# Win Anti Virus Pro & Drive Cleaner Removal Help



## USMCBUCK10 (Jan 21, 2007)

Hi, ive been having trouble the last few days. I noticed pop ups that kept coming up, they were Drive Cleaner and Win Anti Virus Pro. I tried to delete them with ad-aware but everytime i restarted my computer they were there again. So if anyone could please help me it would be greatly appreciated.


----------



## USMCBUCK10 (Jan 21, 2007)

Can anyone help me? I dont know how to do the hijack log thing, so can someone please show me how to get that stuff on here.


----------



## Byteman (Jan 24, 2002)

Sure can....

First go to Add/Remove Programs in Control Panel, and Uninstall those items Win Anti Virus Pro & Drive Cleaner

But * Do NOT Reboot or Restart when it prompts you to.*

*Click here* to download *HJTsetup.exe*
Save Hijackthis.exe to your desktop.
Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This. 
Continue to click *Next* in the setup dialogue boxes until you get to the *Select Additional Tasks* dialogue.
Put a check by *Create a desktop icon* then click *Next* again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click *Finish* and it will launch Hijack This.
Click on the *Do a system scan and save a log file* button. It will scan and then ask you to save the log.
Click *Save* to save the log file and then the log will open in notepad.
At the top of the Notepad HJT log screen, hit *EDIT* then SELECT ALL then click EDIT and then click *COPY*, doing that copies the text to the clipboard, you won't see it yet....
Open a TechSupportGuy forum Reply window for this thread, to have ready to paste the Hijackthis log into. Click once to place the typing cursor in the reply window.
At the top of your TSG/browser window, hit *EDIT* then *PASTE*
You should see your copied Hijackthis log appear in the reply space....then, submit the reply
*DO NOT* have Hijack This fix anything yet. Most of what it finds will be harmless or even required. 

I see you are not here now, if you have shut the computer down it is all right....if you come back tonight, someonw may be able to help you then, otherwise, tomorrow morning is your first chance. 
It might be someone else that helps in the morning as I usually cannot be at TSG until later toward evening
6 PM Eastern US time.

[edit, spoke too soon, you've just signed back on...I will wait and look at the HJT log and see what I can do]


----------



## USMCBUCK10 (Jan 21, 2007)

Ok, here is the log file.

Logfile of HijackThis v1.99.1
Scan saved at 7:51:38 PM, on 1/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\batt0431.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\AOL\1106867256\ee\AOLSoftware.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\AOL\1106867256\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCEvtHdlr.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
c:\program files\common files\aol\1106867256\ee\aolssc.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\6.bin\MWSSRCAS.DLL
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: The College Toolbar - {50EC13F9-D1F6-4012-A076-F73088D8241C} - C:\Program Files\The College Toolbar\collegetoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Ejfb] C:\documents and settings\owner\local settings\temp\Ejfb.exe
O4 - HKLM\..\Run: [2P6WFAX43ZHE7C] C:\WINDOWS\System32\NjpM9X44.exe
O4 - HKLM\..\Run: [1d17bda7c43b] C:\WINDOWS\System32\batt0431.exe
O4 - HKLM\..\Run: [tF3P3pR] mcadss.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1106867256\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [rDM] C:\windows\system32\rDM.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1106867256\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe"
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
O4 - HKLM\..\Run: [{4858F78A-09DC-1033-1011-020409020001}] "C:\Program Files\Common Files\{4858F78A-09DC-1033-1011-020409020001}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvzox.dll,startup
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\skvjhtig.dll",setvm
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [cosFRfdFl] mdatoenr.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSYYYYYYYYUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - 
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://ezgreets.aavalue.com/EZG/Toolbar/EZG-toolbar.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://aolsvc.aol.com/onlinegames/trydinerdash2/DinerDash2.1.0.0.67.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://online.invokesolutions.com/events/bin/media/5.1.2.1427-3.0.0.7207/MILive.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.93.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/pcastropop/popcaploader_v7.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\ipxpromn1053p.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


----------



## Byteman (Jan 24, 2002)

A nice amount of ad and spyware....fixable.

Please download *SmitfraudFix* (by *S!Ri*)
Extract the content (a folder named *SmitfraudFix*) to your Desktop.

Open the *SmitfraudFix* folder and double-click *smitfraudfix.cmd*
Select option #1 - *Search* by typing *1* and press "*Enter*"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

*Note* : *process.exe* is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

Post that log from SmitFraudFix.

Next: * Stop here, you MAY DOWNLOAD the program down below, but do not install it yet!!!!As soon as I see the results from SmitFraudFix log I will post your next step....you might just want to wait for my reply before starting the download below: The next part of the fix involves booting up in Safe Mode so we will not have the Internet available...*

Download *AVG Anti-Spyware* from *HERE* and save that file to your desktop.

When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.


Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
On the main screen select the icon "*Update*" then select the "*Update now*" link.
Next select the "*Start Update*" button. The update will start and a progress bar will show the updates being installed.

Once the update has completed, select the "*Scanner*" icon at the top of the screen, then select the "*Settings*" tab.
Once in the Settings screen click on "*Recommended actions*" and then select "*Quarantine*".
Under "*Reports*"
Select "*Automatically generate report after every scan*"
Un-Select "*Only if threats were found*"

Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
Reboot your computer into *Safe Mode*. You can do this by restarting your computer and continually tapping the *F8* key until a menu appears. Use your up arrow key to highlight *Safe Mode* then hit enter.

*IMPORTANT:* Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:

Launch AVG Anti-Spyware by double clicking the icon on your desktop.
Select the "*Scanner*" icon at the top and then the "*Scan*" tab then click on "*Complete System Scan*".
AVG will now begin the scanning process. Please be patient as this may take a little time.
*Once the scan is complete, do the following:*
If you have any infections you will be prompted. Then select "*Apply all actions.*"
Next select the "*Reports*" icon at the top.
Select the "*Save report as*" button in the lower lef- hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
Close AVG Anti-Spyware and reboot your system back into Normal Mode.

