAccess] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 49152 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\schedsvc.dll [Schedule] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 190976 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\seclogon.dll [seclogon] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 18944 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\sens.dll [SENS] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 38912 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\ipnathlp.dll [SharedAccess] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\shsvcs.dll [ShellHWDetection] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 12/19/2006 5:52:18 PM | Attr = ]
-> %System32%\srsvc.dll [srservice] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 170496 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\tapisrv.dll [TapiSrv] -> Microsoft Corporation [Ver = 5.1.2600.2716 (xpsp_sp2_gdr.050707-1657) | Size = 249344 bytes | Modified Date = 7/8/2005 12:27:56 PM | Attr = ]
-> %System32%\shsvcs.dll [Themes] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 12/19/2006 5:52:18 PM | Attr = ]
-> %System32%\trkwks.dll [TrkWks] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 90624 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\w32time.dll [W32Time] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 174592 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\wbem\WMIsvc.dll [winmgmt] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 144896 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\MsPMSNSv.dll [WmdmPmSN] -> Microsoft Corporation [Ver = 11.0.5721.5145 | Size = 27136 bytes | Modified Date = 10/18/2006 10:47:16 PM | Attr = ]
-> %System32%\wscsvc.dll [wscsvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 81408 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\wuauserv.dll [wuauserv] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\wzcsvc.dll [WZCSVC] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 359936 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\xmlprov.dll [xmlprov] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K WUDFSERVICEGROUP] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\WUDFSvc.dll [WudfSvc] -> Microsoft Corporation [Ver = 6.0.5716.32 (winmain(wmbla).060928-1756) | Size = 55808 bytes | Modified Date = 9/28/2006 7:56:14 PM | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\dnsrslvr.dll [Dnscache] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 45568 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\alrsvc.dll [Alerter] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 17408 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\lmhsvc.dll [LmHosts] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13824 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\ssdpsrv.dll [SSDPSRV] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 71680 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\upnphost.dll [upnphost] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 185344 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\webclnt.dll [WebClient] -> Microsoft Corporation [Ver = 5.1.2600.2821 (xpsp_sp2_gdr.060103-1536) | Size = 68096 bytes | Modified Date = 1/3/2006 11:35:06 PM | Attr = ]
wltrysvc.exe -> %System32%\WLTRYSVC.EXE -> [Ver = | Size = 18944 bytes | Modified Date = 12/19/2005 9:08:42 AM | Attr = ]
bcmwltry.exe -> %System32%\BCMWLTRY.EXE -> Dell Inc. [Ver = 4.10.47.3 | Size = 1200128 bytes | Modified Date = 12/19/2005 9:08:40 AM | Attr = ]
spoolsv.exe -> %System32%\spoolsv.exe -> Microsoft Corporation [Ver = 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) | Size = 57856 bytes | Modified Date = 6/10/2005 7:53:32 PM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 10:13:20 AM | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K BTHSVCS] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\bthserv.dll [BthServ] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 30208 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
btwdins.exe -> %ProgramFiles%\WIDCOMM\Bluetooth Software\bin\btwdins.exe -> Broadcom Corporation. [Ver = 5.0.1.801 | Size = 266295 bytes | Modified Date = 8/29/2005 4:12:14 PM | Attr = ]
ctsvccda.exe -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 1:01:00 PM | Attr = ]
mdm.exe -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\mdm.exe -> Microsoft Corporation [Ver = 7.10.3077 | Size = 335872 bytes | Modified Date = 3/19/2003 1:55:56 AM | Attr = ]
sdhelp.exe -> %ProgramFiles%\Spyware Doctor\sdhelp.exe -> PC Tools Research Pty Ltd [Ver = 3.6.0.2026 | Size = 895088 bytes | Modified Date = 11/2/2006 5:17:14 PM | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\wiaservc.dll [stisvc] -> Microsoft Corporation [Ver = 5.1.2600.3051 (xpsp_sp2_gdr.061219-0316) | Size = 333824 bytes | Modified Date = 12/19/2006 2:16:48 PM | Attr = ]
calmain.exe -> %ProgramFiles%\Canon\CAL\CALMAIN.exe -> Canon Inc. [Ver = 8, 1, 0, 14 | Size = 96341 bytes | Modified Date = 9/30/2005 7:22:50 PM | Attr = ]
alg.exe -> %System32%\alg.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 44544 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 77824 bytes | Modified Date = 3/31/2007 7:20:10 PM | Attr = ]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 2, 1128, 5462 | Size = 171448 bytes | Modified Date = 3/27/2007 3:02:32 AM | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K HTTPFILTER] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\w3ssl.dll [HTTPFilter] -> Microsoft Corporation [Ver = 6.0.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15872 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
wscntfy.exe -> %System32%\wscntfy.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13824 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
winamp.exe -> %ProgramFiles%\Winamp\winamp.exe -> Nullsoft [Ver = 2.95 | Size = 854016 bytes | Modified Date = 6/25/2003 12:22:12 AM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 500800 bytes | Modified Date = 3/14/2007 7:05:42 PM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 257088 bytes | Modified Date = 3/14/2007 7:05:48 PM | Attr = ]
utorrent.exe -> %ProgramFiles%\utorrent.exe -> [Ver = | Size = 177152 bytes | Modified Date = 2/17/2007 2:52:46 PM | Attr = ]
winpfind3u.exe -> %ProgramFiles%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.33.0 | Size = 318464 bytes | Modified Date = 4/2/2007 10:01:54 PM | Attr = ]
explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]

[Win32 Services - All]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 10/15/2006 1:10:36 AM | Attr = ]
(Alerter) Alerter [Win32_Shared | Disabled | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(ALG) Application Layer Gateway Service [Win32_Own | On_Demand | Running] -> %System32%\alg.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 44544 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(AppMgmt) Application Management [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> Microsoft Corporation [Ver = 2.0.50727.42 (RTM.050727-4200) | Size = 29896 bytes | Modified Date = 9/23/2005 7:28:32 AM | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> [Ver = | Size = 323584 bytes | Modified Date = 7/29/2003 2:11:36 PM | Attr = ]
(AudioSrv) Windows Audio [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 10:13:20 AM | Attr = ]
(AVP) Kaspersky Internet Security 6.0 [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe -> Kaspersky Lab [Ver = 6.0.2.614 | Size = 200768 bytes | Modified Date = 1/29/2007 11:02:04 PM | Attr = ]
(BITS) Background Intelligent Transfer Service [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(Browser) Computer Browser [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(BthServ) Bluetooth Support Service [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(btwdins) Bluetooth Service [Win32_Own | Auto | Running] -> %ProgramFiles%\WIDCOMM\Bluetooth Software\bin\btwdins.exe -> Broadcom Corporation. [Ver = 5.0.1.801 | Size = 266295 bytes | Modified Date = 8/29/2005 4:12:14 PM | Attr = ]
(CCALib8) Canon Camera Access Library 8 [Win32_Own | Auto | Running] -> %ProgramFiles%\Canon\CAL\CALMAIN.exe -> Canon Inc. [Ver = 8, 1, 0, 14 | Size = 96341 bytes | Modified Date = 9/30/2005 7:22:50 PM | Attr = ]
(CiSvc) Indexing Service [Win32_Shared | On_Demand | Stopped] -> %System32%\cisvc.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 5632 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(ClipSrv) ClipBook [Win32_Own | Disabled | Stopped] -> %System32%\clipsrv.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33280 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> Microsoft Corporation [Ver = 2.0.50727.42 (RTM.050727-4200) | Size = 66240 bytes | Modified Date = 9/23/2005 7:28:56 AM | Attr = ]
(COMSysApp) COM+ System Application [Win32_Own | On_Demand | Stopped] -> %System32%\dllhost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 5120 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 1:01:00 PM | Attr = ]
(CryptSvc) Cryptographic Services [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(Dhcp) DHCP Client [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(dmserver) Logical Disk Manager [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(Dnscache) DNS Client [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(ERSvc) Error Reporting Service [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(Eventlog) Event Log [Win32_Shared | Auto | Running] -> %System32%\services.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 108032 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(EventSystem) COM+ Event System [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(FastUserSwitchingCompatibility) Fast User Switching Compatibility [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 3/27/2007 3:02:14 AM | Attr = ]
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(HidServ) Human Interface Device Access [Win32_Shared | Disabled | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(HTTPFilter) HTTP SSL [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(ImapiService) IMAPI CD-Burning COM Service [Win32_Own | On_Demand | Stopped] -> %System32%\imapi.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 150016 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 500800 bytes | Modified Date = 3/14/2007 7:05:42 PM | Attr = ]
(lanmanserver) Server [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(lanmanworkstation) Workstation [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(LmHosts) TCP/IP NetBIOS Helper [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(MDM) Machine Debug Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\mdm.exe -> Microsoft Corporation [Ver = 7.10.3077 | Size = 335872 bytes | Modified Date = 3/19/2003 1:55:56 AM | Attr = ]
(Messenger) Messenger [Win32_Shared | Disabled | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(mnmsrvc) NetMeeting Remote Desktop Sharing [Win32_Own | On_Demand | Stopped] -> %System32%\mnmsrvc.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 | Size = 32768 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(MSDTC) Distributed Transaction Coordinator [Win32_Own | On_Demand | Stopped] -> %System32%\msdtc.exe -> Microsoft Corporation [Ver = 2001.12.4414.258 | Size = 6144 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(MSIServer) Windows Installer [Win32_Shared | On_Demand | Stopped] -> %System32%\msiexec.exe -> Microsoft Corporation [Ver = 3.1.4000.1823 | Size = 78848 bytes | Modified Date = 5/3/2005 12:58:36 PM | Attr = ]
(NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> Nero AG [Ver = 2, 6, 5, 0 | Size = 724992 bytes | Modified Date = 9/12/2006 9:55:36 PM | Attr = ]
(NetDDE) Network DDE [Win32_Shared | Disabled | Stopped] -> %System32%\netdde.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 111104 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(NetDDEdsdm) Network DDE DSDM [Win32_Shared | Disabled | Stopped] -> %System32%\netdde.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 111104 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(Netlogon) Net Logon [Win32_Shared | On_Demand | Stopped] -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(Netman) Network Connections [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(Nla) Network Location Awareness (NLA) [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(NtLmSsp) NT LM Security Support Provider [Win32_Shared | On_Demand | Stopped] -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(NtmsSvc) Removable Storage [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> Microsoft Corporation [Ver = 12.0.3417.1003 | Size = 144576 bytes | Modified Date = 10/29/2005 2:40:44 AM | Attr = ]
(PlugPlay) Plug and Play [Win32_Shared | Auto | Running] -> %System32%\services.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 108032 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(PolicyAgent) IPSEC Services [Win32_Shared | Auto | Running] -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(ProtectedStorage) Protected Storage [Win32_Shared | Auto | Running] -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]


----------



## bimmeracer (Mar 28, 2007)

(RasAuto) Remote Access Auto Connection Manager [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(RasMan) Remote Access Connection Manager [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(RDSessMgr) Remote Desktop Help Session Manager [Win32_Own | On_Demand | Stopped] -> %System32%\sessmgr.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(RemoteAccess) Routing and Remote Access [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(RpcLocator) Remote Procedure Call (RPC) Locator [Win32_Own | On_Demand | Stopped] -> %System32%\locator.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 75264 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(RpcSs) Remote Procedure Call (RPC) [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(RSVP) QoS RSVP [Win32_Own | On_Demand | Stopped] -> %System32%\rsvp.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 132608 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(SamSs) Security Accounts Manager [Win32_Shared | Auto | Running] -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(SCardSvr) Smart Card [Win32_Shared | On_Demand | Stopped] -> %System32%\scardsvr.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 95744 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(Schedule) Task Scheduler [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(SDhelper) PC Tools Spyware Doctor [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\sdhelp.exe -> PC Tools Research Pty Ltd [Ver = 3.6.0.2026 | Size = 895088 bytes | Modified Date = 11/2/2006 5:17:14 PM | Attr = ]
(seclogon) Secondary Logon [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(SENS) System Event Notification [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(SharedAccess) Windows Firewall/Internet Connection Sharing (ICS) [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(ShellHWDetection) Shell Hardware Detection [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(Spooler) Print Spooler [Win32_Own | Auto | Running] -> %System32%\spoolsv.exe -> Microsoft Corporation [Ver = 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) | Size = 57856 bytes | Modified Date = 6/10/2005 7:53:32 PM | Attr = ]
(srservice) System Restore Service [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(SSDPSRV) SSDP Discovery Service [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(stisvc) Windows Image Acquisition (WIA) [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(SwPrv) MS Software Shadow Copy Provider [Win32_Own | On_Demand | Stopped] -> %System32%\dllhost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 5120 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(SysmonLog) Performance Logs and Alerts [Win32_Own | On_Demand | Stopped] -> %System32%\smlogsvc.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 89600 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(TapiSrv) Telephony [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(TermService) Terminal Services [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(Themes) Themes [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(TrkWks) Distributed Link Tracking Client [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(upnphost) Universal Plug and Play Device Host [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ] 
(UPS) Uninterruptible Power Supply [Win32_Own | On_Demand | Stopped] -> %System32%\ups.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 18432 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(VSS) Volume Shadow Copy [Win32_Own | On_Demand | Stopped] -> %System32%\vssvc.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 289792 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(W32Time) Windows Time [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(WebClient) WebClient [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(winmgmt) Windows Management Instrumentation [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(wltrysvc) Dell Wireless WLAN Tray Service [Win32_Own | Auto | Running] -> %System32%\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe -> File not found
(WmdmPmSN) Portable Media Serial Number Service [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(WmiApSrv) WMI Performance Adapter [Win32_Own | On_Demand | Stopped] -> %System32%\wbem\wmiapsrv.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 126464 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\wmpnetwk.exe -> Microsoft Corporation [Ver = 11.0.5721.5145 (WMP_11.061018-2006) | Size = 913408 bytes | Modified Date = 10/18/2006 8:05:24 PM | Attr = ]
(wscsvc) Security Center [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(wuauserv) Automatic Updates [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(WudfSvc) Windows Driver Foundation - User-mode Driver Framework [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(WZCSVC) Wireless Zero Configuration [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(xmlprov) Network Provisioning Service [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(ZuneNetworkSvc) Zune Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Zune\ZuneNss.exe -> Microsoft Corporation [Ver = 1.2.5511.0 (Zune.061212-1431) | Size = 971224 bytes | Modified Date = 12/12/2006 3:46:26 PM | Attr = ]

[Driver Services - All]
(61883) 61883 Unit Device [Kernel | On_Demand | Stopped] -> %System32%\drivers\61883.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 48128 bytes | Modified Date = 8/4/2004 12:10:12 AM | Attr = ]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found
(ACPI) Microsoft ACPI Driver [Kernel | Boot | Running] -> %System32%\drivers\acpi.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 187776 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(ACPIEC) Microsoft Embedded Controller Driver [Kernel | Boot | Running] -> %System32%\drivers\acpiec.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 11648 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found
(aec) Microsoft Kernel Acoustic Echo Canceller [Kernel | On_Demand | Stopped] -> %System32%\drivers\aec.sys -> Microsoft Corporation [Ver = 5.1.2601.2180 | Size = 142464 bytes | Modified Date = 2/14/2006 8:22:26 PM | Attr = ]
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.2.0.3 [Kernel | Auto | Running] -> %System32%\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.2.0.3 | Size = 17801 bytes | Modified Date = 10/10/2006 2:22:26 AM | Attr = ]
(AFD) AFD [Kernel | System | Running] -> %System32%\drivers\afd.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 138496 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(agp440) Intel AGP Bus Filter [Kernel | Boot | Running] -> %System32%\drivers\AGP440.SYS -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 42368 bytes | Modified Date = 8/3/2004 11:07:42 PM | Attr = ]
(Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found
(Arp1394) 1394 ARP Client Protocol [Kernel | On_Demand | Running] -> %System32%\drivers\arp1394.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 60800 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(asc) asc [Kernel | Disabled | Stopped] -> -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found
(AsyncMac) RAS Asynchronous Media Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\asyncmac.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(atapi) Standard IDE/ESDI Hard Disk Controller [Kernel | Boot | Running] -> %System32%\drivers\atapi.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 95360 bytes | Modified Date = 8/3/2004 10:59:44 PM | Attr = ]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %System32%\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6371 | Size = 587264 bytes | Modified Date = 7/29/2003 2:13:32 PM | Attr = ]
(Atmarpc) ATM ARP Client Protocol [Kernel | On_Demand | Stopped] -> %System32%\drivers\atmarpc.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(audstub) Audio Stub Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\audstub.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 3072 bytes | Modified Date = 8/17/2001 9:59:44 AM | Attr = ]
(Avc) AVC Device [Kernel | On_Demand | Stopped] -> %System32%\drivers\avc.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 38912 bytes | Modified Date = 8/4/2004 12:10:12 AM | Attr = ]
(AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.sys -> [Ver = | Size = 4096 bytes | Modified Date = 9/28/2006 10:13:34 AM | Attr = ]
(AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 9/5/2006 12:03:16 PM | Attr = ]
(AWINDIS5) AWINDIS5 Protocol Driver [Kernel | On_Demand | Stopped] -> %System32%\AWINDIS5.SYS -> AMBIT Microsystems Corporation. [Ver = 5.00.13.50 | Size = 16194 bytes | Modified Date = 4/11/2002 5:43:44 PM | Attr = ]
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> %System32%\drivers\bcm4sbxp.sys -> Broadcom Corporation [Ver = 4.37.0.0 built by: WinDDK | Size = 45312 bytes | Modified Date = 8/5/2005 11:32:16 AM | Attr = ]
(Beep) Beep [Kernel | System | Running] -> %System32%\drivers\beep.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 4224 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(btaudio) Bluetooth Audio Device [Kernel | On_Demand | Stopped] -> %System32%\drivers\btaudio.sys -> Broadcom Corporation. [Ver = 5.0.1.801 | Size = 428269 bytes | Modified Date = 8/29/2005 4:01:38 PM | Attr = ]
(BTDriver) Bluetooth Virtual Communications Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\btport.sys -> Broadcom Corporation. [Ver = 5.0.1.801 | Size = 30363 bytes | Modified Date = 8/29/2005 3:55:18 PM | Attr = ]
(BthEnum) Bluetooth Request Block Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\BthEnum.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 17024 bytes | Modified Date = 8/3/2004 11:10:40 PM | Attr = ]
(BthPan) Bluetooth Device (Personal Area Network) [Kernel | On_Demand | Stopped] -> %System32%\drivers\bthpan.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 100992 bytes | Modified Date = 8/3/2004 10:58:40 PM | Attr = ]
(BTHPORT) Bluetooth Port Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\bthport.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 274304 bytes | Modified Date = 8/3/2004 11:10:38 PM | Attr = ]
(BTHUSB) Bluetooth Radio USB Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\BTHUSB.SYS -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 18944 bytes | Modified Date = 8/3/2004 11:10:36 PM | Attr = ]
(BTKRNL) Bluetooth Bus Enumerator [Kernel | On_Demand | Running] -> %System32%\drivers\btkrnl.sys -> Broadcom Corporation. [Ver = 5.0.1.801 | Size = 853258 bytes | Modified Date = 8/29/2005 5:45:34 PM | Attr = ]
(BTWDNDIS) Bluetooth LAN Access Server [Kernel | On_Demand | Stopped] -> %System32%\drivers\btwdndis.sys -> Broadcom Corporation. [Ver = 5.0.1.801 | Size = 148360 bytes | Modified Date = 8/29/2005 3:51:48 PM | Attr = ]
(BTWUSB) WIDCOMM USB Bluetooth Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\btwusb.sys -> Broadcom Corporation. [Ver = 5.0.1.801 | Size = 64344 bytes | Modified Date = 8/29/2005 3:54:36 PM | Attr = ]
(cbidf2k) cbidf2k [Kernel | Disabled | Stopped] -> %System32%\drivers\cbidf2k.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 13952 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(CCDECODE) Closed Caption Decoder [Kernel | On_Demand | Stopped] -> %System32%\drivers\CCDECODE.sys -> Microsoft Corporation [Ver = 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 17024 bytes | Modified Date = 8/4/2004 12:10:18 AM | Attr = ]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found
(Cdaudio) Cdaudio [Kernel | System | Stopped] -> %System32%\drivers\cdaudio.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 18688 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(Cdfs) Cdfs [File_System | Disabled | Running] -> %System32%\drivers\cdfs.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 63744 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(Cdrom) CD-ROM Driver [Kernel | System | Running] -> %System32%\drivers\cdrom.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(cercsr6) cercsr6 [Kernel | Boot | Stopped] -> %System32%\drivers\cercsr6.sys -> Adaptec, Inc. [Ver = 4.1.0.7405 | Size = 39904 bytes | Modified Date = 3/22/2005 4:49:10 PM | Attr = ]
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmBatt) Microsoft ACPI Control Method Battery Driver [Kernel | On_Demand | Running] -> %System32%\drivers\CmBatt.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14080 bytes | Modified Date = 8/3/2004 7:07:40 PM | Attr = ]
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found
(Compbatt) Microsoft Composite Battery Driver [Kernel | Boot | Running] -> %System32%\drivers\compbatt.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 9344 bytes | Modified Date = 8/17/2001 9:58:00 AM | Attr = ]
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found
(Disk) Disk Driver [Kernel | Boot | Running] -> %System32%\drivers\disk.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 36352 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(DMusic) Microsoft Kernel DLS Syntheiszer [Kernel | On_Demand | Stopped] -> %System32%\drivers\DMusic.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 52864 bytes | Modified Date = 8/3/2004 11:07:40 PM | Attr = ]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found
(drmkaud) Microsoft Kernel DRM Audio Descrambler [Kernel | On_Demand | Stopped] -> %System32%\drivers\drmkaud.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 2944 bytes | Modified Date = 8/3/2004 11:07:58 PM | Attr = ]
(EGXFilter) EGXFilter [Kernel | On_Demand | Stopped] -> %System32%\drivers\egxfilter.sys -> [Ver = 4.03.03.2616 | Size = 90624 bytes | Modified Date = 2/16/2006 2:20:58 AM | Attr = ]
(Fastfat) Fastfat [File_System | Disabled | Stopped] -> %System32%\drivers\fastfat.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 143360 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(Fdc) Fdc [Kernel | System | Stopped] -> %System32%\drivers\fdc.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 27392 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(Fips) Fips [Kernel | System | Running] -> %System32%\drivers\fips.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 34944 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(Flpydisk) Flpydisk [Kernel | System | Stopped] -> %System32%\drivers\flpydisk.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20480 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(FltMgr) FltMgr [File_System | Boot | Running] -> %System32%\drivers\fltmgr.sys -> Microsoft Corporation [Ver = 5.1.2600.2978 (xpsp_sp2_gdr.060821-0039) | Size = 128896 bytes | Modified Date = 8/21/2006 5:14:58 AM | Attr = ]
(Ftdisk) Volume Manager Driver [Kernel | Boot | Running] -> %System32%\drivers\ftdisk.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 125056 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(GEARAspiWDM) GEAR CDRom Filter [Kernel | On_Demand | Running] -> %System32%\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 4:44:04 PM | Attr = ]
(giveio) giveio [Kernel | Boot | Running] -> %System32%\giveio.sys -> [Ver = | Size = 5248 bytes | Modified Date = 4/3/1996 3:33:26 PM | Attr = ]
(Gpc) Generic Packet Classifier [Kernel | On_Demand | Running] -> %System32%\drivers\msgpc.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 35072 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(HidUsb) Microsoft HID Class Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\hidusb.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 9600 bytes | Modified Date = 8/17/2001 3:02:20 PM | Attr = ]
(hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found
(HSFHWICH) HSFHWICH [Kernel | On_Demand | Running] -> %System32%\drivers\HSFHWICH.sys -> Conexant Systems, Inc. [Ver = 6.02.09.02 | Size = 189056 bytes | Modified Date = 7/3/2003 3:59:06 PM | Attr = ]
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_DP.sys -> Conexant Systems, Inc. [Ver = 6.02.09.02 | Size = 1063936 bytes | Modified Date = 7/3/2003 3:55:48 PM | Attr = ]
(HTTP) HTTP [Kernel | On_Demand | Running] -> %System32%\drivers\http.sys -> Microsoft Corporation [Ver = 5.1.2600.2869 (xpsp_sp2_gdr.060316-1512) | Size = 262784 bytes | Modified Date = 3/16/2006 8:33:10 PM | Attr = ]
(i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] -> -> File not found
(i8042prt) i8042 Keyboard and PS/2 Mouse Port Driver [Kernel | System | Running] -> %System32%\drivers\i8042prt.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 52736 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(ikhfile) File Security Kernel Anti-Spyware Driver [File_System | System | Running] -> %System32%\drivers\ikhfile.sys -> PCTools Research Pty Ltd. [Ver = 3, 6, 1, 2014 | Size = 30592 bytes | Modified Date = 7/10/2006 5:38:38 PM | Attr = ]
(ikhlayer) Kernel Anti-Spyware Driver [Kernel | System | Running] -> %System32%\drivers\ikhlayer.sys -> PCTools Research Pty Ltd. [Ver = 3, 6, 1, 2011 | Size = 51072 bytes | Modified Date = 8/24/2006 12:40:36 PM | Attr = ]
(Imapi) CD-Burning Filter Driver [Kernel | System | Running] -> %System32%\drivers\imapi.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 41856 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found
(IntelIde) IntelIde [Kernel | Boot | Running] -> %System32%\drivers\intelide.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 5504 bytes | Modified Date = 8/3/2004 6:59:42 PM | Attr = ]
(intelppm) Intel Processor Driver [Kernel | System | Running] -> %System32%\drivers\intelppm.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 36096 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(Ip6Fw) IPv6 Windows Firewall Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ip6fw.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 29056 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(IpFilterDriver) IP Traffic Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ipfltdrv.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 32896 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(IpInIp) IP in IP Tunnel Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ipinip.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20992 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(IpNat) IP Network Address Translator [Kernel | On_Demand | Running] -> %System32%\drivers\ipnat.sys -> Microsoft Corporation [Ver = 5.1.2600.2524 (xpsp_sp2_gdr.040919-1056) | Size = 134912 bytes | Modified Date = 9/29/2004 6:28:38 PM | Attr = ]
(IPSec) IPSEC driver [Kernel | System | Running] -> %System32%\drivers\ipsec.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 74752 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(IRENUM) IR Enumerator Service [Kernel | On_Demand | Stopped] -> %System32%\drivers\irenum.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 11264 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(isapnp) PnP ISA/EISA Bus Driver [Kernel | Boot | Running] -> %System32%\drivers\isapnp.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 35840 bytes | Modified Date = 8/17/2001 1:58:02 PM | Attr = ]
(Kbdclass) Keyboard Class Driver [Kernel | System | Running] -> %System32%\drivers\kbdclass.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(kl1) kl1 [Kernel | Boot | Running] -> %System32%\drivers\kl1.sys -> Kaspersky Lab [Ver = 6.1.13.0 | Size = 109848 bytes | Modified Date = 1/25/2007 7:27:38 PM | Attr = ]
(klif) klif [Kernel | System | Running] -> %System32%\drivers\klif.sys -> Kaspersky Lab [Ver = 6.12.10.261 | Size = 175888 bytes | Modified Date = 1/27/2007 5:52:46 PM | Attr = ]
(kmixer) Microsoft Kernel Wave Audio Mixer [Kernel | On_Demand | Running] -> %System32%\drivers\kmixer.sys -> Microsoft Corporation [Ver = 5.1.2600.2929 (xpsp_sp2_gdr.060613-2359) | Size = 172416 bytes | Modified Date = 6/14/2006 4:47:46 AM | Attr = ]
(KSecDD) KSecDD [Kernel | Boot | Running] -> %System32%\drivers\ksecdd.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92032 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %System32%\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.002 | Size = 11043 bytes | Modified Date = 4/9/2003 1:48:08 PM | Attr = ]
(mnmdd) mnmdd [Kernel | System | Running] -> %System32%\drivers\mnmdd.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 4224 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(Modem) Modem [Kernel | On_Demand | Running] -> %System32%\drivers\modem.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 30080 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(Mouclass) Mouse Class Driver [Kernel | System | Running] -> %System32%\drivers\mouclass.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 23040 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(MountMgr) MountMgr [Kernel | Boot | Running] -> %System32%\drivers\mountmgr.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 42240 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]