Please go *HERE* to run Panda's ActiveScan
Once you are on the Panda site click the *Scan your PC* button
A new window will open...click the *Check Now* button
Enter your *Country*
Enter your *State/Province*
Enter your *e-mail address* and click *send*
Select either *Home User* or *Company*
Click the big *Scan Now* button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on *My Computer* to start the scan
When the scan completes, if anything malicious is detected, click the *See Report* button, *then Save Report* and save it to a convenient location. Post the contents of the ActiveScan report


----------



## USMCBUCK10 (Jan 21, 2007)

SmitFraudFix v2.133

Scan done at 20:09:41.86, Sun 01/21/2007
Run from C:\Documents and Settings\TEMP\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\TEMP

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\TEMP\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\TEMP\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\WINDOWS\\System32\\ipxpromn1053p.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End


----------



## Byteman (Jan 24, 2002)

Hi, Zip over  HERE  and download PeperFix tool.

To use this program, download it from the link and double-click on the saved icon. Run it twice, rebooting in between.


----------



## USMCBUCK10 (Jan 21, 2007)

It says no Peper files were detected but lists a bunch of files in the box. Am i doing this correctly?


----------



## Byteman (Jan 24, 2002)

Hmm can you copy/paste the list for me? Without closing the thing....


----------



## USMCBUCK10 (Jan 21, 2007)

There is no way i can copy it.


----------



## Byteman (Jan 24, 2002)

Never mind, I just refreshed my memory, it lists a lot of system files so just EXIT the PeperFix.

Then restart and run it again! This time, if it tells you no Pepers were found, do the sam, Exit, and RESTART again.

Post a new HJT log. Take a break and:

You should now download the AVG Antispyware program install as in my previous reply. 

You MUST follow the steps exactly.....print it out, or copy and paste the whole reply to a Notepad text file save it as steps.txt or something equally interesting.....save to your desktop, then you will have it to refer to while you work in Safe Mode.

You must save anything NEW in my further replies also, since the Internet is not available in Safe Mode for you to be here reading. Just save the steps if it involves going to Safe Mode...anything else is OK to read here...


----------



## Byteman (Jan 24, 2002)

Hi, Be sure you have seen my last reply about AVG....

Also, you should look for these in Add/Remove Programs, uninstall any that are there, don't be alarmed if you see errors or messages
about do you want to do this...just continue on with the uninstall.

funwebproducts/ or /SmileyCentral

My Web Search Bar < unless you really use it and like it, it is minor adware bundled with other programs....so is Smiley or FunWeb. 

Be helpful to do this:

Open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. After you click the "Save List" button, you will be asked where to save the file. Pick a place to save it then the list should open in notepad. Copy and paste that list here.


----------



## USMCBUCK10 (Jan 21, 2007)

Here is the new HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 9:27:27 PM, on 1/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\batt0431.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\AOL\1106867256\ee\AOLSoftware.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\AOL\1106867256\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCEvtHdlr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\program files\common files\aol\1106867256\ee\aolssc.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\6.bin\MWSSRCAS.DLL
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: The College Toolbar - {50EC13F9-D1F6-4012-A076-F73088D8241C} - C:\Program Files\The College Toolbar\collegetoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Ejfb] C:\documents and settings\owner\local settings\temp\Ejfb.exe
O4 - HKLM\..\Run: [2P6WFAX43ZHE7C] C:\WINDOWS\System32\NjpM9X44.exe
O4 - HKLM\..\Run: [1d17bda7c43b] C:\WINDOWS\System32\batt0431.exe
O4 - HKLM\..\Run: [tF3P3pR] mcadss.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1106867256\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [rDM] C:\windows\system32\rDM.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1106867256\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe"
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
O4 - HKLM\..\Run: [{4858F78A-09DC-1033-1011-020409020001}] "C:\Program Files\Common Files\{4858F78A-09DC-1033-1011-020409020001}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvzox.dll,startup
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\skvjhtig.dll",setvm
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [cosFRfdFl] mdatoenr.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSYYYYYYYYUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - 
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://ezgreets.aavalue.com/EZG/Toolbar/EZG-toolbar.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://aolsvc.aol.com/onlinegames/trydinerdash2/DinerDash2.1.0.0.67.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://online.invokesolutions.com/events/bin/media/5.1.2.1427-3.0.0.7207/MILive.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.93.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/pcastropop/popcaploader_v7.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\ipxpromn1053p.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


----------



## Byteman (Jan 24, 2002)

Ok, continue on with getting and installing, updating, and scanning as shown with AVG Antispyware and doing the Panda online scan etc. 

Peper was not removed- there are more removal tools for it, but I am thinking AVG and/or Panda scan should clean it and most of the
other trojans or virii that are present.


----------



## USMCBUCK10 (Jan 21, 2007)

Here is the AVG Report Scan. I hit the save file button by accident first, i think that is why it says no action taken. But all were quarantined.