----------



## bimmeracer (Mar 28, 2007)

(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found
(MRxDAV) WebDav Client Redirector [File_System | On_Demand | Running] -> %System32%\drivers\mrxdav.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 181248 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(MRxSmb) MRxSmb [File_System | System | Running] -> %System32%\drivers\mrxsmb.sys -> Microsoft Corporation [Ver = 5.1.2600.2902 (xpsp_sp2_gdr.060505-0036) | Size = 453120 bytes | Modified Date = 5/5/2006 5:41:46 AM | Attr = ]
(MSDV) Microsoft DV Camera and VCR [Kernel | On_Demand | Stopped] -> %System32%\drivers\msdv.sys -> Microsoft Corporation [Ver = 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 51328 bytes | Modified Date = 8/4/2004 12:10:00 AM | Attr = ]
(Msfs) Msfs [File_System | System | Running] -> %System32%\drivers\msfs.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 19072 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(MSKSSRV) Microsoft Streaming Service Proxy [Kernel | On_Demand | Stopped] -> %System32%\drivers\MSKSSRV.sys -> Microsoft Corporation [Ver = 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 7552 bytes | Modified Date = 8/3/2004 10:58:42 PM | Attr = ]
(MSPCLOCK) Microsoft Streaming Clock Proxy [Kernel | On_Demand | Stopped] -> %System32%\drivers\MSPCLOCK.sys -> Microsoft Corporation [Ver = 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 5376 bytes | Modified Date = 8/3/2004 10:58:40 PM | Attr = ]
(MSPQM) Microsoft Streaming Quality Manager Proxy [Kernel | On_Demand | Stopped] -> %System32%\drivers\MSPQM.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 4992 bytes | Modified Date = 8/3/2004 10:58:42 PM | Attr = ]
(mssmbios) Microsoft System Management BIOS Driver [Kernel | On_Demand | Running] -> %System32%\drivers\mssmbios.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15488 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(MSTEE) Microsoft Streaming Tee/Sink-to-Sink Converter [Kernel | On_Demand | Stopped] -> %System32%\drivers\MSTEE.sys -> Microsoft Corporation [Ver = 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 5504 bytes | Modified Date = 8/3/2004 11:58:40 PM | Attr = ]
(Mup) Mup [File_System | Boot | Running] -> %System32%\drivers\mup.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 107904 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(NABTSFEC) NABTS/FEC VBI Codec [Kernel | On_Demand | Stopped] -> %System32%\drivers\NABTSFEC.sys -> Microsoft Corporation [Ver = 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 85376 bytes | Modified Date = 8/4/2004 12:10:30 AM | Attr = ]
(NDIS) NDIS System Driver [Kernel | Boot | Running] -> %System32%\drivers\ndis.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 182912 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(NdisIP) Microsoft TV/Video Connection [Kernel | On_Demand | Stopped] -> %System32%\drivers\NdisIP.sys -> Microsoft Corporation [Ver = 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 10880 bytes | Modified Date = 8/4/2004 12:10:14 AM | Attr = ]
(NdisTapi) Remote Access NDIS TAPI Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ndistapi.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 9600 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(Ndisuio) NDIS Usermode I/O Protocol [Kernel | On_Demand | Running] -> %System32%\drivers\ndisuio.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 12928 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(NdisWan) Remote Access NDIS WAN Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ndiswan.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 91776 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(NDProxy) NDIS Proxy [Kernel | On_Demand | Running] -> %System32%\drivers\ndproxy.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 38016 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(NetBIOS) NetBIOS Interface [File_System | System | Running] -> %System32%\drivers\netbios.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 34560 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(NetBT) NetBios over Tcpip [Kernel | System | Running] -> %System32%\drivers\netbt.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 162816 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(NETGEAR_WG511_SERVICE) NETGEAR WG511T Wireless Adapter Service [Kernel | On_Demand | Running] -> %System32%\drivers\wg511nd5.sys -> Atheros Communications, Inc. [Ver = 4.0.0.140 | Size = 449888 bytes | Modified Date = 7/25/2005 4:48:36 PM | Attr = ]
(NIC1394) 1394 Net Driver [Kernel | On_Demand | Running] -> %System32%\drivers\nic1394.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 61824 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(Npfs) Npfs [File_System | System | Running] -> %System32%\drivers\npfs.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 30848 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(Ntfs) Ntfs [File_System | Disabled | Running] -> %System32%\drivers\ntfs.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 574592 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(Null) Null [Kernel | System | Running] -> %System32%\drivers\null.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 2944 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(NwlnkFlt) IPX Traffic Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\nwlnkflt.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12416 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(NwlnkFwd) IPX Traffic Forwarder Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\nwlnkfwd.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 32512 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(ohci1394) Texas Instruments OHCI Compliant IEEE 1394 Host Controller [Kernel | Boot | Running] -> %System32%\drivers\ohci1394.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 61056 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(OMCI) OMCI [Kernel | System | Running] -> %System32%\drivers\omci.sys -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 13632 bytes | Modified Date = 8/22/2001 8:42:58 AM | Attr = ]
(PalmUSBD) PalmUSBD [Kernel | On_Demand | Stopped] -> %System32%\drivers\PalmUSBD.sys -> PalmSource, Inc. [Ver = 6, 0, 1, 0 | Size = 16694 bytes | Modified Date = 10/16/2006 7:23:50 PM | Attr = ]
(Parport) Parport [Kernel | On_Demand | Stopped] -> %System32%\drivers\parport.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 80128 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(PartMgr) PartMgr [Kernel | Boot | Running] -> %System32%\drivers\partmgr.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 18688 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(ParVdm) ParVdm [Kernel | Auto | Stopped] -> %System32%\drivers\parvdm.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 6784 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(PCI) PCI Bus Driver [Kernel | Boot | Running] -> %System32%\drivers\pci.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68224 bytes | Modified Date = 8/3/2004 11:07:48 PM | Attr = ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PCIIde) PCIIde [Kernel | Boot | Running] -> %System32%\drivers\pciide.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 3328 bytes | Modified Date = 8/17/2001 1:51:52 PM | Attr = ]
(Pcmcia) Pcmcia [Kernel | Boot | Running] -> %System32%\drivers\pcmcia.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 119936 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found
(PptpMiniport) WAN Miniport (PPTP) [Kernel | On_Demand | Running] -> %System32%\drivers\raspptp.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 48384 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(PSched) QoS Packet Scheduler [Kernel | On_Demand | Running] -> %System32%\drivers\psched.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\PxHelp20.sys -> Sonic Solutions [Ver = 3.00.43J | Size = 36624 bytes | Modified Date = 2/23/2007 12:29:54 AM | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> -> File not found
(RasAcd) Remote Access Auto Connection Driver [Kernel | System | Running] -> %System32%\drivers\rasacd.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 8832 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(Rasl2tp) WAN Miniport (L2TP) [Kernel | On_Demand | Running] -> %System32%\drivers\rasl2tp.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 51328 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(RasPppoe) Remote Access PPPOE Driver [Kernel | On_Demand | Running] -> %System32%\drivers\raspppoe.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 41472 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(Raspti) Direct Parallel [Kernel | On_Demand | Running] -> %System32%\drivers\raspti.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 16512 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(Rdbss) Rdbss [File_System | System | Running] -> %System32%\drivers\rdbss.sys -> Microsoft Corporation [Ver = 5.1.2600.2902 (xpsp_sp2_gdr.060505-0036) | Size = 174592 bytes | Modified Date = 5/5/2006 5:47:58 AM | Attr = ]
(RDPCDD) RDPCDD [Kernel | System | Running] -> %System32%\drivers\rdpcdd.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 4224 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(RDPWD) RDPWD [Kernel | On_Demand | Stopped] -> %System32%\drivers\rdpwd.sys -> Microsoft Corporation [Ver = 5.1.2600.2695 (xpsp_sp2_gdr.050609-1528) | Size = 139528 bytes | Modified Date = 6/10/2005 12:09:46 AM | Attr = ]
(redbook) Digital CD Audio Playback Filter Driver [Kernel | System | Running] -> %System32%\drivers\redbook.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 57472 bytes | Modified Date = 8/3/2004 6:59:38 PM | Attr = ]
(RFCOMM) Bluetooth Device (RFCOMM Protocol TDI) [Kernel | On_Demand | Stopped] -> %System32%\drivers\rfcomm.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59648 bytes | Modified Date = 8/3/2004 11:10:40 PM | Attr = ]
(scio) scio [Kernel | System | Running] -> %System32%\drivers\scio.sys -> SoftCollection [Ver = 5.00.2195.5438 | Size = 3072 bytes | Modified Date = 11/7/2006 3:41:04 PM | Attr = ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys -> [Ver = | Size = 27440 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(Serial) Serial [Kernel | Auto | Stopped] -> %System32%\drivers\serial.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 64896 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(Sfloppy) Sfloppy [Kernel | System | Stopped] -> %System32%\drivers\sfloppy.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 11392 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(SLIP) BDA Slip De-Framer [Kernel | On_Demand | Stopped] -> %System32%\drivers\SLIP.sys -> Microsoft Corporation [Ver = 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 11136 bytes | Modified Date = 8/4/2004 12:10:18 AM | Attr = ]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> -> File not found
(speedfan) speedfan [Kernel | Boot | Running] -> %System32%\speedfan.sys -> Windows (R) 2000 DDK provider [Ver = 5.00.2195.5438 | Size = 5248 bytes | Modified Date = 9/24/2006 9:28:48 AM | Attr = ]
(splitter) Microsoft Kernel Audio Splitter [Kernel | On_Demand | Stopped] -> %System32%\drivers\splitter.sys -> Microsoft Corporation [Ver = 5.1.2600.2929 (xpsp_sp2_gdr.060613-2359) | Size = 6400 bytes | Modified Date = 6/14/2006 4:47:46 AM | Attr = ]
(sptd) sptd [Kernel | Boot | Running] -> %System32%\drivers\sptd.sys -> [Ver = | Size = 611064 bytes | Modified Date = 10/12/2006 2:01:38 AM | Attr = ]
(sr) System Restore Filter Driver [File_System | Boot | Running] -> %System32%\drivers\sr.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73472 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(srescan) srescan [Kernel | Boot | Stopped] -> %System32%\ZoneLabs\srescan.sys -> File not found
(Srv) Srv [File_System | On_Demand | Running] -> %System32%\drivers\srv.sys -> Microsoft Corporation [Ver = 5.1.2600.2974 (xpsp_sp2_gdr.060814-0101) | Size = 332928 bytes | Modified Date = 8/14/2006 6:34:42 AM | Attr = ]
(STAC97) Audio Driver (WDM) - SigmaTel CODEC [Kernel | On_Demand | Running] -> %System32%\drivers\stac97.sys -> SigmaTel, Inc. [Ver = 5.10.3913 | Size = 258704 bytes | Modified Date = 5/12/2004 8:30:14 PM | Attr = ]
(streamip) BDA IPSink [Kernel | On_Demand | Stopped] -> %System32%\drivers\StreamIP.sys -> Microsoft Corporation [Ver = 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15360 bytes | Modified Date = 8/4/2004 12:10:14 AM | Attr = ]
(swenum) Software Bus Driver [Kernel | On_Demand | Running] -> %System32%\drivers\swenum.sys -> Microsoft Corporation [Ver = 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 4352 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(swmidi) Microsoft Kernel GS Wavetable Synthesizer [Kernel | On_Demand | Stopped] -> %System32%\drivers\swmidi.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 54272 bytes | Modified Date = 8/17/2001 2:00:52 PM | Attr = ]
(symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %System32%\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 8.2.4.6 08Mar06 | Size = 191872 bytes | Modified Date = 3/8/2006 12:35:10 PM | Attr = ]
(sysaudio) Microsoft Kernel System Audio Device [Kernel | On_Demand | Running] -> %System32%\drivers\sysaudio.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 60800 bytes | Modified Date = 8/3/2004 11:15:56 PM | Attr = ]
(Tcpip) TCP/IP Protocol Driver [Kernel | System | Running] -> %System32%\drivers\tcpip.sys -> Microsoft Corporation [Ver = 5.1.2600.2892 (xpsp_sp2_gdr.060420-0254) | Size = 359808 bytes | Modified Date = 4/20/2006 7:51:50 AM | Attr = ]
(TDPIPE) TDPIPE [Kernel | On_Demand | Stopped] -> %System32%\drivers\tdpipe.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 12040 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(TDTCP) TDTCP [Kernel | On_Demand | Stopped] -> %System32%\drivers\tdtcp.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 21896 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(TermDD) Terminal Device Driver [Kernel | System | Running] -> %System32%\drivers\termdd.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 40840 bytes | Modified Date = 8/4/2004 1:01:08 AM | Attr = ]
(TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found
(TSP) TSP [Kernel | On_Demand | Stopped] -> %System32%\drivers\klif.sys -> Kaspersky Lab [Ver = 6.12.10.261 | Size = 175888 bytes | Modified Date = 1/27/2007 5:52:46 PM | Attr = ]
(Udfs) Udfs [File_System | Disabled | Stopped] -> %System32%\drivers\udfs.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 66176 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(UIUSys) Conexant Setup API [Kernel | On_Demand | Stopped] -> system32\drivers\UIUSys.sys -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found
(Update) Microcode Update Driver [Kernel | On_Demand | Running] -> %System32%\drivers\update.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 209408 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(usbehci) Microsoft USB 2.0 Enhanced Host Controller Miniport Driver [Kernel | On_Demand | Running] -> %System32%\drivers\usbehci.sys -> Microsoft Corporation [Ver = 5.1.2600.2783 (xpsp.051025-1513) | Size = 27264 bytes | Modified Date = 10/25/2005 7:39:42 PM | Attr = ]
(usbhub) USB2 Enabled Hub [Kernel | On_Demand | Running] -> %System32%\drivers\usbhub.sys -> Microsoft Corporation [Ver = 5.1.2600.2853 (xpsp.060220-1751) | Size = 58240 bytes | Modified Date = 2/20/2006 11:39:38 PM | Attr = ]
(usbscan) USB Scanner Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\usbscan.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15104 bytes | Modified Date = 8/3/2004 10:58:46 PM | Attr = ]
(USBSTOR) USB Mass Storage Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\USBSTOR.SYS -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 26496 bytes | Modified Date = 8/3/2004 11:08:48 PM | Attr = ]
(usbuhci) Microsoft USB Universal Host Controller Miniport Driver [Kernel | On_Demand | Running] -> %System32%\drivers\usbuhci.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20480 bytes | Modified Date = 8/3/2004 11:08:38 PM | Attr = ]
(VgaSave) VgaSave [Kernel | System | Running] -> %System32%\drivers\vga.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20992 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(ViaIde) ViaIde [Kernel | Disabled | Stopped] -> -> File not found
(VirtualSerial) VirtualSerial [Kernel | Auto | Running] -> %System32%\drivers\virtualserial.sys -> [Ver = | Size = 106336 bytes | Modified Date = 11/16/2004 1:43:00 PM | Attr = ]
(VolSnap) VolSnap [Kernel | Boot | Running] -> %System32%\drivers\volsnap.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 52352 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(Wanarp) Remote Access IP ARP Driver [Kernel | On_Demand | Running] -> %System32%\drivers\wanarp.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 34560 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found
(wdmaud) Microsoft WINMM WDM Audio Compatibility Driver [Kernel | On_Demand | Running] -> %System32%\drivers\wdmaud.sys -> Microsoft Corporation [Ver = 5.1.2600.2929 (xpsp_sp2_gdr.060613-2359) | Size = 82944 bytes | Modified Date = 6/14/2006 5:00:46 AM | Attr = ]
(winachsf) winachsf [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 6.02.09.02 built by: WinDDK | Size = 631680 bytes | Modified Date = 7/3/2003 3:56:58 PM | Attr = ]
(WpdUsb) WpdUsb [Kernel | On_Demand | Stopped] -> %System32%\drivers\wpdusb.sys -> Microsoft Corporation [Ver = 5.2.5721.5145 (WMP_11.061018-2006) | Size = 38528 bytes | Modified Date = 10/18/2006 9:00:00 PM | Attr = ]
(WSTCODEC) World Standard Teletext Codec [Kernel | On_Demand | Stopped] -> %System32%\drivers\WSTCODEC.SYS -> Microsoft Corporation [Ver = 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 19328 bytes | Modified Date = 8/4/2004 12:10:22 AM | Attr = ]
(WudfPf) Windows Driver Foundation - User-mode Driver Framework Platform Driver [Kernel | Boot | Running] -> %System32%\drivers\WudfPf.sys -> Microsoft Corporation [Ver = 6.0.5716.32 (winmain(wmbla).060928-1756) | Size = 77568 bytes | Modified Date = 9/28/2006 7:55:50 PM | Attr = ]
(WudfRd) Windows Driver Foundation - User-mode Driver Framework Reflector [Kernel | On_Demand | Stopped] -> %System32%\drivers\WudfRd.sys -> Microsoft Corporation [Ver = 6.0.5716.32 (winmain(wmbla).060928-1756) | Size = 82944 bytes | Modified Date = 9/28/2006 8:00:34 PM | Attr = ]
(XPort) XPort [Kernel | Auto | Running] -> %System32%\drivers\xport.sys -> [Ver = | Size = 14526 bytes | Modified Date = 11/8/2006 1:09:34 AM | Attr = ]
(xTouch) xTouch [Kernel | On_Demand | Stopped] -> %System32%\drivers\xTouch.sys -> [Ver = 4.03.07.3203 built by: WinDDK | Size = 79488 bytes | Modified Date = 8/10/2006 9:46:40 PM | Attr = ]

[Registry - All]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AVP -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe -> Kaspersky Lab [Ver = 6.0.2.614 | Size = 200768 bytes | Modified Date = 1/29/2007 11:02:04 PM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 257088 bytes | Modified Date = 3/14/2007 7:05:48 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 77824 bytes | Modified Date = 3/31/2007 7:20:10 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 -> 
MAPI -> Installed = 1 -> 
MSFS -> Installed = 1 -> 
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Spyware Doctor -> -> File not found
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 2, 1128, 5462 | Size = 171448 bytes | Modified Date = 3/27/2007 3:02:32 AM | Attr = ]
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll -> Kaspersky Lab [Ver = 6.0.2.616 | Size = 86080 bytes | Modified Date = 3/19/2007 4:31:14 AM | Attr = ]
< IFEO [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
Your Image File Name Here without a path -> %System32%\ntsd.exe [Debugger] -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 31744 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
< SSODL [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
{fbeb8a05-beee-4442-804e-409d6c4515e9} [HKLM] -> %System32%\shell32.dll [CDBurn] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 12/19/2006 5:52:18 PM | Attr = ]
{7849596a-48ea-486e-8937-a2a3009f31a9} [HKLM] -> %System32%\shell32.dll [PostBootReminder] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 12/19/2006 5:52:18 PM | Attr = ]
{35CEC8A3-2BE6-11D2-8773-92E220524153} [HKLM] -> %System32%\stobject.dll [SysTray] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 121856 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{e57ce738-33e8-4c51-8354-bb4de9d215d1} [HKLM] -> %System32%\upnpui.dll [UPnPMonitor] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 239616 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKLM] -> %System32%\webcheck.dll [WebCheck] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 276480 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{AAA288BA-9A4C-45B0-95D7-94D524869DB5} [HKLM] -> %System32%\WPDShServiceObj.dll [WPDShServiceObj] -> Microsoft Corporation [Ver = 5.2.5721.5145 (WMP_11.061018-2006) | Size = 133632 bytes | Modified Date = 10/18/2006 10:47:22 PM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 9/28/2006 10:13:28 AM | Attr = ]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} [HKLM] -> %System32%\shell32.dll [] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 12/19/2006 5:52:18 PM | Attr = ]
{CFE9E8A8-38C0-4EF8-AEC2-5035EFE81030} [HKLM] -> Reg Data - Key not found [] -> File not found
< SharedTaskScheduler [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
{438755C2-A8BA-11D1-B96B-00A0C90312E1} [HKLM] -> %System32%\browseui.dll [Browseui preloader] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1022976 bytes | Modified Date = 1/4/2007 10:05:28 AM | Attr = ]
{8C7461EF-2B13-11d2-BE35-3078302C2030} [HKLM] -> %System32%\browseui.dll [Component Categories cache daemon] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1022976 bytes | Modified Date = 1/4/2007 10:05:28 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
msapsspc.dll -> %System32%\msapsspc.dll -> Microsoft Corporation [Ver = 6.00.7755 | Size = 86016 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
schannel.dll -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 144896 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
digest.dll -> %System32%\digest.dll -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
msnsspc.dll -> %System32%\msnsspc.dll -> Microsoft Corporation [Ver = 6.1.1825.0 | Size = 290816 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> %System32%\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]


----------



## bimmeracer (Mar 28, 2007)

*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 -> %System32%\rundll32.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33280 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
shell32 -> %System32%\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 12/19/2006 5:52:18 PM | Attr = ]
"sysdm.cpl" -> %System32%\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
crypt32chain -> %System32%\crypt32.dll -> Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 597504 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
cryptnet -> %System32%\cryptnet.dll -> Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 63488 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
cscdll -> %System32%\cscdll.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 101888 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
klogon -> %System32%\klogon.dll -> Kaspersky Lab [Ver = 6.0.2.614 | Size = 200768 bytes | Modified Date = 1/29/2007 11:04:00 PM | Attr = ]
ScCertProp -> %System32%\wlnotify.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
Schedule -> %System32%\wlnotify.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
sclgntfy -> %System32%\sclgntfy.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20992 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
SensLogn -> %System32%\wlnotify.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
termsrv -> %System32%\wlnotify.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
WgaLogon -> %System32%\WgaLogon.dll -> Microsoft Corporation [Ver = 1.7.0018.5 | Size = 236928 bytes | Modified Date = 3/15/2007 6:16:42 PM | Attr = ]
wlballoon -> %System32%\wlnotify.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
WRNotifier -> WRLogonNTF.dll -> File not found
< HOSTS File > (23 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> -> 
< Internet Explorer Settings > -> 
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKLM: Main\\Default_Search_URL -> http://www.google.com/ie -> 
HKLM: Local Page -> %SystemRoot%\system32\blank.htm -> 
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie -> 
HKLM: SearchAssistant -> http://www.google.com/ie -> 
HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKCU: Local Page -> C:\windows\system32\blank.htm -> 
HKCU: Search Bar -> http://www.google.com/ie -> 
HKCU: Search Page -> http://www.google.com -> 
HKCU: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKCU: SearchAssistant -> http://www.google.com/ie -> 
HKCU: URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} [HKLM] -> %System32%\shdocvw.dll [Microsoft Url Search Hook] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1498112 bytes | Modified Date = 1/4/2007 10:05:30 AM | Attr = ]
HKCU: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 7, 1 | Size = 439872 bytes | Modified Date = 9/7/2006 5:28:50 PM | Attr = ]
HKCU: ProxyEnable -> 0 -> 
HKCU: ProxyOverride -> <local> -> 
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> -> 
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 9, 7, 1 | Size = 439872 bytes | Modified Date = 9/7/2006 5:28:50 PM | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 1/12/2006 8:38:22 PM | Attr = ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 7, 31, 1 | Size = 185848 bytes | Modified Date = 7/31/2006 4:32:32 PM | Attr = ]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} [HKLM] -> %ProgramFiles%\Spyware Doctor\tools\iesdsg.dll [PCTools Site Guard] -> PC Tools [Ver = 3.6.0.2071 | Size = 825528 bytes | Modified Date = 8/1/2006 3:27:06 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 501384 bytes | Modified Date = 3/31/2007 7:20:10 PM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
{B56A7D7D-6927-48C8-A975-17DF180C71AC} [HKLM] -> %ProgramFiles%\Spyware Doctor\tools\iesdpb.dll [PCTools Browser Monitor] -> PC Tools [Ver = 3.6.0.2283 | Size = 850104 bytes | Modified Date = 8/1/2006 3:23:12 PM | Attr = ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{4D5C8C25-D075-11d0-B416-00C04FB90376} [HKLM] -> %System32%\shdocvw.dll [&Tip of the Day] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1498112 bytes | Modified Date = 1/4/2007 10:05:30 AM | Attr = ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{EFA24E64-B078-11D0-89E4-00C04FC9E26E} [HKLM] -> %System32%\shdocvw.dll [Explorer Band] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1498112 bytes | Modified Date = 1/4/2007 10:05:30 AM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 7, 1 | Size = 439872 bytes | Modified Date = 9/7/2006 5:28:50 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} [HKLM] -> %System32%\browseui.dll [&Address] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1022976 bytes | Modified Date = 1/4/2007 10:05:28 AM | Attr = ]
WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} [HKLM] -> %System32%\shell32.dll [&Links] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 12/19/2006 5:52:18 PM | Attr = ]
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 7, 1 | Size = 439872 bytes | Modified Date = 9/7/2006 5:28:50 PM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0\bin\npjpi160.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 132744 bytes | Modified Date = 3/31/2007 7:20:10 PM | Attr = ]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} -> Reg Data - Value does not exist [ButtonText: Web Anti-Virus statistics] -> File not found
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -> Reg Data - Value does not exist [ButtonText: Spyware Doctor] -> File not found
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -> Reg Data - Value does not exist [ButtonText: Yahoo! Services] -> File not found
{CCA281CA-C863-46ef-9331-5C8D4460577F} -> %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie.htm [ButtonText: @btrez.dll,-4015] -> [Ver = | Size = 2681 bytes | Modified Date = 5/29/2003 1:53:08 PM | Attr = ]
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [ButtonText: Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,195 | Size = 4662776 bytes | Modified Date = 10/24/2006 5:10:18 PM | Attr = ]
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> %ProgramFiles%\Messenger\msmsgs.exe [ButtonText: Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 10/13/2004 12:24:38 PM | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&Yahoo! Search -> %ProgramFiles%\Yahoo!\Common\YCSRCH.HTM -> [Ver = | Size = 605 bytes | Modified Date = 6/3/2005 8:07:38 PM | Attr = ]
E&xport to Microsoft Excel -> -> File not found
Send to &Bluetooth Device... -> %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm -> [Ver = | Size = 1320 bytes | Modified Date = 5/29/2003 1:53:12 PM | Attr = ]
Yahoo! &Dictionary -> %ProgramFiles%\Yahoo!\Common\YCDICT.HTM -> [Ver = | Size = 616 bytes | Modified Date = 6/3/2005 8:07:16 PM | Attr = ]
Yahoo! &Maps -> %ProgramFiles%\Yahoo!\Common\ycmap.htm -> [Ver = | Size = 690 bytes | Modified Date = 6/3/2005 8:07:44 PM | Attr = ]
Yahoo! &SMS -> %ProgramFiles%\Yahoo!\Common\YCsms.htm -> [Ver = | Size = 1006 bytes | Modified Date = 8/1/2005 7:43:00 PM | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> -> 
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{3A946766-DD4F-401E-8F35-557EA5FA0054} -> (1394 Net Adapter) -> 
{768C497C-61A6-415B-A55B-AAD75DC50DF9} -> () -> 
{A993799D-5F30-4611-9F1D-EF8A8D43DCC9} -> () -> 
{B4DCA2CE-3C42-4F16-834A-5E66CD1EC4D4} -> () -> 
{C33D09A2-20B1-4E29-B176-C36CB54CCA2E} -> () -> 
{CBAB496B-4037-49BE-A3E7-74CE17F6A711} -> (Broadcom 440x 10/100 Integrated Controller) -> 
{E030E673-3263-46D2-9BA9-F051A2C52C66} -> (NETGEAR 108 Mbps Wireless PC Card WG511T) -> 
< Winsock2 Catalogs [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\
NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] -> %System32%\winrnr.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 16896 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
NameSpace_Catalog5\Catalog_Entries\000000000004 [Bluetooth Namespace] -> %System32%\wshbth.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 108032 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000001 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000002 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000003 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000004 -> %System32%\rsvpsp.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 90112 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000005 -> %System32%\rsvpsp.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 90112 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000006 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000007 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000008 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000009 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000010 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000011 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000012 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000013 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000014 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000015 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000016 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000017 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000018 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000019 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000020 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000021 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000022 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000023 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000024 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
about -> %System32%\mshtml.dll -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 3062272 bytes | Modified Date = 1/4/2007 10:05:30 AM | Attr = ]
cdl -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 6.00.2900.3072 (xpsp_sp2_qfe.070124-2324) | Size = 616960 bytes | Modified Date = 1/25/2007 8:24:58 AM | Attr = ]
dvd -> %System32%\msvidctl.dll -> Microsoft Corporation [Ver = 6.05.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1428480 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
file -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 6.00.2900.3072 (xpsp_sp2_qfe.070124-2324) | Size = 616960 bytes | Modified Date = 1/25/2007 8:24:58 AM | Attr = ]
ftp -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 6.00.2900.3072 (xpsp_sp2_qfe.070124-2324) | Size = 616960 bytes | Modified Date = 1/25/2007 8:24:58 AM | Attr = ]
gopher -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 6.00.2900.3072 (xpsp_sp2_qfe.070124-2324) | Size = 616960 bytes | Modified Date = 1/25/2007 8:24:58 AM | Attr = ]
http -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 6.00.2900.3072 (xpsp_sp2_qfe.070124-2324) | Size = 616960 bytes | Modified Date = 1/25/2007 8:24:58 AM | Attr = ]
http\0x00000001 -> %CommonProgramFiles%\System\Ole DB\msdaipp.dll -> Microsoft Corporation [Ver = 11.0.7719.1 | Size = 838144 bytes | Modified Date = 5/19/2005 6:53:38 PM | Attr = ]
http\oledb -> %CommonProgramFiles%\System\Ole DB\msdaipp.dll -> Microsoft Corporation [Ver = 11.0.7719.1 | Size = 838144 bytes | Modified Date = 5/19/2005 6:53:38 PM | Attr = ]
https -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 6.00.2900.3072 (xpsp_sp2_qfe.070124-2324) | Size = 616960 bytes | Modified Date = 1/25/2007 8:24:58 AM | Attr = ]
https\0x00000001 -> %CommonProgramFiles%\System\Ole DB\msdaipp.dll -> Microsoft Corporation [Ver = 11.0.7719.1 | Size = 838144 bytes | Modified Date = 5/19/2005 6:53:38 PM | Attr = ]
https\oledb -> %CommonProgramFiles%\System\Ole DB\msdaipp.dll -> Microsoft Corporation [Ver = 11.0.7719.1 | Size = 838144 bytes | Modified Date = 5/19/2005 6:53:38 PM | Attr = ]
ipp -> Reg Data - Key not found -> File not found
ipp\0x00000001 -> %CommonProgramFiles%\System\Ole DB\msdaipp.dll -> Microsoft Corporation [Ver = 11.0.7719.1 | Size = 838144 bytes | Modified Date = 5/19/2005 6:53:38 PM | Attr = ]
its -> %System32%\itss.dll -> Microsoft Corporation [Ver = 5.2.3790.2453 (srv03_sp1_gdr.050525-1542) | Size = 137216 bytes | Modified Date = 5/26/2005 10:04:28 PM | Attr = ]
javascript -> %System32%\mshtml.dll -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 3062272 bytes | Modified Date = 1/4/2007 10:05:30 AM | Attr = ]
local -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 6.00.2900.3072 (xpsp_sp2_qfe.070124-2324) | Size = 616960 bytes | Modified Date = 1/25/2007 8:24:58 AM | Attr = ]
mailto -> %System32%\mshtml.dll -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 3062272 bytes | Modified Date = 1/4/2007 10:05:30 AM | Attr = ]
mhtml -> %System32%\inetcomm.dll -> Microsoft Corporation [Ver = 6.00.2900.3028 (xpsp_sp2_gdr.061107-0012) | Size = 679424 bytes | Modified Date = 11/8/2006 1:06:14 AM | Attr = ]
mk -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 6.00.2900.3072 (xpsp_sp2_qfe.070124-2324) | Size = 616960 bytes | Modified Date = 1/25/2007 8:24:58 AM | Attr = ]
msdaipp -> Reg Data - Key not found -> File not found
msdaipp\0x00000001 -> %CommonProgramFiles%\System\Ole DB\msdaipp.dll -> Microsoft Corporation [Ver = 11.0.7719.1 | Size = 838144 bytes | Modified Date = 5/19/2005 6:53:38 PM | Attr = ]
msdaipp\oledb -> %CommonProgramFiles%\System\Ole DB\msdaipp.dll -> Microsoft Corporation [Ver = 11.0.7719.1 | Size = 838144 bytes | Modified Date = 5/19/2005 6:53:38 PM | Attr = ]
ms-its -> %System32%\itss.dll -> Microsoft Corporation [Ver = 5.2.3790.2453 (srv03_sp1_gdr.050525-1542) | Size = 137216 bytes | Modified Date = 5/26/2005 10:04:28 PM | Attr = ]
mso-offdap -> %CommonProgramFiles%\Microsoft Shared\Web Components\10\OWC10.DLL -> Microsoft Corporation [Ver = 10.0.5605 | Size = 7330360 bytes | Modified Date = 8/4/2003 1:19:34 PM | Attr = ]
mso-offdap11 -> %CommonProgramFiles%\Microsoft Shared\Web Components\11\OWC11.DLL -> Microsoft Corporation [Ver = 11.0.5531 | Size = 8086072 bytes | Modified Date = 8/1/2003 3:09:04 PM | Attr = ]
res -> %System32%\mshtml.dll -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 3062272 bytes | Modified Date = 1/4/2007 10:05:30 AM | Attr = ]
sysimage -> %System32%\mshtml.dll -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 3062272 bytes | Modified Date = 1/4/2007 10:05:30 AM | Attr = ]
tv -> %System32%\msvidctl.dll -> Microsoft Corporation [Ver = 6.05.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1428480 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
vbscript -> %System32%\mshtml.dll -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 3062272 bytes | Modified Date = 1/4/2007 10:05:30 AM | Attr = ]
wia -> %System32%\wiascr.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 75776 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
< Protocol Filters [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\
application/octet-stream -> %System32%\mscoree.dll -> Microsoft Corporation [Ver = 2.0.50727.42 (RTM.050727-4200) | Size = 270848 bytes | Modified Date = 9/23/2005 7:28:52 AM | Attr = ]
application/x-complus -> %System32%\mscoree.dll -> Microsoft Corporation [Ver = 2.0.50727.42 (RTM.050727-4200) | Size = 270848 bytes | Modified Date = 9/23/2005 7:28:52 AM | Attr = ]
application/x-msdownload -> %System32%\mscoree.dll -> Microsoft Corporation [Ver = 2.0.50727.42 (RTM.050727-4200) | Size = 270848 bytes | Modified Date = 9/23/2005 7:28:52 AM | Attr = ]
Class Install Handler -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 6.00.2900.3072 (xpsp_sp2_qfe.070124-2324) | Size = 616960 bytes | Modified Date = 1/25/2007 8:24:58 AM | Attr = ]
deflate -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 6.00.2900.3072 (xpsp_sp2_qfe.070124-2324) | Size = 616960 bytes | Modified Date = 1/25/2007 8:24:58 AM | Attr = ]
gzip -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 6.00.2900.3072 (xpsp_sp2_qfe.070124-2324) | Size = 616960 bytes | Modified Date = 1/25/2007 8:24:58 AM | Attr = ]
lzdhtml -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 6.00.2900.3072 (xpsp_sp2_qfe.070124-2324) | Size = 616960 bytes | Modified Date = 1/25/2007 8:24:58 AM | Attr = ]
text/webviewhtml -> %System32%\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 12/19/2006 5:52:18 PM | Attr = ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -> YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab -> 
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab -> 
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab -> 
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} -> Java Plug-in 1.6.0 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab ->

[Registry - Additional Scans - All]
< ActiveX StubPath [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -> -> 
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> -> 
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll -> 
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install -> 
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT -> 
{4b218e3e-bc98-4770-93d3-2731b9329278} -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf -> 
{5945c046-1e7d-11d1-bc44-00c04fd912be} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser -> 
{6BF52A52-394A-11d3-B153-00C04F79FAA6} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub -> 
{7790769C-0471-11d2-AF11-00C04FA35D02} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install -> 
{89820200-ECBD-11cf-8B85-00AA005B4340} -> regsvr32.exe /s /n /i:U shell32.dll -> 
{89820200-ECBD-11cf-8B85-00AA005B4383} -> %SystemRoot%\system32\ie4uinit.exe -> 
{89B4C1CD-B018-4511-B0A1-5476DBF70820} -> C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -> 
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} -> C:\WINDOWS\system32\ieudinit.exe
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> C:\WINDOWS\inf\unregmp2.exe /ShowWMP -> 
>{26923b43-4d38-484f-9b9e-de460746276c} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE -> 
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP -> 
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE -> 
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
[HKLM] -> Reg Data - Key not found [] -> File not found
{00022613-0000-0000-C000-000000000046} [HKLM] -> %System32%\mmsys.cpl [Multimedia File Property Sheet] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 618496 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{00BB2763-6A77-11D0-A535-00C04FD7D062} [HKLM] -> %System32%\browseui.dll [Microsoft AutoComplete] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1022976 bytes | Modified Date = 1/4/2007 10:05:28 AM | Attr = ]
{00BB2764-6A77-11D0-A535-00C04FD7D062} [HKLM] -> %System32%\browseui.dll [Microsoft History AutoComplete List] -> Microsoft