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:46:42 AM 1/22/2007

+ Scan result: 



C:\WINDOWS\system32\in4bdlA.dll -> Adware.BargainBuddy : No action taken.
C:\Documents and Settings\TEMP\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\6B61A141-2501-4CAA-8D47-7E4F35\D85FF7E6-4CF9-4ED7-B0C2-EBE571 -> Adware.BetterInternet : No action taken.
C:\WINDOWS\system32\axuninstall.exe -> Adware.BlazeFind : No action taken.
C:\Documents and Settings\TEMP\Local Settings\Temp\8s8qwv4i.exe -> Adware.DriveCleaner : No action taken.
C:\Documents and Settings\TEMP\Local Settings\Temp\awepm7h8.exe -> Adware.DriveCleaner : No action taken.
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP946\A0457471.exe -> Adware.EliteBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\IESkins -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\IESkins\0413ZKayla.bmp -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\reports.txt -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\HostOI -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\HostOI\dynamic -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\HostOI\static -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\HostOL -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\HostOL\dynamic -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\HostOL\static -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\1.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\1042547.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\1055669.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\1055969.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\1056280.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\1056813.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\1058131.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\1070500.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\122069.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\1383597.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\1383623.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\1383660.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\1383704.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\1383783.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\1384083.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\1384989.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\1385372.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\1386864.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\1387588.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\1387602.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\1387730.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\1388210.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\1395210.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\1401905.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\1418656.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\1420235.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\1823498.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\188485.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\2111804.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\228414.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\2643577.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\344723.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\387979.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\398142.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\48657.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\501475.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\662778.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\670828.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\737654.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\928450.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\952211.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\ASPL1.dat -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\12030 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1235 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\135035 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\13505 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\13587 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\13596 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\13617 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1369 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\14207 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\15473 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\15622 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\15955 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1605 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1610 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\16176 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\17025 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\17828 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\18035 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\18676 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\18721 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\18730 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\18806 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\19009 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\20128 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\202699 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\20970 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\22000 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\228229 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\22913 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\23636 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\23923 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\23928 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\25046 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\25424 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\25869 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\26243 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\26329 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\26340 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\26664 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\27503 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\27505 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\28049 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\29115 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\29135 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\29174 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\29642 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\300 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\30455 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\31657 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\32378 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\32418 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\32614 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\32722 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\32812 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\33069 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\33116 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34123 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34186 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34237 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34952 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\35047 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\35285 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\35286 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\355086 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\35554 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\35644 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\356690 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\35941 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\36072 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\37135 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\37509 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\38399 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\38868 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41364 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\4142 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41421 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41577 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41854 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41952 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\42093 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\42208 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\42425 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\43254 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\43907 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\43979 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44228 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44271 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44293 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44300 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44303 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44313 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44315 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\4442 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44878 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\45246 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\4532 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\45355 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\45495 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\45642 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\45833 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\46110 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\461563 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\46236 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\47468 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\474793 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\4899 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\49432 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\50228 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\50957 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\52335 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\53515 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\53813 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\538263 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\54247 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\54469 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\54473 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\55054 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\56412 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\56613 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\56644 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\57137 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\5749 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\579123 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\58197 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\583049 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\58804 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\58965 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\59234 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\59435 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\59844 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\5992 -> Adware.HotBar : No action taken.


----------



## USMCBUCK10 (Jan 21, 2007)

AVG Report Scan Continued...



C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\60709 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\60841 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\61207 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\61627 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\61779 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\61795 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\63524 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\63770 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\64404 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\6458 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\64703 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\64961 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\65933 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\66867 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\6704 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\67226 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\67464 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\67524 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\67564 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\68094 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\68370 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\68386 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\6873 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\69235 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\69308 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\69325 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\69358 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\703336 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\71254 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\72010 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\72786 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\73143 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\73391 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\7341 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\73476 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\73506 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\73948 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\7487 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\75089 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\7553 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\75828 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\76119 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\77618 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\78245 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\78600 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\79079 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\79141 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\79257 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\79683 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\80201 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\80319 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\80670 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\80689 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\81293 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\81785 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\82139 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\83139 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\83209 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\83216 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\83298 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\83706 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\83743 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\85062 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\85119 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\86146 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\8619 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\86379 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\86837 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\87385 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\87555 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\87995 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\88183 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\88635 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\89075 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\89500 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\90163 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\90358 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\90711 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\90835 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\91171 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\91224 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\91231 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\92061 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\93343 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\93568 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\93654 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\93899 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\93921 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\9413 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\94230 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\94844 -> Adware.HotBar : No action taken.

C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\95200 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\95325 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\95610 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\95645 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\95666 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\95678 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\95704 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\9672 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\97964 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\99008 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\99857 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\domains.txt -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\hstat -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\ustat -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\ustat\3182.dat -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\dynamic\ustat\3183.dat -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\1 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_511745-514279.mnu -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Games.mnu -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Hide.mnu -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Hotmail.mnu -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_SearchBoxTrapper.mnu -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_categorize.mnu -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_comparison.mnu -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_explorer-Mails.mnu -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_favorites.mnu -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_hsskin.mnu -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_new.mnu -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_premium.mnu -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_ringtone.mnu -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_searchfor.mnu -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_searchgo.mnu -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_weather.mnu -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_yellowpages.mnu -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\1\Top7_theweb.mnu -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\1\buttondir.txt -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\1\components.cdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_1000.res -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar4.res -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar7.res -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\1\default.cdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\1\email-t1-bg.res -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar_promo.htm -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords.idx -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords1.dat -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords_idx.idx -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords_sdf.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\1\layout.cdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\1\s_icons_buttons.res -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\1\theweb.mnu -> Adware.HotBar : No action taken.