----------



## bimmeracer (Mar 28, 2007)

Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1022976 bytes | Modified Date = 1/4/2007 10:05:28 AM | Attr = ]
{00BB2765-6A77-11D0-A535-00C04FD7D062} [HKLM] -> %System32%\browseui.dll [Microsoft Multiple AutoComplete List Container] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1022976 bytes | Modified Date = 1/4/2007 10:05:28 AM | Attr = ]
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} [HKLM] -> Reg Data - Key not found [Autoplay for SlideShow] -> File not found
{01E04581-4EEE-11d0-BFE9-00AA005B4383} [HKLM] -> %System32%\browseui.dll [&Address] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1022976 bytes | Modified Date = 1/4/2007 10:05:28 AM | Attr = ]
{03C036F1-A186-11D0-824A-00AA005B4383} [HKLM] -> %System32%\browseui.dll [Microsoft Shell Folder AutoComplete List] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1022976 bytes | Modified Date = 1/4/2007 10:05:28 AM | Attr = ]
{07798131-AF23-11d1-9111-00A0C98BA67D} [HKLM] -> %System32%\browseui.dll [Web Search] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1022976 bytes | Modified Date = 1/4/2007 10:05:28 AM | Attr = ]
{08165EA0-E946-11CF-9C87-00AA005127ED} [HKLM] -> %System32%\webcheck.dll [WebCheckWebCrawler] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 276480 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{0A89A860-D7B1-11CE-8350-444553540000} [HKLM] -> %System32%\shdocvw.dll [Shell Automation Inproc Service] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1498112 bytes | Modified Date = 1/4/2007 10:05:30 AM | Attr = ] 
{0B124F8F-91F0-11D1-B8B5-006008059382} [HKLM] -> %System32%\appwiz.cpl [Installed Apps Enumerator] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 549888 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} [HKLM] -> %System32%\cabview.dll [.CAB file viewer] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 84480 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{0D45D530-764B-11d0-A1CA-00AA00C16E65} [HKLM] -> %System32%\dsuiext.dll [Directory Property UI] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 113152 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} [HKLM] -> %System32%\docprop2.dll [Microsoft DocProp Inplace Droplist Combo Control] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 48128 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{10CFC467-4392-11d2-8DB4-00C04FA31A66} [HKLM] -> %System32%\cscui.dll [Offline Files Folder Options] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 326656 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{131A6951-7F78-11D0-A979-00C04FD705A2} [HKLM] -> %System32%\shdocvw.dll [ISFBand OC] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1498112 bytes | Modified Date = 1/4/2007 10:05:30 AM | Attr = ]
{143A62C8-C33B-11D1-84FE-00C04FA34A14} [HKLM] -> %SystemRoot%\msagent\agentpsh.dll [Microsoft Agent Character Property Sheet Handler] -> Microsoft Corporation [Ver = 2.00.0.3422 | Size = 24064 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} [HKLM] -> %System32%\dsquery.dll [Directory Object Find] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 239104 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{169A0691-8DF9-11d1-A1C4-00C04FD75D13} [HKLM] -> %System32%\browseui.dll [In-pane search] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1022976 bytes | Modified Date = 1/4/2007 10:05:28 AM | Attr = ]
{176d6597-26d3-11d1-b350-080036a75b03} [HKLM] -> %System32%\icmui.dll [ICM Scanner Management] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 54784 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{1F2E5C40-9550-11CE-99D2-00AA006E086C} [HKLM] -> %System32%\rshx32.dll [NTFS Security Page] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 39936 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{21569614-B795-46b1-85F4-E737A8DC09AD} [HKLM] -> %System32%\browseui.dll [Shell Search Band] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1022976 bytes | Modified Date = 1/4/2007 10:05:28 AM | Attr = ]
{2206CDB2-19C1-11D1-89E0-00C04FD7A829} [HKLM] -> %CommonProgramFiles%\System\Ole DB\oledb32.dll [Microsoft Data Link] -> Microsoft Corporation [Ver = 2.81.1117.0 (xpsp_sp2_rtm.040803-2158) | Size = 487424 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{22BF0C20-6DA7-11D0-B373-00A0C9034938} [HKLM] -> %System32%\browseui.dll [Download Status] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1022976 bytes | Modified Date = 1/4/2007 10:05:28 AM | Attr = ]
{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} [HKLM] -> %System32%\shdocvw.dll [Search] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1498112 bytes | Modified Date = 1/4/2007 10:05:30 AM | Attr = ]
{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} [HKLM] -> %System32%\shdocvw.dll [Help and Support] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1498112 bytes | Modified Date = 1/4/2007 10:05:30 AM | Attr = ]
{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} [HKLM] -> %System32%\shdocvw.dll [Help and Support] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1498112 bytes | Modified Date = 1/4/2007 10:05:30 AM | Attr = ]
{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} [HKLM] -> %System32%\shdocvw.dll [Run...] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1498112 bytes | Modified Date = 1/4/2007 10:05:30 AM | Attr = ]
{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} [HKLM] -> %System32%\shdocvw.dll [Internet] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1498112 bytes | Modified Date = 1/4/2007 10:05:30 AM | Attr = ]
{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} [HKLM] -> %System32%\shdocvw.dll [E-mail] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1498112 bytes | Modified Date = 1/4/2007 10:05:30 AM | Attr = ]
{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} [HKLM] -> %System32%\shdocvw.dll [Set Program Access and Defaults] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1498112 bytes | Modified Date = 1/4/2007 10:05:30 AM | Attr = ] 
{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} [HKLM] -> %System32%\docprop2.dll [Microsoft DocProp Inplace Time Control] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 48128 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{2F603045-309F-11CF-9774-0020AFD0CFF6} [HKLM] -> %ProgramFiles%\Synaptics\SynTP\SynTPCpl.dll [Synaptics Control Panel] -> Synaptics, Inc. [Ver = 8.2.4.6 08Mar06 | Size = 6135899 bytes | Modified Date = 3/8/2006 12:40:34 PM | Attr = ]
{30D02401-6A81-11d0-8274-00C04FD5AE38} [HKLM] -> %System32%\browseui.dll [Search Band] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1022976 bytes | Modified Date = 1/4/2007 10:05:28 AM | Attr = ]
{32714800-2E5F-11d0-8B85-00AA0044F941} [HKLM] -> %ProgramFiles%\Outlook Express\wabfind.dll [For &People...] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 32768 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ] 
{352EC2B7-8B9A-11D1-B8AE-006008059382} [HKLM] -> %System32%\appwiz.cpl [Shell Application Manager] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 549888 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{35786D3C-B075-49b9-88DD-029876E11C01} [HKLM] -> %System32%\WpdShext.dll [Portable Devices] -> Microsoft Corporation [Ver = 5.2.5721.5145 (WMP_11.061018-2006) | Size = 2603008 bytes | Modified Date = 10/18/2006 10:47:22 PM | Attr = ]
{3C374A40-BAE4-11CF-BF7D-00AA006946EE} [HKLM] -> %System32%\shdocvw.dll [Microsoft Url History Service] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1498112 bytes | Modified Date = 1/4/2007 10:05:30 AM | Attr = ]
{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} [HKLM] -> %System32%\browseui.dll [Shell DeskBarApp] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1022976 bytes | Modified Date = 1/4/2007 10:05:28 AM | Attr = ]
{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} [HKLM] -> %System32%\shdocvw.dll [The Internet] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1498112 bytes | Modified Date = 1/4/2007 10:05:30 AM | Attr = ]
{3EA48300-8CF6-101B-84FB-666CCB9BCD32} [HKLM] -> %System32%\docprop.dll [OLE Docfile Property Page] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 46080 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{3F30C968-480A-4C6C-862D-EFC0897BB84B} [HKLM] -> %System32%\shimgvw.dll [GDI+ file thumbnail extractor] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 438272 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{3F953603-1008-4f6e-A73A-04AAC7A992F1} [HKLM] -> %System32%\wiashext.dll [Scanners & Cameras] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 589312 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} [HKLM] -> %System32%\shmedia.dll [Video Media Properties Handler] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 151552 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{40dd6e20-7c17-11ce-a804-00aa003ca9f6} [HKLM] -> %System32%\ntshrui.dll [Shell extensions for sharing] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 143872 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{41E300E0-78B6-11ce-849B-444553540000} [HKLM] -> %System32%\themeui.dll [PlusPack CPL Extension] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 385536 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{42042206-2D85-11D3-8CFF-005004838597} [HKLM] -> %ProgramFiles%\Microsoft Office\Office11\MSOHEV.DLL [Microsoft Office HTML Icon Handler] -> Microsoft Corporation [Ver = 11.0.5510 | Size = 67128 bytes | Modified Date = 7/14/2003 10:52:58 PM | Attr = ]
{42071712-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> %System32%\deskadp.dll [Display Adapter CPL Extension] -> Microsoft Corporation [Ver = 6.00.2600.0000 (xpclient.010817-1148) | Size = 16384 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{42071713-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> %System32%\deskmon.dll [Display Monitor CPL Extension] -> Microsoft Corporation [Ver = 6.00.2600.0000 (xpclient.010817-1148) | Size = 16896 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> Reg Data - Key not found [Display Panning CPL Extension] -> File not found
{4a7ded0a-ad25-11d0-98a8-0800361b1103} [HKLM] -> %System32%\mydocs.dll [MyDocs Properties] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 90624 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{4AFB2C13-9D16-4478-AEF4-C3FC539961E4} [HKLM] -> %ProgramFiles%\Creative\Creative Zen Vision M\ShCtMtp.dll [Zen Vision:M Media Explorer] -> Creative Technology Ltd [Ver = 5.2.16.0 | Size = 704512 bytes | Modified Date = 12/8/2005 1:26:58 PM | Attr = ]
{4E40F770-369C-11d0-8922-00A024AB2DBB} [HKLM] -> %System32%\dssec.dll [DS Security Page] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 51200 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} [HKLM] -> %System32%\slayerxp.dll [Compatibility Page] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 25088 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{5464D816-CF16-4784-B9F3-75C0DB52B499} [HKLM] -> %ProgramFiles%\Yahoo!\Common\ymmapi.dll [Yahoo! Mail] -> Yahoo! Inc. [Ver = 2004, 11, 23, 1 | Size = 180848 bytes | Modified Date = 11/23/2004 10:59:58 AM | Attr = ]
{56117100-C0CD-101B-81E2-00AA004AE837} [HKLM] -> %System32%\shscrap.dll [Shell Scrap DataHandler] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 27648 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{58f1f272-9240-4f51-b6d4-fd63d1618591} [HKLM] -> %System32%\netplwiz.dll [Get a Passport Wizard] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 875008 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{59099400-57FF-11CE-BD94-0020AF85B590} [HKLM] -> %System32%\diskcopy.dll [Disk Copy Extension] -> Microsoft Corporation [Ver = 6.00.2600.0000 (xpclient.010817-1148) | Size = 1501696 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{596AB062-B4D2-4215-9F74-E9109B0A8153} [HKLM] -> %System32%\twext.dll [Previous Versions Property Page] -> Microsoft Corporation [Ver = 6.00.3800.2180 (xpsp_sp2_rtm.040803-2158) | Size = 44032 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{59be4990-f85c-11ce-aff7-00aa003ca9f6} [HKLM] -> %System32%\ntlanui2.dll [Shell extensions for Microsoft Windows Network objects] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{5DB2625A-54DF-11D0-B6C4-0800091AA605} [HKLM] -> %System32%\icmui.dll [ICM Monitor Management] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 54784 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{5E6AB780-7743-11CF-A12B-00AA004AE837} [HKLM] -> %System32%\browseui.dll [Microsoft Internet Toolbar] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1022976 bytes | Modified Date = 1/4/2007 10:05:28 AM | Attr = ]
{5F327514-6C5E-4d60-8F16-D07FA08A78ED} [HKLM] -> %System32%\wuaucpl.cpl [Auto Update Property Sheet Extension] -> Microsoft Corporation [Ver = 5.8.0.2469 built by: lab01_n(wmbla) | Size = 174360 bytes | Modified Date = 5/26/2005 4:16:30 AM | Attr = ]
{60254CA5-953B-11CF-8C96-00AA00B8708C} [HKLM] -> %System32%\wshext.dll [Shell extensions for Windows Script Host] -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 65536 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{60fd46de-f830-4894-a628-6fa81bc0190d} [HKLM] -> %System32%\photowiz.dll [%DESC_PublishDropTarget%] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 176128 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{62AE1F9A-126A-11D0-A14B-0800361B1103} [HKLM] -> %System32%\dsuiext.dll [Directory Context Menu Verbs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 113152 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{63da6ec0-2e98-11cf-8d82-444553540000} [HKLM] -> %System32%\msieftp.dll [FTP Folders Webview] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 248832 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{640167b4-59b0-47a6-b335-a6b3c0695aea} [HKLM] -> %System32%\audiodev.dll [Portable Media Devices] -> Microsoft Corporation [Ver = 5.2.5721.5145 (WMP_11.061018-2006) | Size = 276992 bytes | Modified Date = 10/18/2006 10:47:08 PM | Attr = ]
{6413BA2C-B461-11d1-A18A-080036B11A03} [HKLM] -> %System32%\browseui.dll [Augmented Shell Folder 2] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1022976 bytes | Modified Date = 1/4/2007 10:05:28 AM | Attr = ]
{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} [HKLM] -> %System32%\shimgvw.dll [Shell 
Image Data Factory] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 438272 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{6756A641-DE71-11d0-831B-00AA005B4383} [HKLM] -> %System32%\browseui.dll [MRU AutoComplete List] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1022976 bytes | Modified Date = 1/4/2007 10:05:28 AM | Attr = ]
{675F097E-4C4D-11D0-B6C1-0800091AA605} [HKLM] -> %System32%\icmui.dll [ICM Printer Management] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 54784 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{67EA19A0-CCEF-11d0-8024-00C04FD75D13} [HKLM] -> %System32%\shdocvw.dll [CDF Extension Copy Hook] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1498112 bytes | Modified Date = 1/4/2007 10:05:30 AM | Attr = ]
{692F0339-CBAA-47e6-B5B5-3B84DB604E87} [HKLM] -> %System32%\extmgr.dll [Extensions Manager Folder] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 55808 bytes | Modified Date = 1/4/2007 10:05:28 AM | Attr = ]
{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} [HKLM] -> %System32%\browseui.dll [Custom MRU AutoCompleted List] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1022976 bytes | Modified Date = 1/4/2007 10:05:28 AM | Attr = ]
{6A205B57-2567-4A2C-B881-F787FAB579A3} [HKLM] -> %System32%\docprop2.dll [Microsoft DocProp Inplace Calendar Control] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 48128 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{6af09ec9-b429-11d4-a1fb-0090960218cb} [HKLM] -> %System32%\btneighborhood.dll [My Bluetooth Places] -> Broadcom Corporation. [Ver = 5.0.1.801 | Size = 1048653 bytes | Modified Date = 10/9/2005 1:20:56 AM | Attr = ]
{6b33163c-76a5-4b6c-bf21-45de9cd503a1} [HKLM] -> %System32%\netplwiz.dll [Shell Publishing Wizard Object] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 875008 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{7007ACC7-3202-11D1-AAD2-00805FC1270E} [HKLM] -> %System32%\netshell.dll [Network Connections] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1708032 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{7376D660-C583-11d0-A3A5-00C04FD706EC} [HKLM] -> %System32%\browseui.dll [TridentImageExtractor] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1022976 bytes | Modified Date = 1/4/2007 10:05:28 AM | Attr = ]
{7444C717-39BF-11D1-8CD9-00C04FC29D45} [HKLM] -> %System32%\cryptext.dll [Crypto PKO Extension] -> Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 53760 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{7444C719-39BF-11D1-8CD9-00C04FC29D45} [HKLM] -> %System32%\cryptext.dll [Crypto Sign Extension] -> Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 53760 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{750fdf0e-2a26-11d1-a3ea-080036587f03} [HKLM] -> %System32%\cscui.dll [Offline Files Menu] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 326656 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{77597368-7b15-11d0-a0c2-080036af3f03} [HKLM] -> %System32%\printui.dll [Web Printer Shell Extension] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 560640 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} [HKLM] -> %System32%\mstask.dll [Tasks Folder Shell Extension] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 274944 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{7988B573-EC89-11cf-9C00-00AA00A14F56} [HKLM] -> %System32%\dskquoui.dll [Disk Quota UI] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 144384 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{7A80E4A8-8005-11D2-BCF8-00C04F72C717} [HKLM] -> %System32%\mmcshext.dll [MMC Icon Handler] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 50688 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{7BA4C742-9E81-11CF-99D3-00AA004AE837} [HKLM] -> %System32%\browseui.dll [Microsoft BrowserBand] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1022976 bytes | Modified Date = 1/4/2007 10:05:28 AM | Attr = ]
{7BD29E00-76C1-11CF-9DD0-00A0C9034933} [HKLM] -> %System32%\shdocvw.dll [Temporary Internet Files] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1498112 bytes | Modified Date = 1/4/2007 10:05:30 AM | Attr = ]
{7BD29E01-76C1-11CF-9DD0-00A0C9034933} [HKLM] -> %System32%\shdocvw.dll [Temporary Internet Files] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1498112 bytes | Modified Date = 1/4/2007 10:05:30 AM | Attr = ]
{7D559C10-9FE9-11d0-93F7-00AA0059CE02} [HKLM] -> %System32%\webcheck.dll [Code Download Agent] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 276480 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{7e653215-fa25-46bd-a339-34a2790f3cb7} [HKLM] -> %System32%\browseui.dll [Accessible] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1022976 bytes | Modified Date = 1/4/2007 10:05:28 AM | Attr = ]
{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} [HKLM] -> %System32%\webcheck.dll [WebCheck SyncMgr Handler] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 276480 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{83bbcbf3-b28a-4919-a5aa-73027445d672} [HKLM] -> %System32%\wiashext.dll [Scanners & Cameras] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 589312 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{85BBD920-42A0-1069-A2E4-08002B30309D} [HKLM] -> %System32%\syncui.dll [Briefcase] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 191488 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{85E0B171-04FA-11D1-B7DA-00A0C90348D6} [HKLM] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll [Web Anti-Virus statistics] -> Kaspersky Lab [Ver = 6.0.2.614 | Size = 222864 bytes | Modified Date = 1/29/2007 11:44:18 PM | Attr = ]
{871C5380-42A0-1069-A2EA-08002B30309D} [HKLM] -> %System32%\shdocvw.dll [Internet Name Space] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1498112 bytes | Modified Date = 1/4/2007 10:05:30 AM | Attr = ]
{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} [HKLM] -> %System32%\shmedia.dll [Audio Media Properties Handler] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 151552 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{87D62D94-71B3-4b9a-9489-5FE6850DC73E} [HKLM] -> %System32%\shmedia.dll [Avi Properties Handler] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 151552 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{883373C3-BF89-11D1-BE35-080036B11A03} [HKLM] -> %System32%\docprop2.dll [Microsoft DocProp Shell Ext] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 48128 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} [HKLM] -> %System32%\zipfldr.dll [Compressed (zipped) Folder SendTo Target] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 337920 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{88C6C381-2E85-11D0-94DE-444553540000} [HKLM] -> %System32%\occache.dll [ActiveX Cache Folder] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 96256 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{8A23E65E-31C2-11d0-891C-00A024AB2DBB} [HKLM] -> %System32%\dsquery.dll [Directory Query UI] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 239104 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{8DD448E6-C188-4aed-AF92-44956194EB1F} [HKLM] -> %System32%\wmpshell.dll [Windows Media Player Burn Audio CD Context Menu Handler] -> Microsoft Corporation [Ver = 11.0.5721.5145 (WMP_11.061018-2006) | Size = 99840 bytes | Modified Date = 10/18/2006 10:47:20 PM | Attr = ]
{8EE97210-FD1F-4B19-91DA-67914005F020} [HKLM] -> %System32%\docprop2.dll [Microsoft DocProp Inplace ML Edit Box Control] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 48128 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{905667aa-acd6-11d2-8080-00805f6596d2} [HKLM] -> %System32%\wiashext.dll [Scanners & Cameras] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 589312 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{91EA3F8B-C99B-11d0-9815-00C04FD91972} [HKLM] -> %System32%\browseui.dll [Augmented Shell Folder] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1022976 bytes | Modified Date = 1/4/2007 10:05:28 AM | Attr = ]
{9461b922-3c5a-11d2-bf8b-00c04fb93661} [HKLM] -> %System32%\shdocvw.dll [Search Assistant OC] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1498112 bytes | Modified Date = 1/4/2007 10:05:30 AM | Attr = ]
{992CFFA0-F557-101A-88EC-00DD010CCC48} [HKLM] -> %System32%\netshell.dll [Network Connections] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1708032 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{9DB7A13C-F208-4981-8353-73CC61AE2783} [HKLM] -> %System32%\twext.dll [Previous Versions] -> Microsoft Corporation [Ver = 6.00.3800.2180 (xpsp_sp2_rtm.040803-2158) | Size = 44032 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{9DBD2C50-62AD-11d0-B806-00C04FD706EC} [HKLM] -> %System32%\shimgvw.dll [Summary Info Thumbnail handler (DOCFILES)] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 438272 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} [HKLM] -> %System32%\dsquery.dll [Shell properties for a DS object] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 239104 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} [HKLM] -> %System32%\sendmail.dll [Sendmail service] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 55296 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} [HKLM] -> %System32%\sendmail.dll [Sendmail service] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 55296 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{A08C11D2-A228-11d0-825B-00AA005B4383} [HKLM] -> %System32%\browseui.dll [Address EditBox] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1022976 bytes | Modified Date = 1/4/2007 10:05:28 AM | Attr = ]
{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} [HKLM] -> %System32%\shdocvw.dll [IE4 Suite Splash Screen] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1498112 bytes | Modified Date = 1/4/2007 10:05:30 AM | Attr = ]
{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} [HKLM] -> %System32%\shdocvw.dll [Microsoft Browser Architecture] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1498112 bytes | Modified Date = 1/4/2007 10:05:30 AM | Attr = ]
{A6FD9E45-6E44-43f9-8644-08598F5A74D9} [HKLM] -> %System32%\shmedia.dll [Midi Properties Handler] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 151552 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{A9CF0EAE-901A-4739-A481-E35B73E47F6D} [HKLM] -> %System32%\docprop2.dll [Microsoft DocProp Inplace Edit Box Control] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 48128 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} [HKLM] -> %System32%\webcheck.dll [Subscription Mgr] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 276480 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{acf35015-526e-4230-9596-becbe19f0ac9} [HKLM] -> %System32%\browseui.dll [Track Popup Bar] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1022976 bytes | Modified Date = 1/4/2007 10:05:28 AM | Attr = ]


----------



## bimmeracer (Mar 28, 2007)

{add36aa8-751a-4579-a266-d66f5202ccbb} [HKLM] -> %System32%\netplwiz.dll [Print Ordering via the Web] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 875008 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{AF4F6510-F982-11d0-8595-00AA004CD6D8} [HKLM] -> %System32%\browseui.dll [Registry Tree Options Utility] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1022976 bytes | Modified Date = 1/4/2007 10:05:28 AM | Attr = ]
{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} [HKLM] -> %System32%\cscui.dll [Offline Files Folder] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 326656 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR shell extension] -> [Ver = | Size = 126464 bytes | Modified Date = 9/14/2006 1:20:24 AM | Attr = ]
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} [HKLM] -> %ProgramFiles%\iTunes\iTunesMiniPlayer.dll [iTunes] -> Apple Inc. [Ver = 7.1.1.5 | Size = 132672 bytes | Modified Date = 3/14/2007 7:05:48 PM | Attr = ]
{BD472F60-27FA-11cf-B8B4-444553540000} [HKLM] -> %System32%\zipfldr.dll [Compressed (zipped) Folder Right Drag Handler] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 337920 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{BD84B380-8CA2-1069-AB1D-08000948F534} [HKLM] -> %System32%\fontext.dll [Fonts] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 382976 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Web Folders\msonsext.dll [Web Folders] -> Microsoft Corporation [Ver = 11.0.7719.1 | Size = 797184 bytes | Modified Date = 5/19/2005 6:53:38 PM | Attr = ]
{c5a40261-cd64-4ccf-84cb-c394da41d590} [HKLM] -> %System32%\shmedia.dll [Video Thumbnail Extractor] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 151552 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{CC6EEFFB-43F6-46c5-9619-51D571967F7D} [HKLM] -> %System32%\netplwiz.dll [Web Publishing Wizard] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 875008 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} [HKLM] -> %System32%\wmpshell.dll [Windows Media Player Play as Playlist Context Menu Handler] -> Microsoft Corporation [Ver = 11.0.5721.5145 (WMP_11.061018-2006) | Size = 99840 bytes | Modified Date = 10/18/2006 10:47:20 PM | Attr = ]
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} [HKLM] -> %System32%\shdocvw.dll [Microsoft Url Search Hook] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1498112 bytes | Modified Date = 1/4/2007 10:05:30 AM | Attr = ]
{CFCCC7A0-A282-11D1-9082-006008059382} [HKLM] -> %System32%\appwiz.cpl [Darwin App Publisher] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 549888 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{D20EA4E1-3957-11d2-A40B-0C5020524152} [HKLM] -> %System32%\shdocvw.dll [Fonts] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1498112 bytes | Modified Date = 1/4/2007 10:05:30 AM | Attr = ]
{D20EA4E1-3957-11d2-A40B-0C5020524153} [HKLM] -> %System32%\shdocvw.dll [Administrative Tools] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1498112 bytes | Modified Date = 1/4/2007 10:05:30 AM | Attr = ]
{D6277990-4C6A-11CF-8D87-00AA0060F5BF} [HKLM] -> %System32%\mstask.dll [Scheduled Tasks] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 274944 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} [HKLM] -> %System32%\WpdShext.dll [Portable Devices Menu] -> Microsoft Corporation [Ver = 5.2.5721.5145 (WMP_11.061018-2006) | Size = 2603008 bytes | Modified Date = 10/18/2006 10:47:22 PM | Attr = ]
{D8BD2030-6FC9-11D0-864F-00AA006809D9} [HKLM] -> %System32%\webcheck.dll [PostAgent] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 276480 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{DBCE2480-C732-101B-BE72-BA78E9AD5B27} [HKLM] -> %System32%\icmui.dll [ICC Profile] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 54784 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} [HKLM] -> %System32%\mstask.dll [Tasks Folder Icon Handler] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 274944 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{DD313E04-FEFF-11d1-8ECD-0000F87A470C} [HKLM] -> %System32%\browseui.dll [User Assist] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1022976 bytes | Modified Date = 1/4/2007 10:05:28 AM | Attr = ]
{E211B736-43FD-11D1-9EFB-0000F8757FCD} [HKLM] -> %System32%\wiashext.dll [Scanners & Cameras] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 589312 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} [HKLM] -> %System32%\dfshim.dll [Shell Icon Handler for Application References] -> Microsoft Corporation [Ver = 2.0.50727.42 (RTM.050727-4200) | Size = 83456 bytes | Modified Date = 9/23/2005 7:28:38 AM | Attr = ] 
{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} [HKLM] -> %System32%\webcheck.dll [WebCheckChannelAgent] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 276480 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{E4B29F9D-D390-480b-92FD-7DDB47101D71} [HKLM] -> %System32%\shmedia.dll [Wav Properties Handler] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 151552 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{e57ce731-33e8-4c51-8354-bb4de9d215d1} [HKLM] -> %System32%\upnpui.dll [Universal Plug and Play Devices] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 239616 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} [HKLM] -> %System32%\webcheck.dll [ConnectionAgent] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 276480 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKLM] -> %System32%\webcheck.dll [WebCheck] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 276480 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} [HKLM] -> %System32%\shdocvw.dll [Shell DocObject Viewer] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1498112 bytes | Modified Date = 1/4/2007 10:05:30 AM | Attr = ]
{e82a2d71-5b2f-43a0-97b8-81be15854de8} [HKLM] -> %System32%\dfshim.dll [ShellLink for Application References] -> Microsoft Corporation [Ver = 2.0.50727.42 (RTM.050727-4200) | Size = 83456 bytes | Modified Date = 9/23/2005 7:28:38 AM | Attr = ]
{e84fda7c-1d6a-45f6-b725-cb260c236066} [HKLM] -> %System32%\shimgvw.dll [Shell Image Verbs] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 438272 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} [HKLM] -> %System32%\zipfldr.dll [Compressed (zipped) Folder] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 337920 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} [HKLM] -> %System32%\webcheck.dll [TrayAgent] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 276480 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{EAB841A0-9550-11cf-8C16-00805F1408F3} [HKLM] -> %System32%\shimgvw.dll [HTML Thumbnail Extractor] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 438272 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} [HKLM] -> %System32%\shimgvw.dll [Shell Image Property Handler] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 438272 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} [HKLM] -> %System32%\dfsshlex.dll [DfsShell] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 28672 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{ECD4FC4C-521C-11D0-B792-00A0C90312E1} [HKLM] -> %System32%\browseui.dll [Shell DeskBar] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1022976 bytes | Modified Date = 1/4/2007 10:05:28 AM | Attr = ]
{ECD4FC4D-521C-11D0-B792-00A0C90312E1} [HKLM] -> %System32%\browseui.dll [Shell Rebar BandSite] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1022976 bytes | Modified Date = 1/4/2007 10:05:28 AM | Attr = ]
{ECD4FC4E-521C-11D0-B792-00A0C90312E1} [HKLM] -> %System32%\browseui.dll [Shell Band Site Menu] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1022976 bytes | Modified Date = 1/4/2007 10:05:28 AM | Attr = ]
{ECF03A32-103D-11d2-854D-006008059367} [HKLM] -> %System32%\mydocs.dll [MyDocs Drop Target] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 90624 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{ECF03A33-103D-11d2-854D-006008059367} [HKLM] -> %System32%\mydocs.dll [MyDocs Copy Hook] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 90624 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} [HKLM] -> %System32%\browseui.dll [Global Folder Settings] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1022976 bytes | Modified Date = 1/4/2007 10:05:28 AM | Attr = ]
{EFA24E61-B078-11d0-89E4-00C04FC9E26E} [HKLM] -> %System32%\shdocvw.dll [Favorites Band] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1498112 bytes | Modified Date = 1/4/2007 10:05:30 AM | Attr = ]
{EFA24E64-B078-11d0-89E4-00C04FC9E26E} [HKLM] -> %System32%\shdocvw.dll [Explorer Band] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1498112 bytes | Modified Date = 1/4/2007 10:05:30 AM | Attr = ]
{F0152790-D56E-4445-850E-4F3117DB740C} [HKLM] -> %System32%\remotepg.dll [Remote Sessions CPL Extension] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 60416 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{F020E586-5264-11d1-A532-0000F8757D7E} [HKLM] -> %System32%\dsquery.dll [Directory Start/Search Find] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 239104 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} [HKLM] -> %System32%\wmpshell.dll [Windows Media Player Add to Playlist Context Menu Handler] -> Microsoft Corporation [Ver = 11.0.5721.5145 (WMP_11.061018-2006) | Size = 99840 bytes | Modified Date = 10/18/2006 10:47:20 PM | Attr = ]
{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} [HKLM] -> %System32%\rshx32.dll [Printers Security Page] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 39936 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{f39a0dc0-9cc8-11d0-a599-00c04fd64433} [HKLM] -> %System32%\cdfview.dll [Channel File] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 151040 bytes | Modified Date = 1/4/2007 10:05:28 AM | Attr = ]
{f3aa0dc0-9cc8-11d0-a599-00c04fd64434} [HKLM] -> %System32%\cdfview.dll [Channel Shortcut] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 151040 bytes | Modified Date = 1/4/2007 10:05:28 AM | Attr = ]
{f3ba0dc0-9cc8-11d0-a599-00c04fd64435} [HKLM] -> %System32%\cdfview.dll [Channel Handler Object] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 151040 bytes | Modified Date = 1/4/2007 10:05:28 AM | Attr = ]
{f3da0dc0-9cc8-11d0-a599-00c04fd64437} [HKLM] -> %System32%\cdfview.dll [Channel Menu] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 151040 bytes | Modified Date = 1/4/2007 10:05:28 AM | Attr = ]
{f3ea0dc0-9cc8-11d0-a599-00c04fd64438} [HKLM] -> %System32%\cdfview.dll [Channel Properties] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 151040 bytes | Modified Date = 1/4/2007 10:05:28 AM | Attr = ]
{F5175861-2688-11d0-9C5E-00AA00A45957} [HKLM] -> %System32%\webcheck.dll [Subscription Folder] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 276480 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{F61FFEC1-754F-11d0-80CA-00AA005B4383} [HKLM] -> %System32%\browseui.dll [BandProxy] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1022976 bytes | Modified Date = 1/4/2007 10:05:28 AM | Attr = ]
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} [HKLM] -> %System32%\ntshrui.dll [Shell extensions for sharing] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 143872 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{f92e8c40-3d33-11d2-b1aa-080036a75b03} [HKLM] -> %System32%\deskperf.dll [Display TroubleShoot CPL Extension] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 18432 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} [HKLM] -> %System32%\wiashext.dll [Scanners & Cameras] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 589312 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{FBF23B40-E3F0-101B-8488-00AA003E56F8} [HKLM] -> %System32%\shdocvw.dll [InternetShortcut] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1498112 bytes | Modified Date = 1/4/2007 10:05:30 AM | Attr = ]
{FF393560-C2A7-11CF-BFF4-444553540000} [HKLM] -> %System32%\shdocvw.dll [History] -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1498112 bytes | Modified Date = 1/4/2007 10:05:30 AM | Attr = ]
< BotCheck > -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate not found. -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos;msv1_0;schannel;wdigest; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 864 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> °T °¤[email protected]< Hš
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 5^Ù Ä^Ö«ú -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> ÚÌŠº6 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> q¶¸3 
]\‹üò¹ � Ì -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> ð]Ö"1ìÆ -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe -k netsvcs -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 26672 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Chad P\Desktop\utorrent.exe -> C:\Documents and Settings\Chad P\Desktop\utorrent.exe:*:Enabled:µTorrent -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\utorrent.exe -> C:\Program Files\utorrent.exe:*:Enabled:µTorrent -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> C:\Program


----------



## bimmeracer (Mar 28, 2007)

Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe -> C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Opera\Opera.exe -> C:\Program Files\Opera\Opera.exe:*:Enabled:Opera -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNetisabledxpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNetisabledxpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNetisabledxpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNetisabledxpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe -k netsvcs -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{0D2E74C4-3C34-11d2-A27E-00C04FC30871} [HKLM] -> %System32%\shell32.dll [Reg Data - Value does not exist] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 12/19/2006 5:52:18 PM | Attr = ]
{24F14F01-7B1C-11d1-838f-0000F80461CF} [HKLM] -> %System32%\shell32.dll [Reg Data - Value does not exist] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 12/19/2006 5:52:18 PM | Attr = ]
{24F14F02-7B1C-11d1-838f-0000F80461CF} [HKLM] -> %System32%\shell32.dll [Reg Data - Value does not exist] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 12/19/2006 5:52:18 PM | Attr = ]
{66742402-F9B9-11D1-A202-0000F81FEDEE} [HKLM] -> %System32%\shell32.dll [Reg Data - Value does not exist] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 12/19/2006 5:52:18 PM | Attr = ]
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Modified Date = 12/14/2004 2:20:02 AM | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} [HKLM] -> %System32%\shell32.dll [Start Menu Pin] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 12/19/2006 5:52:18 PM | Attr = ]
{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} [HKLM] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBShell.dll [NBShellHook Class] -> Nero AG [Ver = 2, 6, 5, 0 | Size = 73728 bytes | Modified Date = 9/12/2006 9:56:02 PM | Attr = ]
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 10/6/2006 7:40:48 AM | Attr = ]
{7895F317-A125-42CC-BD3E-5830765CE577} [HKLM] -> %ProgramFiles%\Creative\Shared Files\CtCmeCtx.dll [CTMTPMediaExplorer] -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 98304 bytes | Modified Date = 9/21/2005 5:32:58 AM | Attr = ]
{dd230880-495a-11d1-b064-008048ec2fc5} [HKLM] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 6.0\shellex.dll [Kaspersky Anti-Virus] -> Kaspersky Lab [Ver = 6.0.2.614 | Size = 34368 bytes | Modified Date = 1/29/2007 11:02:14 PM | Attr = ]
{750fdf0e-2a26-11d1-a3ea-080036587f03} [HKLM] -> %System32%\cscui.dll [Offline Files] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 326656 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{09799AFB-AD67-11d1-ABCD-00C04FC30936} [HKLM] -> %System32%\shell32.dll [Open With] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 12/19/2006 5:52:18 PM | Attr = ]
{A470F8CF-A1E8-4f65-8335-227475AA5C46} [HKLM] -> %System32%\shell32.dll [Open With EncryptionMenu] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 12/19/2006 5:52:18 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Modified Date = 9/14/2006 1:20:24 AM | Attr = ]
{5464D816-CF16-4784-B9F3-75C0DB52B499} [HKLM] -> %ProgramFiles%\Yahoo!\Common\ymmapi.dll [Yahoo! Mail] -> Yahoo! Inc. [Ver = 2004, 11, 23, 1 | Size = 180848 bytes | Modified Date = 11/23/2004 10:59:58 AM | Attr = ]
< ContextMenuHandlers - AllFilesystemObjects [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
{7BA4C740-9E81-11CF-99D3-00AA004AE837} [HKLM] -> %System32%\shell32.dll [Send To] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 12/19/2006 5:52:18 PM | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 10/6/2006 7:40:48 AM | Attr = ]
{A470F8CF-A1E8-4f65-8335-227475AA5C46} [HKLM] -> %System32%\shell32.dll [EncryptionMenu] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 12/19/2006 5:52:18 PM | Attr = ]
{750fdf0e-2a26-11d1-a3ea-080036587f03} [HKLM] -> %System32%\cscui.dll [Offline Files] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 326656 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} [HKLM] -> %System32%\ntshrui.dll [Sharing] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 143872 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Modified Date = 9/14/2006 1:20:24 AM | Attr = ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
{D969A300-E7FF-11d0-A93B-00A0C90F2719} [HKLM] -> %System32%\shell32.dll [New] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 12/19/2006 5:52:18 PM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} [HKLM] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBShell.dll [NBShellHook Class] -> Nero AG [Ver = 2, 6, 5, 0 | Size = 73728 bytes | Modified Date = 9/12/2006 9:56:02 PM | Attr = ]
{7895F317-A125-42CC-BD3E-5830765CE577} [HKLM] -> %ProgramFiles%\Creative\Shared Files\CtCmeCtx.dll [CTMTPMediaExplorer] -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 98304 bytes | Modified Date = 9/21/2005 5:32:58 AM | Attr = ]
{dd230880-495a-11d1-b064-008048ec2fc5} [HKLM] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 6.0\shellex.dll [Kaspersky Anti-Virus] -> Kaspersky Lab [Ver = 6.0.2.614 | Size = 34368 bytes | Modified Date = 1/29/2007 11:02:14 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Modified Date = 9/14/2006 1:20:24 AM | Attr = ]
< ControlSets > -> 
HKEY_LOCAL_MACHINE\SYSTEM\Select\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\Select\\Current -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\Select\\Default -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\Select\\Failed -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\Select\\LastKnownGood -> 3 -> 
< Disabled MSConfig Folder Items[HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk -> %ProgramFiles%\WIDCOMM\Bluetooth Software\BTTray.exe -> Broadcom Corporation. [Ver = 5.0.1.801 | Size = 610365 bytes | Modified Date = 10/9/2005 1:16:54 AM | Attr = ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DeLorme Serial Emulator.lnk -> %CommonProgramFiles%\DeLorme\DeLSerial\DeLSerial.exe -> DeLorme Publishing Co., Inc. [Ver = 1.00.00 | Size = 409600 bytes | Modified Date = 6/14/2005 6:53:00 PM | Attr = ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/29/2003 3:06:00 AM | Attr = ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GhostSurf proxy.lnk -> %ProgramFiles%\GhostSurf 2005\Proxy.exe -> Tenebril Incorporated [Ver = 0.10 | Size = 86133 bytes | Modified Date = 2/21/2004 7:12:28 PM | Attr = ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk -> %ProgramFiles%\palmOne\Hotsync.exe -> PalmSource, Inc [Ver = 6.0.1 | Size = 471040 bytes | Modified Date = 6/9/2004 2:27:34 PM | Attr = ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LaunchTouchMon.lnk -> %ProgramFiles%\TouchKit\LaunchTouchMon.exe -> [Ver = 4, 3, 7, 3321 | Size = 118784 bytes | Modified Date = 9/21/2006 12:51:22 AM | Attr = ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Virtual Serial Port for DeLorme.lnk -> %CommonProgramFiles%\DeLorme\DeLSerial\VspStartup.exe -> [Ver = | Size = 200704 bytes | Modified Date = 2/7/2005 11:19:00 AM | Attr = ]
C:^Documents and Settings^Chad P^Start Menu^Programs^Startup^Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 3/16/2005 9:16:50 PM | Attr = ]
C:^Documents and Settings^Chad P^Start Menu^Programs^Startup^Key Launcher.lnk -> %ProgramFiles%\Key Launcher\KLaunch.exe -> Darren Wray [Ver = 1, 0, 0, 0 | Size = 311365 bytes | Modified Date = 4/19/2004 3:27:18 PM | Attr = ]
C:^Documents and Settings^Chad P^Start Menu^Programs^Startup^palmOne Registration.lnk -> %ProgramFiles%\palmOne\register.exe -> palmOne/Leader Technologies [Ver = 5.24 | Size = 2367488 bytes | Modified Date = 9/19/2005 1:20:36 PM | Attr = ]
C:^Documents and Settings^Chad P^Start Menu^Programs^Startup^PdaReach Desktop.lnk -> %ProgramFiles%\PdaReach\PdaReach.exe -> [Ver = | Size = 176128 bytes | Modified Date = 6/19/2005 5:18:30 PM | Attr = ]
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
AS00_Gear511 -> %ProgramFiles%\NETGEAR\WG511SCU\Utility\Gear511.exe -> [Ver = 2, 52, 29, 4 | Size = 1122412 bytes | Modified Date = 1/20/2006 2:14:20 PM | Attr = ]
ATIModeChange -> %System32%\Ati2mdxx.exe -> ATI Technologies, Inc. [Ver = 4.13.3 | Size = 28672 bytes | Modified Date = 9/4/2001 4:24:26 PM | Attr = ]
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5028 | Size = 335872 bytes | Modified Date = 7/29/2003 1:30:00 PM | Attr = ]
AVG7_CC -> %SystemDrive%\PROGRA~1\Grisoft\AVG7\avgcc.exe -> File not found
AVP -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe -> Kaspersky Lab [Ver = 6.0.2.614 | Size = 200768 bytes | Modified Date = 1/29/2007 11:02:04 PM | Attr = ]
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> Nero AG [Ver = 1, 5, 0, 13 | Size = 139264 bytes | Modified Date = 9/13/2006 11:12:52 AM | Attr = ]
BluetoothAuthenticationAgent -> %System32%\bthprops.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 110592 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
Broadcom Wireless Manager UI -> %System32%\WLTRAY.EXE -> Dell Inc. [Ver = 4.10.47.3 | Size = 1347584 bytes | Modified Date = 12/19/2005 9:08:42 AM | Attr = ]
ClearTKHandle -> %ProgramFiles%\TouchKit\ClearTKHandle.exe -> [Ver = 4, 3, 7, 3321 | Size = 114688 bytes | Modified Date = 9/21/2006 12:51:46 AM | Attr = ]
Creative Detector -> %ProgramFiles%\Creative\MediaSource\Detector\CTDetect.exe -> Creative Technology Ltd [Ver = 3.0.2.0 | Size = 102400 bytes | Modified Date = 12/2/2004 6:23:34 PM | Attr = ]
DAEMON Tools -> %ProgramFiles%\DAEMON Tools\daemon.exe -> DT Soft Ltd. [Ver = 4.06.0.0 | Size = 157592 bytes | Modified Date = 9/14/2006 4:09:08 PM | Attr = ]
GhostSurfDelSatellite -> %ProgramFiles%\GhostSurf 2005\DeleteSatellite.exe -> Tenebril Incorporated [Ver = 1, 0, 0, 1 | Size = 53248 bytes | Modified Date = 11/1/2006 1:19:46 AM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 257088 bytes | Modified Date = 3/14/2007 7:05:48 PM | Attr = ]
MSMSGS -> %ProgramFiles%\Messenger\msmsgs.exe -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 10/13/2004 12:24:38 PM | Attr = ]
NeroFilterCheck -> %CommonProgramFiles%\Ahead\Lib\NeroCheck.exe -> Nero AG [Ver = 1, 0, 0, 5 | Size = 155648 bytes | Modified Date = 1/12/2006 4:40:44 PM | Attr = ]
PeerGuardian -> %ProgramFiles%\PeerGuardian2\pg2.exe -> Methlabs [Ver = 1, 0, 6, 4 | Size = 1421824 bytes | Modified Date = 9/18/2005 7:40:42 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\K-Lite Codec Pack\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.5 | Size = 282624 bytes | Modified Date = 2/16/2007 10:54:04 AM | Attr = ]
SigmaTel StacMon -> %ProgramFiles%\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe -> SigmaTel Inc. [Ver = 1, 0, 0, 3 | Size = 90169 bytes | Modified Date = 4/29/2004 2:15:00 PM | Attr = ]
Spyware Doctor -> %ProgramFiles%\Spyware Doctor\swdoctor.exe -> PC Tools Research Pty Ltd [Ver = 4.0.0.2621 | Size = 3375104 bytes | Modified Date = 3/19/2007 3:36:50 AM | Attr = ]
STYLEXP -> %ProgramFiles%\TGTSoft\StyleXP\StyleXP.exe -> [Ver = 0, 30, 19, 0 | Size = 1372160 bytes | Modified Date = 5/24/2006 2:31:40 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Modified Date = 11/10/2005 1:03:52 PM | Attr = ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.908.4150\GoogleToolbarNotifier.exe -> File not found
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.4.6 08Mar06 | Size = 761947 bytes | Modified Date = 3/8/2006 12:48:02 PM | Attr = ]
updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 3/30/2006 4:45:08 PM | Attr = R ]
ViewpointPhotosDeviceConnect -> %CommonProgramFiles%\Viewpoint\Toolbar Runtime\3.7.0\FotomatDeviceConnect.exe -> File not found
WhenUSearch -> %ProgramFiles%\WhenUSearch\Search.exe -> File not found
WhenUSearchWHSE -> %ProgramFiles%\WhenUSearch\whse.exe -> File not found
WinampAgent -> %ProgramFiles%\Winamp\winampa.exe -> [Ver = | Size = 12288 bytes | Modified Date = 4/1/2003 10:20:38 PM | Attr = ]
XPort -> %UserDesktop%\Carputer\XPort.exe -> CuriousTech [Ver = 1, 0, 3, 0 | Size = 51390 bytes | Modified Date = 8/22/2006 1:29:44 AM | Attr = ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,195 | Size = 4662776 bytes | Modified Date = 10/24/2006 5:10:18 PM | Attr = ]
Zone Labs Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> File not found
Zune Launcher -> %ProgramFiles%\Zune\ZuneLauncher.exe -> Microsoft Corporation [Ver = 1.2.5511.0 (Zune.061212-1431) | Size = 21464 bytes | Modified Date = 12/12/2006 3:45:50 PM | Attr = ]
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\
.bat [@ = batfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} -> 
.chm [@ = chm.file] -> PersistentHandler = Reg Data - Key not found -> 
.cmd [@ = cmdfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} -> 
.com [@ = comfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} -> 
.cpl [@ = cplfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} -> 
.exe [@ = exefile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} -> 
.hlp [@ = hlpfile] -> PersistentHandler = Reg Data - Key not found -> 
.hta [@ = htafile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} -> 
.html [@ = FirefoxHTML] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} -> 
.inf [@ = inffile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} -> 
.ini [@ = inifile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} -> 
.url [@ = InternetShortcut] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} -> 
.js [@ = JSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} -> 
.jse [@ = JSEFile] -> PersistentHandler = Reg Data - Key not found -> 
.pif [@ = piffile] -> PersistentHandler = Reg Data - Key not found -> 
.reg [@ = regfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} -> 
.scr [@ = scrfile] -> PersistentHandler = Reg Data - Key not found -> 
.txt [@ = txtfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} -> 
.vbe [@ = VBEFile] -> PersistentHandler = Reg Data - Key not found -> 
.vbs [@ = VBSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} -> 
.wsf [@ = WSFFile] -> PersistentHandler = Reg Data - Key not found -> 
.wsh [@ = WSHFile] -> PersistentHandler = Reg Data - Key not found -> 
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8192 - Sun Java Console -> 
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} -> 8199 - Reg Data - Value does not exist -> 
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -> 8197 - Reg Data - Value does not exist -> 
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -> 8193 - Reg Data - Value does not exist -> 
{CCA281CA-C863-46ef-9331-5C8D4460577F} -> 8194 - @btrez.dll,-12650 -> 
{e2e2dd38-d088-4134-82b7-f2ba38496583} -> 8198 - @xpsp3res.dll,-20001 -> 
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -> 8195 - Yahoo! Messenger -> 
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8196 - Windows Messenger -> 
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> 
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer not found. -> -> 
< Security Settings > -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Start -> 3 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ImagePath -> %SystemRoot%\system32\svchost.exe -k netsvcs -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DisplayName -> Background Intelligent Transfer Service -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnService -> RpcSs; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnGroup -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Description -> Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\FailureActions -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\\ServiceDll -> C:\WINDOWS\system32\qmgr.dll -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\0 -> Root\LEGACY_BITS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->