----------



## USMCBUCK10 (Jan 21, 2007)

C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\1\top7.cdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\2 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_511745-514279.mnu -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Games.mnu -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Hide.mnu -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Hotmail.mnu -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_SearchBoxTrapper.mnu -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_categorize.mnu -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_comparison.mnu -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_explorer-Mails.mnu -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_favorites.mnu -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_hsskin.mnu -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_new.mnu -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_premium.mnu -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_ringtone.mnu -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_searchfor.mnu -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_searchgo.mnu -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_weather.mnu -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_yellowpages.mnu -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\2\Top7_theweb.mnu -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\2\buttondir.txt -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\2\components.cdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_1000.res -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_2000.res -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_3000.res -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar10.res -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar11.res -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar12.res -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar13.res -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar14.res -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar2.res -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar3.res -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar4.res -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar5.res -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar6.res -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar7.res -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar8.res -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar9.res -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_x.res -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\2\default.cdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\2\email-t1-bg.res -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar_promo.htm -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords.idx -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords1.dat -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords_idx.idx -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords_sdf.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\2\layout.cdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\2\s_icons_buttons.res -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\2\theweb.mnu -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\2\top7.cdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\buttondir.xip -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_1000.xip -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_2000.xip -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_3000.xip -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar4.xip -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar7.xip -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\default.xip -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\email-t1-bg.xip -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar_promo.xip -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords.xip -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords1.xip -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords_idx.xip -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords_sdf.xip -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\layout.xip -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\s_icons_buttons.xip -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.txt -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.xip -> Adware.HotBar : No action taken.
C:\Documents and Settings\Owner\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\top7.xip -> Adware.HotBar : No action taken.
C:\WINDOWS\system32\batt0431.exe -> Adware.IEDriver : No action taken.
C:\Documents and Settings\Kayla\Local Settings\Temp\bar.exe -> Adware.IeSearchBar : No action taken.
C:\Documents and Settings\TEMP\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\459B0E49-E6F6-43BF-8267-BAEEBE\5627E3DB-F5C1-4FCC-AEEB-2A6006 -> Adware.InstallDollar : No action taken.
C:\Documents and Settings\TEMP\Local Settings\Temp\win1B59.tmp.exe -> Adware.MaxSearch : No action taken.
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP946\A0457469.dll -> Adware.MaxSearch : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WildArcade -> Adware.MidAddle : No action taken.
C:\WINDOWS\NDNuninstall6_90.exe -> Adware.NewDotNet : No action taken.
HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : No action taken.
HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : No action taken.
C:\Documents and Settings\Kayla\Local Settings\Temp\p2psetup.exe -> Adware.P2PNet : No action taken.
C:\Documents and Settings\Owner\Application Data\eber.exe -> Adware.PurityScan : No action taken.
C:\Documents and Settings\TEMP\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\AC06CD2C-BEF8-4AE9-B010-E15EFC\21EE9A5A-BE81-4AA1-A6CA-B8868D -> Adware.PurityScan : No action taken.
C:\Program Files\Common Files\{4858F78A-09DC-1033-1011-020409020001}\system.dll -> Adware.Softomate : No action taken.
C:\RECYCLER\S-1-5-18\Dc4\system.dll -> Adware.Softomate : No action taken.
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP948\A0461227.exe -> Adware.Softomate : No action taken.
C:\Program Files\The College Toolbar\spyrem.exe -> Adware.SpywareRem : No action taken.
C:\WINDOWS\prelimhanse.exe -> Adware.WebHancer : No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\toolbar.dll -> Adware.WebSearch : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Ejfb.exe -> Adware.WinFetcher : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\installer_MARKETING39.exe -> Downloader.Adload.a : No action taken.
C:\WINDOWS\system32\acctres1.exe -> Downloader.Agent.adz : No action taken.
C:\WINDOWS\mhdpnb.dat -> Downloader.Agent.bc : No action taken.
C:\WINDOWS\system32\addha.dll -> Downloader.Agent.bc : No action taken.
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP946\A0457466.exe -> Downloader.Agent.bca : No action taken.
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP950\A0461488.exe -> Downloader.Agent.bca : No action taken.
C:\WINDOWS\Temp\winE7.tmp.exe -> Downloader.Agent.bdr : No action taken.
C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\remove.exe -> Downloader.Keenval.f : No action taken.
C:\Documents and Settings\TEMP\Local Settings\Temp\win1B5D.tmp.exe -> Downloader.PurityScan.dc : No action taken.
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP946\A0457468.exe -> Downloader.PurityScan.dc : No action taken.
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP948\A0461265.exe -> Downloader.PurityScan.dc : No action taken.
C:\WINDOWS\Temp\winEC.tmp.exe -> Downloader.PurityScan.dc : No action taken.
C:\WINDOWS\Downloaded Program Files\optimize.inf -> Downloader.Small : No action taken.
C:\WINDOWS\Temp\winE7.tmp -> Downloader.Small.dod : No action taken.
C:\Documents and Settings\TEMP\Local Settings\Temp\Rar$EX00.500\keygen.exe -> Downloader.Small.eem : No action taken.
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP937\A0444434.dll -> Not-A-Virus.Hoax.Win32.Renos.gi : No action taken.
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP949\A0461436.dll -> Not-A-Virus.Hoax.Win32.Renos.gi : No action taken.
C:\WINDOWS\Temp\mstED.tmp -> Not-A-Virus.Hoax.Win32.Renos.gi : No action taken.
:mozilla.627:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.19:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.20:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.21:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.22:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.24:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.25:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.26:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.27:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.28:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.29:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.30:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.31:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.32:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.332:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.33:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.34:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.35:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.36:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.37:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.38:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.39:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.40:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.41:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.424:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.42:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.43:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.44:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.45:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.46:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.47:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.482:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.48:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.49:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.50:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.514:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.51:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.52:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.538:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.53:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.54:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.55:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.56:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.57:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.588:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.58:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.59:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.607:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.60:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.61:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.62:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.63:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.64:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.65:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.712:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.738:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\TEMP\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
:mozilla.709:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.710:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.713:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\TEMP\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.663:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.664:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.665:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.704:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Admarketplace : No action taken.
:mozilla.274:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.275:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.276:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.277:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.280:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.281:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.142:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\TEMP\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : No action taken.
:mozilla.138:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\TEMP\Cookies\[email protected]tdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt -> TrackingCookie.Bfast : No action taken.
:mozilla.546:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.466:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Burstbeacon : No action taken.
:mozilla.467:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.468:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.469:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.470:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.186:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.187:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.188:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.189:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.190:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.217:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.218:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\TEMP\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Com : No action taken.
:mozilla.559:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Coremetrics : No action taken.
C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.15:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.697:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.81:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.