----------



## bimmeracer (Mar 28, 2007)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe -k netsvcs -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 26672 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Chad P\Desktop\utorrent.exe -> C:\Documents and Settings\Chad P\Desktop\utorrent.exe:*:Enabled:µTorrent -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\utorrent.exe -> C:\Program Files\utorrent.exe:*:Enabled:µTorrent -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe -> C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Opera\Opera.exe -> C:\Program Files\Opera\Opera.exe:*:Enabled:Opera -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNetisabledxpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNetisabledxpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNetisabledxpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNetisabledxpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe -k netsvcs -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
< Session Manager Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
BootExecute -> autocheck autochk *; -> 
< Session Manager Environment Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment
ComSpec -> C:\WINDOWS\system32\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 388608 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
TEMP -> %SystemRoot%\TEMP -> 
TMP -> %SystemRoot%\TEMP -> 
windir -> %SystemRoot% -> 
*Path* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path -> 
%SystemRoot%\system32 -> -> 
%SystemRoot% -> -> 
%SystemRoot%\System32\Wbem -> -> 
C:\Program Files\ATI Technologies\ATI Control Panel -> -> 
C:\Program Files\Common Files\Adobe\AGL -> -> 
C:\Program Files\K-Lite Codec Pack\QuickTime\QTSystem\ -> -> 
*PATHEXT* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT -> 
.COM -> -> 
.EXE -> -> 
.BAT -> -> 
.CMD -> -> 
.VBS -> -> 
.VBE -> -> 
.JS -> -> 
.JSE -> -> 
.WSF -> -> 
.WSH -> -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command
batfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
batfile [open] -> "%1" %* -> 
batfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
chm.file [open] -> "%SystemRoot%\hh.exe" %1 -> Microsoft Corporation [Ver = 5.2.3790.2453 (srv03_sp1_gdr.050525-1542) | Size = 10752 bytes | Modified Date = 5/26/2005 7:22:02 PM | Attr = ]
cmdfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
cmdfile [open] -> "%1" %* -> 
cmdfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
comfile [open] -> "%1" %* -> 
cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL "%1",%* -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 12/19/2006 5:52:18 PM | Attr = ]
exefile [open] -> "%1" %* -> 
helpfile [open] -> winhlp32.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 283648 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
hlpfile [open] -> %SystemRoot%\System32\winhlp32.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 8192 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
htafile [open] -> %System32%\mshta.exe "%1" %* -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 29184 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
htmlfile [edit] -> Reg Data - Key not found -> 
htmlfile [open] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" -nohome -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
htmlfile [opennew] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" %1 -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
htmlfile [print] -> rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 3062272 bytes | Modified Date = 1/4/2007 10:05:30 AM | Attr = ]
http [open] -> %SystemDrive%\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" -requestPending -> Mozilla Corporation [Ver = 1.8.1.2: 2007021917 | Size = 7633008 bytes | Modified Date = 2/24/2007 1:53:26 PM | Attr = ]
https [open] -> %SystemDrive%\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" -requestPending -> Mozilla Corporation [Ver = 1.8.1.2: 2007021917 | Size = 7633008 bytes | Modified Date = 2/24/2007 1:53:26 PM | Attr = ]
inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33280 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
inffile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
inffile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
inifile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
inifile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
InternetShortcut [open] -> rundll32.exe shdocvw.dll,OpenURL %l -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 1498112 bytes | Modified Date = 1/4/2007 10:05:30 AM | Attr = ]
InternetShortcut [print] -> rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" -> Microsoft Corporation [Ver = 6.00.2900.3059 (xpsp_sp2_qfe.070104-0040) | Size = 3062272 bytes | Modified Date = 1/4/2007 10:05:30 AM | Attr = ]
jsfile [edit] -> "%ProgramFiles%\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" -> Macromedia, Inc. [Ver = 8.0.0.2734 | Size = 14602240 bytes | Modified Date = 8/30/2005 5:04:14 PM | Attr = ]
jsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
jsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
jsefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
jsefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
jsefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
piffile [open] -> "%1" %* -> 
regfile [edit] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
regfile [open] -> regedit.exe "%1" -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 146432 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
regfile [merge] -> Reg Data - Key not found -> 
regfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
scrfile [config] -> "%1" -> 
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 135168 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
scrfile [open] -> "%1" /S -> 
txtfile [edit] -> Reg Data - Key not found -> 
txtfile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
txtfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
txtfile [printto] -> %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
vbefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
vbefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
vbefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
vbsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
vbsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
vbsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
wsffile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
wsffile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
wsffile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
wshfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 12/19/2006 5:52:18 PM | Attr = ]
Directory [find] -> %SystemRoot%\Explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
Directory [Winamp.Bookmark] -> "%ProgramFiles%\Winamp\Winamp.exe" /BOOKMARK "%1" -> Nullsoft [Ver = 2.95 | Size = 854016 bytes | Modified Date = 6/25/2003 12:22:12 AM | Attr = ]
Directory [Winamp.Enqueue] -> "%ProgramFiles%\Winamp\Winamp.exe" /ADD "%1" -> Nullsoft [Ver = 2.95 | Size = 854016 bytes | Modified Date = 6/25/2003 12:22:12 AM | Attr = ]
Directory [Winamp.Play] -> "%ProgramFiles%\Winamp\Winamp.exe" "%1" -> Nullsoft [Ver = 2.95 | Size = 854016 bytes | Modified Date = 6/25/2003 12:22:12 AM | Attr = ]
Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
Drive [find] -> %SystemRoot%\Explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
Applications\iexplore.exe [open] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" %1 -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
< Uninstall List > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
{0837A661-FEC3-48B3-876C-91E7D32048A9} -> Macromedia Dreamweaver 8 -> 
{0BEDBD4E-2D34-47B5-9973-57E62B29307C} -> ATI Control Panel -> 
{0F9196C6-58B4-445B-B56E-B1200FECC151} -> Microsoft Bootvis -> 
{102745C4-5956-4B71-8D4A-8581A0497607} -> AV Album Art Fixer for MCE and WMP -> 
{18D10072035C4515918F7E37EAFAACFC} -> AutoUpdate -> 
{2318C2B1-4965-11d4-9B18-009027A5CD4F} -> Google Toolbar for Internet Explorer -> 
{236BB7C4-4419-42FD-0409-1E257A25E34D} -> Adobe Photoshop CS2 -> 
{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC} -> Creative MediaSource -> 
{2F8C106A-7DFC-45DE-8006-F9145AADF1D8} -> iPod Updater 2004-08-06 -> 
{3248F0A8-6813-11D6-A77B-00B0D0150060} -> J2SE Runtime Environment 5.0 Update 6 -> 
{3248F0A8-6813-11D6-A77B-00B0D0160000} -> Java(TM) SE Runtime Environment 6 -> 
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP -> 
{3875B963-E867-44B9-8637-54ACA5C713DF} -> PlasmaVis -> 
{3F4EC965-28EF-45C3-B063-04B25D4E9679} -> WIDCOMM Bluetooth Software -> 
{5546CDB5-2CE2-498B-B059-5B3BF81FC41F} -> Macromedia Extension Manager -> 
{5A710547-B58E-488B-828D-CA9A25A0533C} -> MSXML 6.0 Parser (KB927977) -> 
{5D582D33-EB35-4D77-B7AF-403322D947E6} -> Opera 9.10 -> 
{5E863175-E85D-44A6-8968-82507D34AE7F} -> QuickTime -> 
{7131646D-CD3C-40F4-97B9-CD9E4E6262EF} -> Microsoft .NET Framework 2.0 -> 
{786C5747-1033-0000-B58E-000000000001} -> Adobe Stock Photos 1.0 -> 
{786C5747-1437-443D-B06E-79A00FE45110} -> Adobe Stock Photos 1.0 -> 
{7959721D-8268-4565-9E0E-C41A9F4848A9} -> SigmaTel AC97 Audio Drivers -> 
{7B63B2922B174135AFC0E1377DD81EC2} -> DivX Codec -> 
{7F142D56-3326-11D5-B229-002078017FBF} -> Modem Helper -> 
{8A3DECA0-EB4D-4FDC-A706-B88A3640A212} -> DeLorme Serial Emulator -> 
{8ADFC4160D694100B5B8A22DE9DCABD9} -> DivX Player -> 
{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AE} -> URGE -> 
{8C30E1DC-D83E-4A90-AD02-1A275FC71033} -> Nero 7 Ultra Edition -> 
{8EDBA74D-0686-4C99-BFDD-F894678E5102} -> Adobe Common File Installer -> 
{8FFC924C-ED06-44CB-8867-3CA778ECE903} -> Adobe Help Center 2.0 -> 
{90110409-6000-11D3-8CFE-0150048383C9} -> Microsoft Office Professional Edition 2003 -> 
{91A77B88-7702-453F-8AA5-545CFD07A1DD} -> iGuidance -> 
{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE} -> Broadcom 440x 10/100 Integrated Controller -> 
{A462213D-EED4-42C2-9A60-7BDD4D4B0B17} -> SigmaTel Audio -> 
{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D} -> Apple Software Update -> 
{AB90749C-7422-4580-8A7A-66CC5E9E5F98} -> iTunes -> 
{AC76BA86-7AD7-1033-7B44-A70800000002} -> Adobe Reader 7.0.8 -> 
{AC76BA86-7AD7-5760-0000-705000000001} -> Adobe Reader Japanese Fonts -> 
{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A} -> Adobe Bridge 1.0 -> 
{B13A7C41581B411290FBC0395694E2A9} -> DivX Converter -> 
{B7050CBDB2504B34BC2A9CA0A692CC29} -> DivX Web Player -> 
{C6A750AE-6029-4435-9A8D-06507AA46798} -> TouchKit -> 
{C9D20484-D3CC-4CD2-B1ED-B72A9CEFD45D} -> NETGEAR 108 Mbps Wireless PC Card WG511T -> 
{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1 -> 
{D0DCD54F-C829-41A5-AF32-71E632BB0E2C} -> Kaspersky Internet Security 6.0 -> 
{D78653C3-A8FF-415F-92E6-D774E634FF2D} -> Dell ResourceCD -> 
{DC3065BF-95B4-42C5-B47D-0B713CDA75D0} -> Creative Zen Vision M -> 
{E646DCF0-5A68-11D5-B229-002078017FBF} -> Digital Line Detect -> 
{ED55BFEF-90F3-4926-9536-D94FDBBF65DC} -> Zune -> 
{F5346614-B7C4-4E94-826A-E2363155233D} -> EasyCleaner -> 
{FA17A726-B229-4116-B793-A2AB1A4EAE2E} -> Adobe Premiere Pro 2.0 -> 
{FF24F097-D090-41D2-8E9C-BAFEBBFD938C} -> palmOne -> 
Ad-Aware SE Personal -> Ad-Aware SE Personal -> 
Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D} -> Adobe Photoshop CS2 -> 
Adobe Premiere Pro 2.0 -> Adobe Premiere Pro 2.0 -> 
All ATI Software -> ATI - Software Uninstall Utility -> 
Aspell English Dictionary_is1 -> Aspell English Dictionary-0.50-2 -> 
ATI Display Driver -> ATI Display Driver -> 
AVGAntiSpyware75 -> AVG Anti-Spyware 7.5 -> 
Broadcom 802.11b Network Adapter -> Dell Wireless WLAN Card -> 
CAL -> Canon Camera Access Library -> 
CameraWindowDVC5 -> Canon Camera Window DC_DV 5 for ZoomBrowser EX -> 
CameraWindowDVC6 -> Canon Camera Window DC_DV 6 for ZoomBrowser EX -> 
CameraWindowMC -> Canon Camera Window MC 6 for ZoomBrowser EX -> 
Canon G.726 WMP-Decoder -> Canon G.726 WMP-Decoder -> 
CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1 -> Conexant D480 MDC V.9x Modem -> 
Creative Removable Disk Manager -> Creative Removable Disk Manager -> 
CSCLIB -> Canon Camera Support Core Library -> 
DivX Content Uploader -> DivX Content Uploader -> 
E0429B4C05C33DC75CE1CFFF1BAEFFAC69815744 -> Windows Driver Package - Microsoft WPD (12/01/2006 1.2.0.0) -> 
EOS Utility -> Canon Utilities EOS Utility -> 
Financial Accounting Research System -> Financial Accounting Research System -> 
Flock -> Flock (Photobucket Edition) 0.7 -> 
GhostSurf_is1 -> GhostSurf 2005 Platinum -> 
GNU Aspell_is1 -> GNU Aspell 0.50-3 -> 
HijackThis -> HijackThis 2.0.0 -> 
IDNMitigationAPIs -> Microsoft Internationalized Domain Names Mitigation APIs -> 
InstallShield_{2F8C106A-7DFC-45DE-8006-F9145AADF1D8} -> iPod Updater 2004-08-06 -> 
InstallWIX_{D0DCD54F-C829-41A5-AF32-71E632BB0E2C} -> Kaspersky Internet Security 6.0 -> 
KB835221WXP -> High Definition Audio Driver Package - KB835221 -> 
KB873339 -> Windows XP Hotfix - KB873339 -> 
KB885835 -> Windows XP Hotfix - KB885835 -> 
KB885836 -> Windows XP Hotfix - KB885836 -> 
KB885855 -> Windows XP Hotfix - KB885855 -> 
KB886185 -> Windows XP Hotfix - KB886185 -> 
KB887472 -> Windows XP Hotfix - KB887472 -> 
KB888302 -> Windows XP Hotfix - KB888302 -> 
KB890046 -> Security Update for Windows XP (KB890046) -> 
KB890859 -> Windows XP Hotfix - KB890859 -> 
KB891781 -> Windows XP Hotfix - KB891781 -> 
KB893756 -> Security Update for Windows XP (KB893756) -> 
KB893803v2 -> Windows Installer 3.1 (KB893803) -> 
KB894391 -> Update for Windows XP (KB894391) -> 
KB896256 -> Hotfix for Windows XP (KB896256) -> 
KB896358 -> Security Update for Windows XP (KB896358) -> 
KB896423 -> Security Update for Windows XP (KB896423) -> 
KB896424 -> Security Update for Windows XP (KB896424) -> 
KB896428 -> Security Update for Windows XP (KB896428) -> 
KB898461 -> Update for Windows XP (KB898461) -> 
KB899587 -> Security Update for Windows XP (KB899587) -> 
KB899591 -> Security Update for Windows XP (KB899591) -> 
KB900485 -> Update for Windows XP (KB900485) -> 
KB900725 -> Security Update for Windows XP (KB900725) -> 
KB901017 -> Security Update for Windows XP (KB901017) -> 
KB901214 -> Security Update for Windows XP (KB901214) -> 
KB902400 -> Security Update for Windows XP (KB902400) -> 
KB904706 -> Security Update for Windows XP (KB904706) -> 
KB904942 -> Update for Windows XP (KB904942) -> 
KB905414 -> Security Update for Windows XP (KB905414) -> 
KB905749 -> Security Update for Windows XP (KB905749) -> 
KB908519 -> Security Update for Windows XP (KB908519) -> 
KB908531 -> Update for Windows XP (KB908531) -> 
KB908673 -> Hotfix for Windows XP (KB908673) -> 
KB910437 -> Update for Windows XP (KB910437) -> 
KB911280 -> Update for Windows XP (KB911280) -> 
KB911562 -> Security Update for Windows XP (KB911562) ->


----------



## bimmeracer (Mar 28, 2007)

KB914440 -> Hotfix for Windows XP (KB914440) -> 
KB914642 -> Hotfix for Windows XP (KB914642) -> 
KB915865 -> Hotfix for Windows XP (KB915865) -> 
KB916595 -> Update for Windows XP (KB916595) -> 
KB917283.T1_1ToU93_1 -> Security Update for Microsoft .NET Framework 2.0 (KB917283) -> 
KB917344 -> Security Update for Windows XP (KB917344) -> 
KB917422 -> Security Update for Windows XP (KB917422) -> 
KB917953 -> Security Update for Windows XP (KB917953) -> 
KB918118 -> Security Update for Windows XP (KB918118) -> 
KB918439 -> Security Update for Windows XP (KB918439) -> 
KB918899 -> Security Update for Windows XP (KB918899) -> 
KB919007 -> Security Update for Windows XP (KB919007) -> 
KB920213 -> Security Update for Windows XP (KB920213) -> 
KB920214 -> Security Update for Windows XP (KB920214) -> 
KB920670 -> Security Update for Windows XP (KB920670) -> 
KB920683 -> Security Update for Windows XP (KB920683) -> 
KB920685 -> Security Update for Windows XP (KB920685) -> 
KB920872 -> Update for Windows XP (KB920872) -> 
KB921398 -> Security Update for Windows XP (KB921398) -> 
KB921883 -> Security Update for Windows XP (KB921883) -> 
KB922582 -> Update for Windows XP (KB922582) -> 
KB922616 -> Security Update for Windows XP (KB922616) -> 
KB922760 -> Security Update for Windows XP (KB922760) -> 
KB922770.T1_1ToU168_1 -> Security Update for Microsoft .NET Framework 2.0 (KB922770) -> 
KB922819 -> Security Update for Windows XP (KB922819) -> 
KB923191 -> Security Update for Windows XP (KB923191) -> 
KB923414 -> Security Update for Windows XP (KB923414) -> 
KB923694 -> Security Update for Windows XP (KB923694) -> 
KB923980 -> Security Update for Windows XP (KB923980) -> 
KB924191 -> Security Update for Windows XP (KB924191) -> 
KB924270 -> Security Update for Windows XP (KB924270) -> 
KB924496 -> Security Update for Windows XP (KB924496) -> 
KB924667 -> Security Update for Windows XP (KB924667) -> 
KB925398_WMP64 -> Security Update for Windows Media Player 6.4 (KB925398) -> 
KB925454 -> Security Update for Windows XP (KB925454) -> 
KB925486 -> Security Update for Windows XP (KB925486) -> 
KB926239 -> Hotfix for Windows XP (KB926239) -> 
KB926255 -> Security Update for Windows XP (KB926255) -> 
KB926436 -> Security Update for Windows XP (KB926436) -> 
KB927779 -> Security Update for Windows XP (KB927779) -> 
KB927802 -> Security Update for Windows XP (KB927802) -> 
KB928090 -> Security Update for Windows XP (KB928090) -> 
KB928255 -> Security Update for Windows XP (KB928255) -> 
KB928843 -> Security Update for Windows XP (KB928843) -> 
KB929338 -> Update for Windows XP (KB929338) -> 
KB929399 -> Hotfix for Windows Media Format 11 SDK (KB929399) -> 
KB929969 -> Security Update for Windows XP (KB929969) -> 
KB931836 -> Update for Windows XP (KB931836) -> 
Key Launcher -> Key Launcher -> 
KLiteCodecPack_is1 -> K-Lite Mega Codec Pack 1.59 -> 
LimeWire -> LimeWire PRO 4.12.3 -> 
LSX VOID 1.6 -> LSX VOID 1.6 -> 
Microsoft .NET Framework 2.0 -> Microsoft .NET Framework 2.0 -> 
MOBILedit! -> MOBILedit! 2.1 -> 
MovieEditTask -> Canon MovieEdit Task for ZoomBrowser EX -> 
Mozilla Firefox (2.0.0.2) -> Mozilla Firefox (2.0.0.2) -> 
MSCompPackV1 -> Microsoft Compression Client Pack 1.0 for Windows XP -> 
NLSDownlevelMapping -> Microsoft National Language Support Downlevel APIs -> 
Panda ActiveScan -> Panda ActiveScan -> 
PdaReach_is1 -> PdaReach 1.52.0612 -> 
PeerGuardian_is1 -> PeerGuardian 2.0 -> 
PhotoStitch -> Canon Utilities PhotoStitch -> 
Power Retouche Demo -> Power Retouche Demo -> 
Rainlendar -> Rainlendar (remove only) -> 
RAW Image Task -> Canon RAW Image Task for ZoomBrowser EX -> 
RegScrubXP_is1 -> RegScrubXP 3.25 -> 
RemoteCaptureTask -> Canon RemoteCapture Task for ZoomBrowser EX -> 
RoadRunner Mobile -> RoadRunner Mobile -> 
ShockwaveFlash -> Adobe Flash Player 9 ActiveX -> 
SpeedFan -> SpeedFan (remove only) -> 
SpeedUpMyPC_is1 -> Uniblue SpeedUpMyPC -> 
Spyware Doctor -> Spyware Doctor 4.0 -> 
ST6UNST #1 -> Playlist Update 1.04 Installation -> 
StyleXP -> StyleXP (remove only) -> 
SyncBack_is1 -> SyncBack -> 
SynTPDeinstKey -> Synaptics Pointing Device Driver -> 
SysInfo -> Creative System Information -> 
vis_MojoMaster.dllWinamp -> Mojo Master Winamp Visualizer for Winamp (remove only) -> 
WGA -> Windows Genuine Advantage Validation Tool (KB892130) -> 
WgaNotify -> Windows Genuine Advantage Notifications (KB905474) -> 
Winamp -> Winamp (remove only) -> 
Windows Media Format Runtime -> Windows Media Format 11 runtime -> 
Windows Media Player -> Windows Media Player 11 -> 
WinRAR archiver -> WinRAR archiver -> 
Winspector - Ultimate Windows Spy Utility_is1 -> Winspector -> 
WMFDist11 -> Windows Media Format 11 runtime -> 
wmp11 -> Windows Media Player 11 -> 
Wudf01000 -> Microsoft User-Mode Driver Framework Feature Pack 1.0 -> 
Yahoo! Companion -> Yahoo! Toolbar -> 
Yahoo! Customizations -> Yahoo! Browser Services -> 
Yahoo! Internet Mail -> Yahoo! Internet Mail -> 
Yahoo! Messenger -> Yahoo! Messenger -> 
Yahoo! Toolbar -> Yahoo! Toolbar -> 
YInstHelper -> Yahoo! Install Manager -> 
ZoomBrowser EX -> Canon Utilities ZoomBrowser EX -> 
< WOW Settings [HKLM] - Select to Repair > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW
cmdline -> %SystemRoot%\system32\ntvdm.exe -> 
wowcmdline -> %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386 ->

[Files/Folders - Created Within 30 days]
fixwareout -> %SystemDrive%\fixwareout -> [Folder | Created Date = 3/28/2007 11:15:25 AM | Attr = ]
found.000 -> %SystemDrive%\found.000 -> [Folder | Created Date = 3/23/2007 9:51:15 PM | Attr = HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1072746496 bytes | Created Date = 1/1/1601 5:00:00 AM | Attr = HS]
KAV -> %SystemDrive%\KAV -> [Folder | Created Date = 3/19/2007 2:30:38 AM | Attr = ]
WINFARS -> %SystemDrive%\WINFARS -> [Folder | Created Date = 3/26/2007 3:20:17 AM | Attr = ]
$NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder | Created Date = 3/14/2007 2:01:03 AM | Attr = H ]
$NtUninstallKB929399$ -> %SystemRoot%\$NtUninstallKB929399$ -> [Folder | Created Date = 3/14/2007 2:02:34 AM | Attr = H ]
KB929338.log -> %SystemRoot%\KB929338.log -> [Ver = | Size = 14635 bytes | Created Date = 3/14/2007 1:35:53 AM | Attr = ]
KB929399.log -> %SystemRoot%\KB929399.log -> [Ver = | Size = 11180 bytes | Created Date = 3/14/2007 2:02:02 AM | Attr = ]
system.tmp -> %SystemRoot%\system.tmp -> [Ver = | Size = 227 bytes | Created Date = 3/26/2007 12:54:53 AM | Attr = ]
uninst.exe -> %SystemRoot%\uninst.exe -> InstallShield Corporation, Inc. [Ver = 2.20.924.0 | Size = 299520 bytes | Created Date = 3/26/2007 3:20:04 AM | Attr = ]
WgaNotify.log -> %SystemRoot%\WgaNotify.log -> [Ver = | Size = 10053 bytes | Created Date = 3/24/2007 3:56:45 AM | Attr = ]
win.tmp -> %SystemRoot%\win.tmp -> [Ver = | Size = 730 bytes | Created Date = 3/26/2007 12:54:53 AM | Attr = ]
SyncBack Bimmeracer.job -> %SystemRoot%\tasks\SyncBack Bimmeracer.job -> [Ver = | Size = 432 bytes | Created Date = 3/25/2007 11:43:45 PM | Attr = ]
SyncBack HD.job -> %SystemRoot%\tasks\SyncBack HD.job -> [Ver = | Size = 416 bytes | Created Date = 3/26/2007 3:14:42 AM | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Created Date = 3/28/2007 7:39:44 PM | Attr = ]
asfiles.txt -> %System32%\asfiles.txt -> [Ver = | Size = 0 bytes | Created Date = 3/28/2007 7:45:26 PM | Attr = ]
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 3/28/2007 7:40:35 PM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 3/28/2007 7:39:54 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 135168 bytes | Created Date = 3/31/2007 6:20:59 PM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 69632 bytes | Created Date = 3/31/2007 6:20:59 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 135168 bytes | Created Date = 3/31/2007 6:20:59 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 139264 bytes | Created Date = 3/31/2007 6:20:59 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 3/28/2007 7:39:52 PM | Attr = ]
pxafs.dll -> %System32%\pxafs.dll -> Sonic Solutions [Ver = 3.4.46.500 | Size = 129784 bytes | Created Date = 3/27/2007 10:02:25 PM | Attr = ]
pxsfs.dll -> %System32%\pxsfs.dll -> Sonic Solutions [Ver = 3.4.46.500 | Size = 1329912 bytes | Created Date = 3/27/2007 10:02:25 PM | Attr = ]
spmsg.dll -> %System32%\spmsg.dll -> Microsoft Corporation [Ver = 6.3.0003.0 built by: dnsrv | Size = 14640 bytes | Created Date = 3/25/2007 4:09:27 AM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 3/28/2007 7:39:54 PM | Attr = ]
WgaLogon.dll -> %System32%\WgaLogon.dll -> Microsoft Corporation [Ver = 1.7.0018.5 | Size = 236928 bytes | Created Date = 3/15/2007 5:16:42 PM | Attr = ]
WgaTray.exe -> %System32%\WgaTray.exe -> Microsoft Corporation [Ver = 1.7.0018.5 | Size = 336768 bytes | Created Date = 3/15/2007 5:17:08 PM | Attr = ]
ZPORT4AS.dll -> %System32%\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 3/28/2007 7:40:35 PM | Attr = ]
WgaLogon.dll -> %System32%\dllcache\WgaLogon.dll -> Microsoft Corporation [Ver = 1.7.0018.5 | Size = 236928 bytes | Created Date = 3/15/2007 5:16:42 PM | Attr = ]
WgaTray.exe -> %System32%\dllcache\WgaTray.exe -> Microsoft Corporation [Ver = 1.7.0018.5 | Size = 336768 bytes | Created Date = 3/15/2007 5:17:08 PM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 3/28/2007 6:32:22 PM | Attr = ]
cdr4_xp.sys -> %System32%\drivers\cdr4_xp.sys -> Sonic Solutions [Ver = 8.0.0.212 | Size = 2432 bytes | Created Date = 3/27/2007 10:02:26 PM | Attr = ]
cdralw2k.sys -> %System32%\drivers\cdralw2k.sys -> Sonic Solutions [Ver = 8.0.0.212 | Size = 2560 bytes | Created Date = 3/27/2007 10:02:26 PM | Attr = ]
fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 5596448 bytes | Created Date = 3/19/2007 3:23:27 AM | Attr = HS]
fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 71828 bytes | Created Date = 3/19/2007 3:23:27 AM | Attr = HS]
fidbox2.dat -> %System32%\drivers\fidbox2.dat -> [Ver = | Size = 78112 bytes | Created Date = 3/19/2007 3:23:27 AM | Attr = HS]
fidbox2.idx -> %System32%\drivers\fidbox2.idx -> [Ver = | Size = 7916 bytes | Created Date = 3/19/2007 3:23:27 AM | Attr = HS]
ikhfile.sys -> %System32%\drivers\ikhfile.sys -> PCTools Research Pty Ltd. [Ver = 3, 6, 1, 2014 | Size = 30592 bytes | Created Date = 3/20/2007 1:28:43 AM | Attr = ]
ikhlayer.sys -> %System32%\drivers\ikhlayer.sys -> PCTools Research Pty Ltd. [Ver = 3, 6, 1, 2011 | Size = 51072 bytes | Created Date = 3/20/2007 1:28:39 AM | Attr = ]
klick.dat -> %System32%\drivers\klick.dat -> [Ver = | Size = 75932 bytes | Created Date = 3/19/2007 3:23:47 AM | Attr = ]
klin.dat -> %System32%\drivers\klin.dat -> [Ver = | Size = 74396 bytes | Created Date = 3/19/2007 3:23:47 AM | Attr = ]
Kaspersky Lab -> %AllUsersAppData%\Kaspersky Lab -> [Folder | Created Date = 3/19/2007 3:23:30 AM | Attr = ]
TEMP -> %AllUsersAppData%\TEMP -> [Folder | Created Date = 3/19/2007 2:38:24 AM | Attr = ]
@Alternate Data Stream - 118 bytes -> %AllUsersAppData%\TEMPFC5A2B2 -> 
Uniblue -> %UserAppData%\Uniblue -> [Folder | Created Date = 3/19/2007 3:30:27 AM | Attr = ]
k.txt -> %UserDocuments%\k.txt -> [Ver = | Size = 381959 bytes | Created Date = 3/19/2007 4:54:47 AM | Attr = ]
My Favorite Theme.theme -> %UserDocuments%\My Favorite Theme.theme -> [Ver = | Size = 5931 bytes | Created Date = 3/19/2007 2:50:26 AM | Attr = ]
amended.wpd -> %UserDesktop%\amended.wpd -> [Ver = | Size = 41456 bytes | Created Date = 3/28/2007 1:17:01 AM | Attr = ]
arcadereality.prc -> %UserDesktop%\arcadereality.prc -> [Ver = | Size = 774152 bytes | Created Date = 4/2/2007 2:51:30 PM | Attr = ]
hijackthis.log -> %UserDesktop%\hijackthis.log -> [Ver = | Size = 7681 bytes | Created Date = 3/27/2007 9:26:48 PM | Attr = ]
jre-6-windows-i586.exe -> %UserDesktop%\jre-6-windows-i586.exe -> [Ver = | Size = 13170312 bytes | Created Date = 3/31/2007 6:17:10 PM | Attr = ]
kgt+52b5.prc -> %UserDesktop%\kgt+52b5.prc -> [Ver = | Size = 106633 bytes | Created Date = 4/2/2007 2:50:53 PM | Attr = ]
LimeWire PRO 4.12.3.lnk -> %UserDesktop%\LimeWire PRO 4.12.3.lnk -> [Ver = | Size = 1588 bytes | Created Date = 3/17/2007 12:14:07 PM | Attr = ]
reggaepicksofthemonth.torrent -> %UserDesktop%\reggaepicksofthemonth.torrent -> [Ver = | Size = 34862 bytes | Created Date = 4/2/2007 2:24:11 AM | Attr = ]
screens.rar -> %UserDesktop%\screens.rar -> [Ver = | Size = 46279009 bytes | Created Date = 3/30/2007 3:07:19 AM | Attr = ]
Shortcut to swdoctor.lnk -> %UserDesktop%\Shortcut to swdoctor.lnk -> [Ver = | Size = 724 bytes | Created Date = 3/26/2007 2:06:12 AM | Attr = ]
StartupList.exe -> %UserDesktop%\StartupList.exe -> Soeperman Enterprises Ltd. [Ver = 2.02 | Size = 167936 bytes | Created Date = 3/26/2007 12:48:55 AM | Attr = ]
straightfromtheyard5.torrent -> %UserDesktop%\straightfromtheyard5.torrent -> [Ver = | Size = 48104 bytes | Created Date = 4/2/2007 2:23:47 AM | Attr = ]
vbcheck.exe -> %UserDesktop%\vbcheck.exe -> PC Tools [Ver = 2.0.0.0 | Size = 676864 bytes | Created Date = 3/19/2007 3:58:40 AM | Attr = ]
whenreggaewasda****3.torrent -> %UserDesktop%\whenreggaewasda****3.torrent -> [Ver = | Size = 17556 bytes | Created Date = 4/2/2007 2:23:23 AM | Attr = ]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 3/24/2007 12:41:14 PM | Attr = HS]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 3/21/2007 1:31:38 AM | Attr = ]
fixwareout -> %SystemDrive%\fixwareout -> [Folder | Modified Date = 3/28/2007 12:19:28 PM | Attr = ]
found.000 -> %SystemDrive%\found.000 -> [Folder | Modified Date = 3/23/2007 10:51:16 PM | Attr = HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1072746496 bytes | Modified Date = 4/2/2007 3:08:48 PM | Attr = HS]
KAV -> %SystemDrive%\KAV -> [Folder | Modified Date = 3/19/2007 3:30:40 AM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 4/2/2007 10:42:08 PM | Attr = ]
TEST.XML -> %SystemDrive%\TEST.XML -> [Ver = | Size = 45 bytes | Modified Date = 3/13/2007 2:36:56 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 4/2/2007 10:54:24 PM | Attr = ]
WINFARS -> %SystemDrive%\WINFARS -> [Folder | Modified Date = 3/28/2007 7:41:16 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 3/14/2007 2:36:02 AM | Attr = H ]
$NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder | Modified Date = 3/14/2007 3:01:06 AM | Attr = H ]
$NtUninstallKB929399$ -> %SystemRoot%\$NtUninstallKB929399$ -> [Folder | Modified Date = 3/14/2007 3:02:36 AM | Attr = H ]
0.log -> %SystemRoot%\0.log -> [Ver = | Size = 0 bytes | Modified Date = 4/2/2007 3:10:42 PM | Attr = ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 3/28/2007 9:48:00 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 4/2/2007 3:08:52 PM | Attr = S]
comsetup.log -> %SystemRoot%\comsetup.log -> [Ver = | Size = 211727 bytes | Modified Date = 3/21/2007 1:24:02 AM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 3/28/2007 9:49:48 PM | Attr = S]
FaxSetup.log -> %SystemRoot%\FaxSetup.log -> [Ver = | Size = 610521 bytes | Modified Date = 3/21/2007 1:24:00 AM | Attr = ]
iis6.log -> %SystemRoot%\iis6.log -> [Ver = | Size = 96008 bytes | Modified Date = 3/21/2007 1:24:02 AM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 3/14/2007 3:02:38 AM | Attr = ]
imsins.log -> %SystemRoot%\imsins.log -> [Ver = | Size = 1917 bytes | Modified Date = 3/21/2007 1:24:00 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 3/28/2007 8:40:48 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 4/2/2007 9:59:28 PM | Attr = HS]
Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 3/19/2007 4:54:40 AM | Attr = ]
KB926239.log -> %SystemRoot%\KB926239.log -> [Ver = | Size = 15859 bytes | Modified Date = 3/25/2007 5:10:44 AM | Attr = ]
KB926436.log -> %SystemRoot%\KB926436.log -> [Ver = | Size = 26817 bytes | Modified Date = 3/24/2007 4:53:28 AM | Attr = ]
KB929338.log -> %SystemRoot%\KB929338.log -> [Ver = | Size = 14635 bytes | Modified Date = 3/14/2007 3:01:16 AM | Attr = ]
KB929399.log -> %SystemRoot%\KB929399.log -> [Ver = | Size = 11180 bytes | Modified Date = 3/14/2007 3:02:38 AM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 3/19/2007 5:05:58 AM | Attr = ]
MSCompPackV1.log -> %SystemRoot%\MSCompPackV1.log -> [Ver = | Size = 14027 bytes | Modified Date = 3/25/2007 5:09:30 AM | Attr = ]
msgsocm.log -> %SystemRoot%\msgsocm.log -> [Ver = | Size = 31273 bytes | Modified Date = 3/21/2007 1:24:00 AM | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 3/31/2007 6:35:48 AM | Attr = ]
ntbtlog.txt -> %SystemRoot%\ntbtlog.txt -> [Ver = | Size = 1175942 bytes | Modified Date = 3/28/2007 7:42:20 PM | Attr = ]
ntdtcsetup.log -> %SystemRoot%\ntdtcsetup.log -> [Ver = | Size = 128040 bytes | Modified Date = 3/21/2007 1:24:02 AM | Attr = ]
ocgen.log -> %SystemRoot%\ocgen.log -> [Ver = | Size = 308809 bytes | Modified Date = 3/21/2007 1:24:00 AM | Attr = ]
ocmsn.log -> %SystemRoot%\ocmsn.log -> [Ver = | Size = 34045 bytes | Modified Date = 3/21/2007 1:24:00 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 3/28/2007 9:53:20 PM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 3/19/2007 12:22:22 AM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 3/18/2007 11:32:10 PM | Attr = ]
SchedLgU.Txt -> %SystemRoot%\SchedLgU.Txt -> [Ver = | Size = 32654 bytes | Modified Date = 4/2/2007 3:28:00 AM | Attr = ]
setupapi.log -> %SystemRoot%\setupapi.log -> [Ver = | Size = 1022931 bytes | Modified Date = 4/1/2007 1:33:54 PM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 3/28/2007 9:53:40 PM | Attr = ]
spupdsvc.log -> %SystemRoot%\spupdsvc.log -> [Ver = | Size = 52723 bytes | Modified Date = 3/25/2007 12:44:28 PM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 3/19/2007 3:52:56 AM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 3/24/2007 12:41:14 PM | Attr = ]
system.tmp -> %SystemRoot%\system.tmp -> [Ver = | Size = 227 bytes | Modified Date = 3/24/2007 12:41:14 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 3/31/2007 7:21:00 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 3/26/2007 4:14:44 AM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 4/2/2007 10:52:58 PM | Attr = ]
tsoc.log -> %SystemRoot%\tsoc.log -> [Ver = | Size = 240296 bytes | Modified Date = 3/21/2007 1:24:00 AM | Attr = ]
WgaNotify.log -> %SystemRoot%\WgaNotify.log -> [Ver = | Size = 10053 bytes | Modified Date = 3/24/2007 5:05:00 AM | Attr = ]
wiadebug.log -> %SystemRoot%\wiadebug.log -> [Ver = | Size = 159 bytes | Modified Date = 4/2/2007 3:10:34 PM | Attr = ]
wiaservc.log -> %SystemRoot%\wiaservc.log -> [Ver = | Size = 48 bytes | Modified Date = 4/2/2007 3:09:06 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 789 bytes | Modified Date = 3/28/2007 8:45:18 PM | Attr = ]
win.tmp -> %SystemRoot%\win.tmp -> [Ver = | Size = 730 bytes | Modified Date = 3/24/2007 12:41:14 PM | Attr = ]
winamp.ini -> %SystemRoot%\winamp.ini -> [Ver = | Size = 1065 bytes | Modified Date = 4/1/2007 10:32:36 PM | Attr = ]
WindowsUpdate.log -> %SystemRoot%\WindowsUpdate.log -> [Ver = | Size = 1078067 bytes | Modified Date = 4/2/2007 3:09:08 PM | Attr = ]
WMFDist11.log -> %SystemRoot%\WMFDist11.log -> [Ver = | Size = 105411 bytes | Modified Date = 3/25/2007 4:40:14 AM | Attr = ]
wmp11.log -> %SystemRoot%\wmp11.log -> [Ver = | Size = 46930 bytes | Modified Date = 3/25/2007 4:54:14 AM | Attr = ]
wmsetup.log -> %SystemRoot%\wmsetup.log -> [Ver = | Size = 103954 bytes | Modified Date = 3/25/2007 5:11:16 AM | Attr = ]
wmsetup10.log -> %SystemRoot%\wmsetup10.log -> [Ver = | Size = 27482 bytes | Modified Date = 3/25/2007 5:11:10 AM | Attr = ]
Wudf01000Inst.log -> %SystemRoot%\Wudf01000Inst.log -> [Ver = | Size = 23692 bytes | Modified Date = 3/25/2007 4:11:28 AM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 3/18/2007 5:51:02 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 4/2/2007 3:09:02 PM | Attr = H ]
SyncBack Bimmeracer.job -> %SystemRoot%\tasks\SyncBack Bimmeracer.job -> [Ver = | Size = 432 bytes | Modified Date = 3/26/2007 11:12:00 AM | Attr = ]
SyncBack HD.job -> %SystemRoot%\tasks\SyncBack HD.job -> [Ver = | Size = 416 bytes | Modified Date = 3/26/2007 11:11:30 AM | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 3/28/2007 9:53:44 PM | Attr = ]
amcompat.tlb -> %System32%\amcompat.tlb -> [Ver = | Size = 16832 bytes | Modified Date = 3/25/2007 4:49:50 AM | Attr = ]
asfiles.txt -> %System32%\asfiles.txt -> [Ver = | Size = 0 bytes | Modified Date = 3/28/2007 8:45:28 PM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 3/25/2007 5:10:12 AM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 4/2/2007 3:11:08 PM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 3/28/2007 9:54:08 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 3/26/2007 4:20:32 AM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 3/28/2007 9:55:34 PM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 3/28/2007 8:39:56 PM | Attr = ]
ias -> %System32%\ias -> [Folder | Modified Date = 4/2/2007 3:10:44 PM | Attr = ]
ikhcore.log -> %System32%\ikhcore.log -> [Ver = | Size = 2251051 bytes | Modified Date = 4/2/2007 3:08:46 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 135168 bytes | Modified Date = 3/31/2007 7:20:10 PM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 69632 bytes | Modified Date = 3/31/2007 7:20:10 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 135168 bytes | Modified Date = 3/31/2007 7:20:10 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 139264 bytes | Modified Date = 3/31/2007 7:20:10 PM | Attr = ]
LegitCheckControl.dll -> %System32%\LegitCheckControl.dll -> Microsoft Corporation [Ver = 1.7.0018.5 | Size = 1476992 bytes | Modified Date = 3/15/2007 6:19:28 PM | Attr = ]
MRT.exe -> %System32%\MRT.exe -> Microsoft Corporation [Ver = 1.27.1648.0 | Size = 12619736 bytes | Modified Date = 3/7/2007 4:36:32 PM | Attr = ]
nscompat.tlb -> %System32%\nscompat.tlb -> [Ver = | Size = 23392 bytes | Modified Date = 3/25/2007 4:49:50 AM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 3/28/2007 8:39:56 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 62688 bytes | Modified Date = 3/11/2007 4:47:38 AM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 401192 bytes | Modified Date = 3/11/2007 4:47:38 AM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 470828 bytes | Modified Date = 3/11/2007 4:47:38 AM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 3/18/2007 11:31:42 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 3/28/2007 8:39:56 PM | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 3/28/2007 9:56:40 PM | Attr = ]
WgaLogon.dll -> %System32%\WgaLogon.dll -> Microsoft Corporation [Ver = 1.7.0018.5 | Size = 236928 bytes | Modified Date = 3/15/2007 6:16:42 PM | Attr = ]
WgaTray.exe -> %System32%\WgaTray.exe -> Microsoft Corporation [Ver = 1.7.0018.5 | Size = 336768 bytes | Modified Date = 3/15/2007 6:17:08 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 4/2/2007 3:10:56 PM | Attr = ]
ZoneLabs -> %System32%\ZoneLabs -> [Folder | Modified Date = 3/19/2007 3:56:38 AM | Attr = ]
WgaLogon.dll -> %System32%\dllcache\WgaLogon.dll -> Microsoft Corporation [Ver = 1.7.0018.5 | Size = 236928 bytes | Modified Date = 3/15/2007 6:16:42 PM | Attr = ]
WgaTray.exe -> %System32%\dllcache\WgaTray.exe -> Microsoft Corporation [Ver = 1.7.0018.5 | Size = 336768 bytes | Modified Date = 3/15/2007 6:17:08 PM | Attr = ]
fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 5596448 bytes | Modified Date = 4/2/2007 10:47:22 PM | Attr = HS]
fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 71828 bytes | Modified Date = 4/2/2007 3:28:04 AM | Attr = HS]
fidbox2.dat -> %System32%\drivers\fidbox2.dat -> [Ver = | Size = 78112 bytes | Modified Date = 4/2/2007 10:47:38 PM | Attr = HS]
fidbox2.idx -> %System32%\drivers\fidbox2.idx -> [Ver = | Size = 7916 bytes | Modified Date = 4/2/2007 3:28:04 AM | Attr = HS]
klick.dat -> %System32%\drivers\klick.dat -> [Ver = | Size = 75932 bytes | Modified Date = 3/19/2007 4:31:14 AM | Attr = ]
klin.dat -> %System32%\drivers\klin.dat -> [Ver = | Size = 74396 bytes | Modified Date = 3/19/2007 4:31:14 AM | Attr = ]
avg7 -> %AllUsersAppData%\avg7 -> [Folder | Modified Date = 3/19/2007 3:52:54 AM | Attr = ]
Kaspersky Lab -> %AllUsersAppData%\Kaspersky Lab -> [Folder | Modified Date = 4/2/2007 3:10:56 PM | Attr = ]
TEMP -> %AllUsersAppData%\TEMP -> [Folder | Modified Date = 3/26/2007 3:01:38 AM | Attr = ]
@Alternate Data Stream - 118 bytes -> %AllUsersAppData%\TEMPFC5A2B2 -> 
Viewpoint -> %AllUsersAppData%\Viewpoint -> [Folder | Modified Date = 3/31/2007 1:46:06 PM | Attr = ]
AdobeUM -> %UserAppData%\AdobeUM -> [Folder | Modified Date = 3/16/2007 6:23:48 AM | Attr = ]
Microsoft -> %UserAppData%\Microsoft -> [Folder | Modified Date = 3/19/2007 3:52:22 AM | Attr = S]
Uniblue -> %UserAppData%\Uniblue -> [Folder | Modified Date = 3/27/2007 3:10:08 AM | Attr = ]
uTorrent -> %UserAppData%\uTorrent -> [Folder | Modified Date = 4/2/2007 10:54:36 PM | Attr = ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 118784 bytes | Modified Date = 3/30/2007 4:06:00 AM | Attr = ]
Microsoft -> %LocalAppData%\Microsoft -> [Folder | Modified Date = 3/27/2007 12:45:06 AM | Attr = ]
My Music -> %AllUsersDocuments%\My Music -> [Folder | Modified Date = 3/25/2007 4:40:20 AM | Attr = R ]
BMW Files -> %UserDocuments%\BMW Files -> [Folder | Modified Date = 3/28/2007 3:53:54 PM | Attr = ]
Downloads -> %UserDocuments%\Downloads -> [Folder | Modified Date = 4/2/2007 10:35:34 PM | Attr = ]
k.txt -> %UserDocuments%\k.txt -> [Ver = | Size = 381959 bytes | Modified Date = 3/19/2007 5:54:56 AM | Attr = ]
Mine -> %UserDocuments%\Mine -> [Folder | Modified Date = 3/26/2007 4:21:38 AM | Attr = ]
My Favorite Theme.theme -> %UserDocuments%\My Favorite Theme.theme -> [Ver = | Size = 5931 bytes | Modified Date = 3/19/2007 3:50:28 AM | Attr = ]
My Music -> %UserDocuments%\My Music -> [Folder | Modified Date = 4/1/2007 1:59:48 PM | Attr = R ]
My Pictures -> %UserDocuments%\My Pictures -> [Folder | Modified Date = 3/24/2007 12:51:22 PM | Attr = R ]
My Videos -> %UserDocuments%\My Videos -> [Folder | Modified Date = 3/26/2007 5:37:12 PM | Attr = R ]
School -> %UserDocuments%\School -> [Folder | Modified Date = 3/26/2007 4:21:18 AM | Attr = ]
amended.wpd -> %UserDesktop%\amended.wpd -> [Ver = | Size = 41456 bytes | Modified Date = 3/28/2007 2:17:06 AM | Attr = ]
arcadereality.prc -> %UserDesktop%\arcadereality.prc -> [Ver = | Size = 774152 bytes | Modified Date = 4/2/2007 3:51:32 PM | Attr = ]
hijackthis.log -> %UserDesktop%\hijackthis.log -> [Ver = | Size = 7681 bytes | Modified Date = 3/31/2007 1:49:58 PM | Attr = ]
jre-6-windows-i586.exe -> %UserDesktop%\jre-6-windows-i586.exe -> [Ver = | Size = 13170312 bytes | Modified Date = 3/31/2007 7:18:44 PM | Attr = ]
kgt+52b5.prc -> %UserDesktop%\kgt+52b5.prc -> [Ver = | Size = 106633 bytes | Modified Date = 4/2/2007 3:50:54 PM | Attr = ]


----------



## bimmeracer (Mar 28, 2007)

.3.lnk -> [Ver = | Size = 1588 bytes | Modified Date = 3/17/2007 1:14:08 PM | Attr = ]
reggaepicksofthemonth.torrent -> %UserDesktop%\reggaepicksofthemonth.torrent -> [Ver = | Size = 34862 bytes | Modified Date = 4/2/2007 3:24:12 AM | Attr = ]
screens.rar -> %UserDesktop%\screens.rar -> [Ver = | Size = 46279009 bytes | Modified Date = 3/30/2007 4:13:44 AM | Attr = ]
Shortcut to swdoctor.lnk -> %UserDesktop%\Shortcut to swdoctor.lnk -> [Ver = | Size = 724 bytes | Modified Date = 3/26/2007 3:06:54 AM | Attr = ]
straightfromtheyard5.torrent -> %UserDesktop%\straightfromtheyard5.torrent -> [Ver = | Size = 48104 bytes | Modified Date = 4/2/2007 3:23:48 AM | Attr = ]
vbcheck.exe -> %UserDesktop%\vbcheck.exe -> PC Tools [Ver = 2.0.0.0 | Size = 676864 bytes | Modified Date = 3/19/2007 4:58:42 AM | Attr = ]
whenreggaewasda****3.torrent -> %UserDesktop%\whenreggaewasda****3.torrent -> [Ver = | Size = 17556 bytes | Modified Date = 4/2/2007 3:23:24 AM | Attr = ]
Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Modified Date = 3/19/2007 12:14:16 AM | Attr = ]