----------



## USMCBUCK10 (Jan 21, 2007)

C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\TEMP\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.157:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.158:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.474:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.475:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.476:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.155:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt -> TrackingCookie.Fastclick : No action taken.

:mozilla.713:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\TEMP\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.663:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.664:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.665:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.704:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Admarketplace : No action taken.
:mozilla.274:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.275:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.276:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.277:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.280:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.281:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.142:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\TEMP\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : No action taken.
:mozilla.138:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt -> TrackingCookie.Bfast : No action taken.
:mozilla.546:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.466:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Burstbeacon : No action taken.
:mozilla.467:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.468:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.469:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.470:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.186:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.187:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.188:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.189:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.190:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.217:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.218:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\TEMP\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Com : No action taken.
:mozilla.559:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Coremetrics : No action taken.
C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.15:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.697:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.81:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.


----------



## USMCBUCK10 (Jan 21, 2007)

C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\TEMP\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.157:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.158:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.474:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.475:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.476:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.155:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt -> TrackingCookie.Fastclick : No action taken.

C:\Documents and Settings\TEMP\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.371:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.824:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.336:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.337:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.338:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.340:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.341:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.456:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.569:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.570:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.571:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.572:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.573:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.574:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.575:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.576:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.577:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt -> TrackingCookie.Linksynergy : No action taken.
:mozilla.324:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.325:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.326:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.327:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.539:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.139:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.140:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\TEMP\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.111:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Onestat : No action taken.
:mozilla.112:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Onestat : No action taken.
:mozilla.124:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.609:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.610:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.611:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.612:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.613:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.614:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.416:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.417:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.418:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.419:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.127:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.128:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.129:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.130:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.


----------



## USMCBUCK10 (Jan 21, 2007)

:mozilla.131:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.132:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.133:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.134:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.135:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.136:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.137:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.73:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.74:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.75:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.76:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.77:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.78:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.79:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.80:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.742:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.746:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.747:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.748:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.749:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.750:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.421:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.422:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.423:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.425:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.426:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.282:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.283:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.284:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.285:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.286:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.287:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.288:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.289:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.290:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.291:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.292:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.293:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.294:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.295:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.296:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.297:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.298:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.299:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.300:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.301:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\TEMP\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.173:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.179:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.730:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.199:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.200:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.201:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.202:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.203:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.265:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Valueclick : No action taken.
:mozilla.266:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Valueclick : No action taken.
:mozilla.267:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Valueclick : No action taken.
:mozilla.268:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Valueclick : No action taken.
C:\Documents and Settings\TEMP\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Valueclick : No action taken.
:mozilla.646:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.647:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.648:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\TEMP\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.366:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.367:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.368:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.369:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.370:C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
C:\WINDOWS\Downloaded Program Files\Information_s.INF -> Trojan.Getobject : No action taken.
C:\WINDOWS\system32\winips32.dll -> Trojan.Mezzia : No action taken.
C:\Documents and Settings\TEMP\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\0DD3148C-5192-4CC6-8439-B44A42\BB5C0DEE-A486-4464-8560-5A1DC2 -> Trojan.Zapchast : No action taken.