[File String Scan - All]
aspack , -> %System32%\d3dx9_28.dll -> Microsoft Corporation [Ver = 9.10.455.0000 | Size = 2323664 bytes | Modified Date = 12/5/2005 6:09:18 PM | Attr = ]
aspack , -> %System32%\d3dx9_30.dll -> Microsoft Corporation [Ver = 9.12.589.0000 | Size = 2388176 bytes | Modified Date = 3/31/2006 12:40:58 PM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.5.0.53 | Size = 639066 bytes | Modified Date = 2/23/2007 12:25:20 AM | Attr = ]
Thawte Consulting , USERTRUST , -> %System32%\initpki.dll -> Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 147456 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
PTech , -> %System32%\LegitCheckControl.dll -> Microsoft Corporation [Ver = 1.7.0018.5 | Size = 1476992 bytes | Modified Date = 3/15/2007 6:19:28 PM | Attr = ]
PECompact2 , aspack , -> %System32%\MRT.exe -> Microsoft Corporation [Ver = 1.27.1648.0 | Size = 12619736 bytes | Modified Date = 3/7/2007 4:36:32 PM | Attr = ]
aspack , -> %System32%\ntdll.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 708096 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
WSUD , -> %System32%\nusrmgr.cpl -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
Umonitor , -> %System32%\rasdlg.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 657920 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
UPX! , UPX0 , -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Modified Date = 4/27/2006 5:49:30 PM | Attr = ]
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Modified Date = 8/29/2006 7:43:54 PM | Attr = ]
UPX! , UPX0 , -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Modified Date = 1/9/2006 10:36:06 AM | Attr = ]
Umonitor , -> %System32%\Touchkit_reg.ini -> [Ver = | Size = 1108 bytes | Modified Date = 9/25/2006 5:17:12 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
PTech , -> %System32%\WgaTray.exe -> Microsoft Corporation [Ver = 1.7.0018.5 | Size = 336768 bytes | Modified Date = 3/15/2007 6:17:08 PM | Attr = ]
PEC2 , WSUD , -> %System32%\wmploc.dll -> Microsoft Corporation [Ver = 11.0.5721.5145 (WMP_11.061018-2006) | Size = 8231936 bytes | Modified Date = 10/18/2006 9:47:20 PM | Attr = ]
UPX! , -> %System32%\dllcache\hwxcht.dll -> Microsoft Corporation [Ver = 1.0.0304.0 | Size = 10096640 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
UPX! , WSUD , -> %System32%\dllcache\hwxkor.dll -> Microsoft Corporation [Ver = 1.0.1038.0 | Size = 10129408 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
Thawte Consulting , USERTRUST , -> %System32%\dllcache\initpki.dll -> Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 147456 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
aspack , -> %System32%\dllcache\ntdll.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 708096 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
WSUD , -> %System32%\dllcache\nusrmgr.cpl -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
Umonitor , -> %System32%\dllcache\rasdlg.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 657920 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
PTech , -> %System32%\dllcache\WgaTray.exe -> Microsoft Corporation [Ver = 1.7.0018.5 | Size = 336768 bytes | Modified Date = 3/15/2007 6:17:08 PM | Attr = ]
PEC2 , WSUD , -> %System32%\dllcache\wmploc.dll -> Microsoft Corporation [Ver = 11.0.5721.5145 (WMP_11.061018-2006) | Size = 8231936 bytes | Modified Date = 10/18/2006 10:47:20 PM | Attr = ]
@Alternate Data Stream - 118 bytes -> %AllUsersAppData%\TEMPFC5A2B2 -> 
aspack , -> %UserDocuments%\k.txt -> [Ver = | Size = 381959 bytes | Modified Date = 3/19/2007 5:54:56 AM | Attr = ]
WSUD , -> %UserDesktop%\screens.rar -> [Ver = | Size = 46279009 bytes | Modified Date = 3/30/2007 4:13:44 AM | Attr = ]
UPX! , UPX0 , -> %UserDesktop%\StartupList.exe -> Soeperman Enterprises Ltd. [Ver = 2.02 | Size = 167936 bytes | Modified Date = 10/16/2006 7:12:20 PM | Attr = ]

*< End of report >*


----------



## bimmeracer (Mar 28, 2007)

ttt


----------



## Cookiegal (Aug 27, 2003)

Go *here* and do the BitDefender online virus scan.

Click "I Agree" to agree to the EULA.
Allow the ActiveX control to install when prompted.
Click "Click here to scan" to begin the scan.
Please refrain from using the computer until the scan is finished.
When the scan is finished, click on "Click here to export the scan results"
Save the report to your desktop then come back here and *attach* it to your next reply along with a new Hijack This log..

*Note:* You have to use Internet Explorer to do the online scan.


----------



## bimmeracer (Mar 28, 2007)

wow that program is taken long. 2.5 hours gone by and 6 more to go. 
Do you think this will help with the missing files?
according to the file I just posted the following files are missing;
-> %System32%\appmgmts.dll [AppMgmt] -> File not found
-> %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll [helpsvc] -> File not found
-> %System32%\hidserv.dll [HidServ] -> File not found
C:\WINDOWS\System32\bcmwltry.exe -> File not found
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found
(Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found
....
etc.

thanks


----------



## bimmeracer (Mar 28, 2007)

I finished running bitdefender and the it will not allow me to open the report file. But and the end of the scan, it said 0 errors/viruses dectected.


----------



## bimmeracer (Mar 28, 2007)

daily bump for some help.


----------



## Cookiegal (Aug 27, 2003)

Do you have your XP CD? I'd like to run the system file checker.


----------



## bimmeracer (Mar 28, 2007)

I do.


----------



## Cookiegal (Aug 27, 2003)

Go to the Run box on the Start Menu and type in:

*sfc /scannow*

This command will immediately initiate the Windows File Protection service to scan all protected files and verify their integrity, replacing any files with which it finds a problem. You may be prompted to insert the CD.


----------



## bimmeracer (Mar 28, 2007)

I did this earlier, and nothing happened when it was done. 
am i suppose to do something after?


----------



## Cookiegal (Aug 27, 2003)

You did this earlier on your own? Are you sure you typed the command correctly? Did it prompt for the CD or replace any files?


----------



## bimmeracer (Mar 28, 2007)

yup, I was searching around on google and came across a site that said to do it. I typed the command and then it said to insert the cd. After I did that the, I had a screen that said windows is checking your files. after awhile when that was done, it just dissapeared and nothing happened.


----------



## Cookiegal (Aug 27, 2003)

OK, then. Since doing that, please run WinpFind3u again and post the log.


----------



## bimmeracer (Mar 28, 2007)

would you prefer me to email you the notepad file since its 400000 characters long and would require 13 post?
Thanks
Chad P.


----------



## Cookiegal (Aug 27, 2003)

You can upload it as an attachment by click on "manage attachments" below the reply screen and then "browse" to the file on your computer and "upload" it and then submit your reply.


----------



## bimmeracer (Mar 28, 2007)

attached. 

WinPFind3 logfile created on: 4/8/2007 2:04:37 AM
WinPFind3U by OldTimer - Version 1.0.33	Folder = C:\Program Files\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

1022.98 Mb Total Physical Memory | 665.88 Mb Available Physical Memory | 65.09% Memory free
1.28 Gb Paging File | 1.04 Gb Available in Paging File | 81.56% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 31.74 Gb Free Space | 42.59% Space Free
Drive D: | 562.22 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free
Drive E: | 581.17 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free
F: Drive not present or media not loaded

Computer Name: BIMMERACER
Current User Name: Chad P
Logged in as Administrator.
Current Boot Mode: Normal

[Processes - All]
smss.exe -> %System32%\smss.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 50688 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
csrss.exe -> %System32%\csrss.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6144 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
winlogon.exe -> %System32%\winlogon.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 502272 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
services.exe -> %System32%\services.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 108032 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
lsass.exe -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> [Ver = | Size = 323584 bytes | Modified Date = 7/29/2003 2:11:36 PM | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\rpcss.dll [DcomLaunch] -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:50 AM | Attr = ]
-> %System32%\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 295424 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 295424 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\rpcss.dll [RpcSs] -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:50 AM | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\appmgmts.dll [AppMgmt] -> File not found
-> %System32%\audiosrv.dll [AudioSrv] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 42496 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\qmgr.dll [BITS] -> Microsoft Corporation [Ver = 6.6.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 382464 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\browser.dll [Browser] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 77312 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\cryptsvc.dll [CryptSvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 60416 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\dhcpcsvc.dll [Dhcp] -> Microsoft Corporation [Ver = 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003) | Size = 111616 bytes | Modified Date = 5/19/2006 8:59:42 AM | Attr = ]
-> %System32%\dmserver.dll [dmserver] -> Microsoft Corp. [Ver = 2600.2180.503.0 | Size = 23552 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\ersvc.dll [ERSvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 23040 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\es.dll [EventSystem] -> Microsoft Corporation [Ver = 2001.12.4414.308 | Size = 243200 bytes | Modified Date = 7/26/2005 12:39:46 AM | Attr = ]
-> %System32%\shsvcs.dll [FastUserSwitchingCompatibility] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 12/19/2006 5:52:18 PM | Attr = ]
-> %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll [helpsvc] -> File not found
-> %System32%\hidserv.dll [HidServ] -> File not found
-> %System32%\srvsvc.dll [lanmanserver] -> Microsoft Corporation [Ver = 5.1.2600.2577 (xpsp_sp2_gdr.041130-1729) | Size = 96768 bytes | Modified Date = 12/7/2004 3:32:34 PM | Attr = ]
-> %System32%\wkssvc.dll [lanmanworkstation] -> Microsoft Corporation [Ver = 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106) | Size = 132096 bytes | Modified Date = 8/17/2006 8:28:28 AM | Attr = ]
-> %System32%\msgsvc.dll [Messenger] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33792 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\netman.dll [Netman] -> Microsoft Corporation [Ver = 5.1.2600.2743 (xpsp_sp2_gdr.050819-1525) | Size = 197632 bytes | Modified Date = 8/22/2005 2:29:46 PM | Attr = ]
-> %System32%\mswsock.dll [Nla] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\ntmssvc.dll [NtmsSvc] -> Microsoft Corporation [Ver = 5.1.2400.2180 | Size = 435200 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\rasauto.dll [RasAuto] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 89088 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\rasmans.dll [RasMan] -> Microsoft Corporation [Ver = 5.1.2600.2936 (xpsp_sp2_gdr.060621-2347) | Size = 181248 bytes | Modified Date = 6/22/2006 6:47:18 AM | Attr = ]
-> %System32%\mprdim.dll [RemoteAccess] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 49152 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\schedsvc.dll [Schedule] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 190976 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\seclogon.dll [seclogon] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 18944 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\sens.dll [SENS] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 38912 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\ipnathlp.dll [SharedAccess] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\shsvcs.dll [ShellHWDetection] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 12/19/2006 5:52:18 PM | Attr = ]
-> %System32%\srsvc.dll [srservice] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 170496 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\tapisrv.dll [TapiSrv] -> Microsoft Corporation [Ver = 5.1.2600.2716 (xpsp_sp2_gdr.050707-1657) | Size = 249344 bytes | Modified Date = 7/8/2005 12:27:56 PM | Attr = ]
-> %System32%\shsvcs.dll [Themes] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 12/19/2006 5:52:18 PM | Attr = ]
-> %System32%\trkwks.dll [TrkWks] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 90624 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\w32time.dll [W32Time] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 174592 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\wbem\WMIsvc.dll [winmgmt] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 144896 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\MsPMSNSv.dll [WmdmPmSN] -> Microsoft Corporation [Ver = 11.0.5721.5145 | Size = 27136 bytes | Modified Date = 10/18/2006 10:47:16 PM | Attr = ]
-> %System32%\wscsvc.dll [wscsvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 81408 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\wuauserv.dll [wuauserv] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\wzcsvc.dll [WZCSVC] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 359936 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\xmlprov.dll [xmlprov] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K WUDFSERVICEGROUP] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\WUDFSvc.dll [WudfSvc] -> Microsoft Corporation [Ver = 6.0.5716.32 (winmain(wmbla).060928-1756) | Size = 55808 bytes | Modified Date = 9/28/2006 7:56:14 PM | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\dnsrslvr.dll [Dnscache] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 45568 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\alrsvc.dll [Alerter] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 17408 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\lmhsvc.dll [LmHosts] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13824 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\ssdpsrv.dll [SSDPSRV] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 71680 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\upnphost.dll [upnphost] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 185344 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\webclnt.dll [WebClient] -> Microsoft Corporation [Ver = 5.1.2600.2821 (xpsp_sp2_gdr.060103-1536) | Size = 68096 bytes | Modified Date = 1/3/2006 11:35:06 PM | Attr = ]
explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
wltrysvc.exe -> %System32%\WLTRYSVC.EXE -> [Ver = | Size = 18944 bytes | Modified Date = 12/19/2005 9:08:42 AM | Attr = ]
bcmwltry.exe -> %System32%\BCMWLTRY.EXE -> Dell Inc. [Ver = 4.10.47.3 | Size = 1200128 bytes | Modified Date = 12/19/2005 9:08:40 AM | Attr = ]
spoolsv.exe -> %System32%\spoolsv.exe -> Microsoft Corporation [Ver = 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) | Size = 57856 bytes | Modified Date = 6/10/2005 7:53:32 PM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 10:13:20 AM | Attr = ]
avp.exe -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe -> Kaspersky Lab [Ver = 6.0.2.614 | Size = 200768 bytes | Modified Date = 1/29/2007 11:02:04 PM | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K BTHSVCS] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\bthserv.dll [BthServ] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 30208 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
btwdins.exe -> %ProgramFiles%\WIDCOMM\Bluetooth Software\bin\btwdins.exe -> Broadcom Corporation. [Ver = 5.0.1.801 | Size = 266295 bytes | Modified Date = 8/29/2005 4:12:14 PM | Attr = ]
ctsvccda.exe -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 1:01:00 PM | Attr = ]
mdm.exe -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\mdm.exe -> Microsoft Corporation [Ver = 7.10.3077 | Size = 335872 bytes | Modified Date = 3/19/2003 1:55:56 AM | Attr = ]
sdhelp.exe -> %ProgramFiles%\Spyware Doctor\sdhelp.exe -> PC Tools Research Pty Ltd [Ver = 3.6.0.2026 | Size = 895088 bytes | Modified Date = 11/2/2006 5:17:14 PM | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\wiaservc.dll [stisvc] -> Microsoft Corporation [Ver = 5.1.2600.3051 (xpsp_sp2_gdr.061219-0316) | Size = 333824 bytes | Modified Date = 12/19/2006 2:16:48 PM | Attr = ]
calmain.exe -> %ProgramFiles%\Canon\CAL\CALMAIN.exe -> Canon Inc. [Ver = 8, 1, 0, 14 | Size = 96341 bytes | Modified Date = 9/30/2005 7:22:50 PM | Attr = ]
avp.exe -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe -> Kaspersky Lab [Ver = 6.0.2.614 | Size = 200768 bytes | Modified Date = 1/29/2007 11:02:04 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 77824 bytes | Modified Date = 3/31/2007 7:20:10 PM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 257088 bytes | Modified Date = 3/14/2007 7:05:48 PM | Attr = ]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 2, 1128, 5462 | Size = 171448 bytes | Modified Date = 3/27/2007 3:02:32 AM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 500800 bytes | Modified Date = 3/14/2007 7:05:42 PM | Attr = ]
alg.exe -> %System32%\alg.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 44544 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K HTTPFILTER] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
-> %System32%\w3ssl.dll [HTTPFilter] -> Microsoft Corporation [Ver = 6.0.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15872 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ]
winpfind3u.exe -> %ProgramFiles%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.33.0 | Size = 318464 bytes | Modified Date = 4/2/2007 10:01:54 PM | Attr = ]


----------



## bimmeracer (Mar 28, 2007)

part 2.


----------



## Cookiegal (Aug 27, 2003)

Go to Control Panel - Add/Remove programs and remove:

*Viewpoint
Viewpoint Manager
Runtime Environment 5.0 Update 6*

I see you have Kaspersky Internet Security which provides both anti-virus and firewall and you also have AVG anti-virus and Zone Alarm firewall but they are disabled via msconfig. You need to uninstall AVG anti-virus and Zone Alarm as they can conflict with Kaspersky and cause problems.

Open the WinPFind3u folder and double-click on *WinPFind3U.exe* to start the program. Copy and paste the information in the quote box below into the pane where it says "Paste fix here" and then click the Run Fix button.



> [Registry - All]
> < ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
> YN -> {CFE9E8A8-38C0-4EF8-AEC2-5035EFE81030} [HKLM] -> Reg Data - Key not found []
> [Registry - Additional Scans - All]
> ...


Reboot and post a new HijackThis log please.


----------



## bimmeracer (Mar 28, 2007)

here is the fix
[Registry - All]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell ExecuteHooks does not exist.
[Registry - Additional Scans - All]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WhenUSearch deleted successfully.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WhenUSearchWHSE deleted successfully.
File not found.
< End of log >
Created on 04/09/2007 17:33:41

hijackthis
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 5:35:52 PM, on 4/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\notepad.exe
C:\Program Files\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8206 bytes


----------



## Cookiegal (Aug 27, 2003)

See if you can locate this folder and if it exists, delete it:

C:\ProgramFiles\*WhenUSearch*

How are things running now?


----------



## bimmeracer (Mar 28, 2007)

the computer is working, but all of my Microsoft programs and adobe programs are still not working and I'm still receiving "... has encountered a problem and needs to close. We are sorry for the inconvenience." error.


----------



## Cookiegal (Aug 27, 2003)

Which programs specifically?


----------



## bimmeracer (Mar 28, 2007)

Of the top of my head, windows media player, adobe reader, firefox, bootvis and spyware doctor.
Chad P.


----------



## Cookiegal (Aug 27, 2003)

You said Microsoft programs so I thought you meant programs like Word, Excel, etc.

Those are all programs that are free and can be uninstalled and reinstalled. They may have a component that has become corrupt. I would try doing that with one and see if the problem continues.


----------



## bimmeracer (Mar 28, 2007)

i have and that didnt work.
also, my computer is still running as if it is missing some ram.


----------



## Cookiegal (Aug 27, 2003)

How much RAM do you have?

Go to *Start *- *Run *- type in *eventvwr.msc* and click OK. Look under both "application" and "system" and see if there are any recent errors shown in red. If so, double click each one to open it and then click on the icon that looks like two pieces of paper. This will copy the error to the clipboard. Then copy them here please.


----------



## bimmeracer (Mar 28, 2007)

1gb. 
I have 163 red X's. Im copying them now.


----------



## bimmeracer (Mar 28, 2007)

how do you find this clip board with everything?


----------



## bimmeracer (Mar 28, 2007)

wow I have 700 systems errors.


----------



## bimmeracer (Mar 28, 2007)

also, my picture, videos and music folders dont open. I cannot upload pics to photobucket, nor add music to itunes or winamp.


----------



## Cookiegal (Aug 27, 2003)

Don't post errors that are duplicates and certainly don't post them all but only ones from the last few days.

The clipboard is generally invisible (you can make it visible if you want) and it's where anything goes that you copy, whether it be the way I described for these errors, or by using "Edit" - "Copy".


----------



## bimmeracer (Mar 28, 2007)

attached


----------



## Cookiegal (Aug 27, 2003)

Did you recently try to install Microsoft Internet Information Services (IIS)?


----------



## bimmeracer (Mar 28, 2007)

NOPE. I dont even know what that is. should i install it?


----------



## Cookiegal (Aug 27, 2003)

No. How many user accounts are there on this computer?


----------



## bimmeracer (Mar 28, 2007)

two, but I only use on of them. the other one has never been used.


----------



## Cookiegal (Aug 27, 2003)

Go to *Start * *Run *- type *msconfig*  click OK and click on the *startup tab*. Uncheck everything there except your anti-virus programs (AVP) then reboot. Let me know if that solves the problem with those programs.

If it doesn't then select the "services" tab and check "hide Microsoft Services".

Then uncheck all the NON Microsoft services and reboot.

Let me know if that solves the problem. If it does, it means there's a conflict with a program or service.


----------



## bimmeracer (Mar 28, 2007)

nope. didnt work. That was one of the first things I did when I started having these problems. I like my cpu to load up as quickly as possible.


----------



## Cookiegal (Aug 27, 2003)

I've asked someone else to take a look at the errors from your event viewer.


----------



## Rollin' Rog (Dec 9, 2000)

The first thing that comes to mind when viewing those errors is that the drive itself has issues. Atleast one error indicates a "bad block" on the drive. Unless chkdsk is run or the drive replaced -- these tend to repeat -- although you may have just copied that one.



> SYSTEM
> Event Source:	Disk
> Event Category:	None
> Event ID:	7
> ...


Keep an eye out for repeats of the above.

So you should start by backing up any personal data to an external drive or media -- and then run chkdsk on the drive:

http://www.housing.hawaii.edu/resources/support/chkdsk.htm

The next thing I would do is create or enable another User Account with Administrative rights -- and see how many of these problems carry over to the new account.

I would also install this, which may help with some issues:

http://www.microsoft.com/downloads/...6D-8912-4E18-B570-42470E2F3582&displaylang=en

For problems that persist and repeat with specific programs, I would remove and reinstall that program. After removing a program and before reinstalling it check the %username%\application data\ directory for any folders for it and rename or delete those before the reinstall to ensure a clean install. This is a 'hidden' directory and you must have "show hidden files and folders" enabled in Folder Options > View to see it.


----------



## bimmeracer (Mar 28, 2007)

here is my log. I will go ahead and create a new user account now. I am just pressed for time since it is finals week.


----------



## bimmeracer (Mar 28, 2007)

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk. 
Cleaning up minor inconsistencies on the drive.
Cleaning up 55 unused index entries from index $SII of file 0x9.
Cleaning up 55 unused index entries from index $SDH of file 0x9.
Cleaning up 55 unused security descriptors.
CHKDSK is verifying file data (stage 4 of 5)...
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.

78147688 KB total disk space.
48800752 KB in 98134 files.
58488 KB in 8367 indexes.
780 KB in bad sectors.
176492 KB in use by the system.
65536 KB occupied by the log file.
29111176 KB available on disk.

4096 bytes in each allocation unit.
19536922 total allocation units on disk.
7277794 allocation units available on disk.

Internal Info:
d0 a1 01 00 0f a0 01 00 aa 5c 02 00 00 00 00 00 .........\......
83 76 01 00 01 00 00 00 ae 02 00 00 00 00 00 00 .v..............
90 00 ef 03 00 00 00 00 30 d6 55 ed 00 00 00 00 ........0.U.....
d0 82 71 07 00 00 00 00 40 e0 30 c3 06 00 00 00 [email protected]
f0 86 77 f1 02 00 00 00 50 b9 1f b5 0a 00 00 00 ..w.....P.......
99 9e 36 00 00 00 00 00 a0 39 07 00 56 7f 01 00 ..6......9..V...
00 00 00 00 00 c0 8f a2 0b 00 00 00 af 20 00 00 ............. ..

Windows has finished checking your disk.
Please wait while your computer restarts.


----------



## bimmeracer (Mar 28, 2007)

when I try to create a new account I get an error that says "Microsoft (R) HTML Application host has encountered a problem and needs to close. We are sorry for the inconvenience."

help


----------