::Report end


----------



## USMCBUCK10 (Jan 21, 2007)

Panda Activescan

Incident Status Location

Potentially unwanted tool:Application/MyWebSearch Not disinfected c:\progra~1\mywebs~1\bar\6.bin\mwsoemon.exe 
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\MWSOEPLG.DLL 
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoestb.dll 
Potentially unwanted tool:application/mywebsearch Not disinfected c:\windows\system32\f3PSSavr.scr 
Spyware:spyware/whazit Not disinfected c:\windows\system32\fiz1 
Adware:adware/adlogix Not disinfected c:\windows\system32\retpdat32.xml 
Spyware:spyware/virtumonde Not disinfected c:\windows\system32\ssqpp.dll 
Adware:adware/iedriver Not disinfected c:\windows\system32\sub.dll 
Virus:trj/downloader.aee Disinfected Operating system 
Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf 
Adware:adware/statblaster Not disinfected c:\windows\downloaded program files\WildApp.inf  
Adware:adware/comet Not disinfected c:\windows\inf\dm.inf 
Adware:adware/gator Not disinfected c:\windows\GatorHDPlugin.log-old.log 
Dialer:dialer.bny Not disinfected c:\windows\pcconfig.dat 
Adware:adware/ncase Not disinfected c:\temp\FLEOK 
Potentially unwanted tool:application/myway Not disinfected c:\program files\MyWay 
Adware:adware/quicksearch Not disinfected c:\program files\QuickSearch 
Adware:adware/transponder Not disinfected Windows Registry 
Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\AltnetDM 
Adware:adware/dyfuca Not disinfected Windows Registry 
Adware:adware/wupd Not disinfected Windows Registry 
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20050923215629.zip[WINDOWS/inf/Pynix.inf]  
Hacktool:Exploit/ObjectData Not disinfected C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\MB8C4Y9R\str8_pending[1].html[C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\MB8C4Y9R\str8_pending[1].html] 
Hacktool:Exploit/ObjectData Not disinfected C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\TMXN2UVD\str8_pending[1].html 
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\Kayla\Local Settings\Temp\bi.inf 
Adware:Adware/SideSearch Not disinfected C:\Documents and Settings\Kayla\Local Settings\Temp\ss_cdt_setup.exe[²	=.dll] 
Adware:Adware/SideSearch Not disinfected C:\Documents and Settings\Kayla\Local Settings\Temp\ss_cdt_setup.exe[offline.htm] 
Adware:Adware/eZula Not disinfected C:\Documents and Settings\Kayla\Local Settings\Temp\TopTextiLookup.htm 
Adware:Adware/KeenValue Not disinfected C:\Documents and Settings\Kayla\Local Settings\Temp\UpdatedUpdaterInstall.exe 
Spyware:Spyware/MarketScore Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\ab1.exe 
Adware:Adware/AdLogix Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\adlinstallwin32.exe[SWin32.dll] 
Adware:Adware/AdLogix Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\adlinstallwin32.exe[automove.exe] 
Adware:Adware/AdLogix Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\adlinstallwin32.exe[trans.exe]  
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\adlinstallwin32.exe[istinstall_adlogix.exe] 
Adware:Adware/SaveNow Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\all_files9.exe[SaveInstCsSm.exe] 
Adware:Adware/BrowserAid Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\all_files9.exe[dist1_1_00.exe] 
Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\all_files9.exe[Overpro323.exe] 
Virus:Trj/Downloader.OE Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\all_files9.exe[Overpro323.exe][dp-him.exe] 
Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\all_files9.exe[Overpro323.exe][IEHost.EXE] 
Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\all_files9.exe[Overpro323.exe][Searchx.htm] 
Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\all_files9.exe[Overpro323.exe][terrabyte.exe] 
Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\all_files9.exe[Overpro323.exe][ms.exe] 
Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\all_files9.exe[may17_loader.exe] 
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\all_files9.exe[bdl14185.exe]  
Spyware:Spyware/ClearSearch Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\all_files9.exe[ClrSchP072.exe] 
Adware:Adware/SideSearch Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\ss_cdt_setup.exe[²	=.dll] 
Adware:Adware/SideSearch Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\ss_cdt_setup.exe[offline.htm] 
Adware:Adware/StatBlaster Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\tracker9.exe 
Adware:Adware/zSearch Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\zsupdater.exe 
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Owner\Application Data\rawh\ctxad-204.0000[NDrv.dll] 
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\Owner\Local Settings\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20050923215629.zip[WINDOWS/inf/Pynix.inf] 
Virus:Trj/Bhotcher.A Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\all_files7.exe[iMeshInst.exe][WBCM_Installer.exe][BHOW.exe] 
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\ctxad.exe[NDrv.dll] 
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\ctxad.exe[NDrv.exe] 
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt[.realmedia.com/]  
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\TEMP\Local Settings\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20050923215629.zip[WINDOWS/inf/Pynix.inf] 
Spyware:Spyware/CommonName Not disinfected C:\Documents and Settings\TEMP\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\94643832-10A2-4018-8728-EDD372\8AB9B36D-BF85-42E0-AD02-EB6BDC[inetsvc.exe] 
Spyware:Spyware/CommonName Not disinfected C:\Documents and Settings\TEMP\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\94643832-10A2-4018-8728-EDD372\8AB9B36D-BF85-42E0-AD02-EB6BDC[inetmgr.exe]  
Spyware:Spyware/CommonName Not disinfected C:\Documents and Settings\TEMP\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\94643832-10A2-4018-8728-EDD372\8AB9B36D-BF85-42E0-AD02-EB6BDC[²=] 
Virus:Trj/Downloader.OA Disinfected C:\Documents and Settings\TEMP\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\96483375-62CC-4E5A-84F4-69E9F5\0279EC55-7F80-48DA-A53F-0FAD21 
Virus:Trj/Downloader.OA Disinfected C:\Documents and Settings\TEMP\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\96483375-62CC-4E5A-84F4-69E9F5\BC61B96E-0638-4E7E-BF9A-3EFC7C 
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\TEMP\Local Settings\Temp\Cookies\[email protected][2].txt 
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\TEMP\Local Settings\Temp\Cookies\[email protected][1].txt 
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\TEMP\Local Settings\Temp\Cookies\[email protected][2].txt 
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\tre.KAYLA\Local Settings\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20050923215629.zip[WINDOWS/inf/Pynix.inf] 
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe 
Potentially unwanted tool:Application/Processor Not disinfected C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc15\Process.exe 
Adware:Adware Program Not disinfected C:\WildMedia.exe[Topicks.reg] 
Adware:Adware Program Not disinfected C:\WildMedia.exe[FileVersions.ini]  
Potentially unwanted tool:Application/Altnet Not disinfected C:\WildMedia.exe[HtCheck2.dll] 
Potentially unwanted tool:Application/Altnet Not disinfected C:\WildMedia.exe[Idhost.exe] 
Virus:Trj/Downloader.gen Disinfected C:\WildMedia.exe[IdInst.exe] 
Adware:Adware/ILookup Not disinfected C:\WINDOWS\system32\windec33.dll


----------



## Byteman (Jan 24, 2002)

Hi, 
Not looking very good- are you prepared in case things go bad, that's a lot of stuff to remove...

Post this log:

*Open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. After you click the "Save List" button, you will be asked where to save the file. Pick a place to save it then the list should open in notepad. Copy and paste that list to a reply.*

Next: We need a temp file cleanup first apparently. Remember, removing *Cookies* will remove the automatic
login at sites you use that require signing in, our site is one that does....so, make sure you know all your login usernames and pass
words, then it is safe to remove ALL Cookies, (I reccommend you do).

* Check for updates for AVG Antispyware first and update it.*

Try this for PurityScan removal>



Cheeseball81 said:


> Click *Start - Control Panel - Add/Remove Programs*
> In the list of installed software, look for *PuritySCAN By OIN*, *Cowabanga*, *OuterInfo*, *OIN* or similar as well as Market Browser, 180 Solutions, AWS (WeatherBug)
> If you find it:
> Click on it and click *Remove*.
> ...


Download   ATFCleaner 

by Atribune & save it to your desktop. DO NOT use it yet. We will use it in *Safe Mode, later *

* Restart your computer into safe mode now.To get into the Windows 2000 / XP Safe mode, as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu" 
Use your arrow keys to move to "Safe Mode" and press your Enter key.

Next, start up ATFCleaner:


Double-click *ATF-Cleaner.exe* to run the program.
Under *Main* choose: *Select All*
Click the *Empty Selected* button.
If you use Firefox browser
Click *Firefox* at the top and choose: *Select All*
Click the *Empty Selected* button.
*NOTE:* If you would like to keep your saved passwords, please click *No* at the prompt.
If you use Opera browser
Click *Opera* at the top and choose: *Select All*
Click the *Empty Selected* button.
*NOTE:* If you would like to keep your saved passwords, please click *No* at the prompt.
Click *Exit* on the Main menu to close the program.

Run AVG Antispyware again, check the settings and steps to save the log correctly, so you don't hit the wrong thing.

We need these logs, when you have finished the above> AVG Antispyware, Uninstall list from HJT, and a new HJT log, made after you have done the ATFCleaner, and AVG.


----------



## USMCBUCK10 (Jan 21, 2007)

After I open HJT and go to save file, HJT closes.


----------



## Byteman (Jan 24, 2002)

Download a new copy

*Click here* to download *HJTsetup.exe*
Save Hijackthis.exe to your desktop.

Tell me if you were able to run AVG etc


----------



## USMCBUCK10 (Jan 21, 2007)

I downloaded it again went to "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button and it closed again.


----------



## Byteman (Jan 24, 2002)

Hi, Guess we will skip that Uninstall list then....continue on with what I posted as for running AVG and posting the log


----------



## USMCBUCK10 (Jan 21, 2007)

Do i run AVG in safe mode again?


----------



## Byteman (Jan 24, 2002)

Hi, Yes, that would be good to do, make sure you dont hit that button again, post the log if you scanned already
for a second time...

I have seen just one from AVG....need to confirm that it is quarantining items. 

Hijackthis may give us a log in Safe Mode, too, try again.


----------



## USMCBUCK10 (Jan 21, 2007)

Here is the new AVG Scan.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at:	1:26:11 AM 1/23/2007

+ Scan result:

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP954\A0467416.dll -> Adware.BargainBuddy : Cleaned.
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP954\A0467414.exe -> Adware.BlazeFind : Cleaned.
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP954\A0467415.exe -> Adware.IEDriver : Cleaned.
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP954\A0467407.exe -> Adware.IeSearchBar : Cleaned.
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP954\A0467406.exe -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP954\A0467408.exe -> Adware.P2PNet : Cleaned.
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP954\A0467409.exe -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP954\A0467410.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP954\A0467411.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP954\A0467412.exe -> Adware.SpywareRem : Cleaned.
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP954\A0467413.exe -> Adware.WebHancer : Cleaned.
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP954\A0467404.exe -> Downloader.Agent.adz : Cleaned.
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP954\A0467403.dll -> Downloader.Agent.bc : Cleaned.
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP954\A0467402.exe -> Downloader.Keenval.f : Cleaned.
C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc144.txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc35.txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc83.txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc84.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc30.txt -> TrackingCookie.Adrevolver : Cleaned.
C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc33.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc38.txt -> TrackingCookie.Atdmt : Cleaned.
C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc45.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt -> TrackingCookie.Com : Cleaned.
C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc49.txt -> TrackingCookie.Coremetrics : Cleaned.
C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc48.txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc58.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc63.txt -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc61.txt -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc68.txt -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc79.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt -> TrackingCookie.Onestat : Cleaned.
C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc104.txt -> TrackingCookie.Onestat : Cleaned.
C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc92.txt -> TrackingCookie.Overture : Cleaned.
C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc95.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc60.txt -> TrackingCookie.Ru4 : Cleaned.
C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc27.txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc109.txt -> TrackingCookie.Tacoda : Cleaned.
C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc111.txt -> TrackingCookie.Trafficmp : Cleaned.
C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc112.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc106.txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc26.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc143.txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP954\A0467405.dll -> Trojan.Mezzia : Cleaned.

::Report end


----------



## USMCBUCK10 (Jan 21, 2007)

Here is the new HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 1:29:27 AM, on 1/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\6.bin\MWSSRCAS.DLL
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: The College Toolbar - {50EC13F9-D1F6-4012-A076-F73088D8241C} - C:\Program Files\The College Toolbar\collegetoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Ejfb] C:\documents and settings\owner\local settings\temp\Ejfb.exe
O4 - HKLM\..\Run: [2P6WFAX43ZHE7C] C:\WINDOWS\System32\NjpM9X44.exe
O4 - HKLM\..\Run: [tF3P3pR] mcadss.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1106867256\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [rDM] C:\windows\system32\rDM.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1106867256\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe"
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
O4 - HKLM\..\Run: [{4858F78A-09DC-1033-1011-020409020001}] "C:\Program Files\Common Files\{4858F78A-09DC-1033-1011-020409020001}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvzox.dll,startup
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\skvjhtig.dll",setvm
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [cosFRfdFl] mdatoenr.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSYYYYYYYYUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - 
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://ezgreets.aavalue.com/EZG/Toolbar/EZG-toolbar.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://aolsvc.aol.com/onlinegames/trydinerdash2/DinerDash2.1.0.0.67.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://online.invokesolutions.com/events/bin/media/5.1.2.1427-3.0.0.7207/MILive.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.93.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/pcastropop/popcaploader_v7.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\ipxpromn1053p.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


----------



## Cookiegal (Aug 27, 2003)

Byteman is not feeling well so let's send him to bed for some rest. Feel better soon B.  


You have a real smorgasbord of infection there.  


Smitfraud should recognize some of it and I suspect you didn't unzip it to the proper location. I can't figure out why you have a TEMP folder in Documents & Settings and then your Desktop is in a TEMP folder? That doesn't make sense. 

In any event, SmitfraudFix needs to be run from the Desktop so remove the one you have and then redownload it and be sure it goes to its own folder on your desktop. Then run option 1 again and post the log please.


----------



## Byteman (Jan 24, 2002)

Hi, Cookiegal- thanks for being here for us- I know you will clear this
mess up with ease. 

USMCBuck10- follow Cookie's advice.


----------



## Cookiegal (Aug 27, 2003)

Byteman said:


> Hi, Cookiegal- thanks for being here for us- I know you will clear this
> mess up with ease.
> 
> USMCBuck10- follow Cookie's advice.


You're welcome. I'll do my best.


----------



## USMCBUCK10 (Jan 21, 2007)

Here is the new Smithfraud log.

SmitFraudFix v2.133

Scan done at 13:41:44.53, Tue 01/23/2007
Run from C:\Documents and Settings\TEMP\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\TEMP

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\TEMP\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\TEMP\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\WINDOWS\\System32\\ipxpromn1053p.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End


----------



## Cookiegal (Aug 27, 2003)

OK, then I gather that your "use name" is TEMP.

Download *SDFix* and save it to your Desktop.

Double click *SDFix.exe* and it will extract the files to %systemdrive% 
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in *Safe Mode* by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually
Instead of Windows loading as normal, the Advanced Options Menu should appear
Select the first option, to run Windows in Safe Mode, then press *Enter*
Choose your usual account.

Open the extracted SDFix folder and double click *RunThis.bat* to start the script. 
Type *Y* to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to reboot. 
Press any Key and it will restart the PC. 
When the PC restarts the Fixtool will run again and complete the removal process then display *Finished*, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as *Report.txt* 
(Report.txt will also be copied to the clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log


----------



## USMCBUCK10 (Jan 21, 2007)

SDFix: Version 1.62

Tue 01/23/2007 - 17:15:24.34

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
COM+ Messages

Path:
"C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272

COM+ Messages Deleted

Restoring Windows Registry Entries
Restoring Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Files will be copied to Backups folder and removed:

C:\WINDOWS\system32\unsvchosts.lzma - Deleted
C:\WINDOWS\Temp\removalfile.bat - Deleted
C:\WINDOWS\Temp\win1.tmp - Deleted
C:\WINDOWS\Temp\win10.tmp - Deleted
C:\WINDOWS\Temp\win100.tmp - Deleted
C:\WINDOWS\Temp\win101.tmp - Deleted
C:\WINDOWS\Temp\win102.tmp - Deleted
C:\WINDOWS\Temp\win103.tmp - Deleted
C:\WINDOWS\Temp\win104.tmp - Deleted
C:\WINDOWS\Temp\win105.tmp - Deleted
C:\WINDOWS\Temp\win106.tmp - Deleted
C:\WINDOWS\Temp\win107.tmp - Deleted
C:\WINDOWS\Temp\win108.tmp - Deleted
C:\WINDOWS\Temp\win109.tmp - Deleted
C:\WINDOWS\Temp\win10A.tmp - Deleted
C:\WINDOWS\Temp\win10B.tmp - Deleted
C:\WINDOWS\Temp\win10C.tmp - Deleted
C:\WINDOWS\Temp\win10D.tmp - Deleted
C:\WINDOWS\Temp\win10E.tmp - Deleted
C:\WINDOWS\Temp\win10F.tmp - Deleted
C:\WINDOWS\Temp\win11.tmp - Deleted
C:\WINDOWS\Temp\win110.tmp - Deleted
C:\WINDOWS\Temp\win111.tmp - Deleted
C:\WINDOWS\Temp\win112.tmp - Deleted
C:\WINDOWS\Temp\win113.tmp - Deleted
C:\WINDOWS\Temp\win114.tmp - Deleted
C:\WINDOWS\Temp\win115.tmp - Deleted
C:\WINDOWS\Temp\win116.tmp - Deleted
C:\WINDOWS\Temp\win117.tmp - Deleted
C:\WINDOWS\Temp\win118.tmp - Deleted
C:\WINDOWS\Temp\win119.tmp - Deleted
C:\WINDOWS\Temp\win11A.tmp - Deleted
C:\WINDOWS\Temp\win11B.tmp - Deleted
C:\WINDOWS\Temp\win11C.tmp - Deleted
C:\WINDOWS\Temp\win11D.tmp - Deleted
C:\WINDOWS\Temp\win11E.tmp - Deleted
C:\WINDOWS\Temp\win11F.tmp - Deleted
C:\WINDOWS\Temp\win12.tmp - Deleted
C:\WINDOWS\Temp\win120.tmp - Deleted
C:\WINDOWS\Temp\win121.tmp - Deleted
C:\WINDOWS\Temp\win122.tmp - Deleted
C:\WINDOWS\Temp\win123.tmp - Deleted
C:\WINDOWS\Temp\win124.tmp - Deleted
C:\WINDOWS\Temp\win125.tmp - Deleted
C:\WINDOWS\Temp\win126.tmp - Deleted
C:\WINDOWS\Temp\win127.tmp - Deleted
C:\WINDOWS\Temp\win128.tmp - Deleted
C:\WINDOWS\Temp\win129.tmp - Deleted
C:\WINDOWS\Temp\win12A.tmp - Deleted
C:\WINDOWS\Temp\win12B.tmp - Deleted
C:\WINDOWS\Temp\win12C.tmp - Deleted
C:\WINDOWS\Temp\win12D.tmp - Deleted
C:\WINDOWS\Temp\win12E.tmp - Deleted
C:\WINDOWS\Temp\win12F.tmp - Deleted
C:\WINDOWS\Temp\win13.tmp - Deleted
C:\WINDOWS\Temp\win130.tmp - Deleted
C:\WINDOWS\Temp\win131.tmp - Deleted
C:\WINDOWS\Temp\win132.tmp - Deleted
C:\WINDOWS\Temp\win133.tmp - Deleted
C:\WINDOWS\Temp\win134.tmp - Deleted
C:\WINDOWS\Temp\win135.tmp - Deleted
C:\WINDOWS\Temp\win136.tmp - Deleted
C:\WINDOWS\Temp\win137.tmp - Deleted
C:\WINDOWS\Temp\win138.tmp - Deleted
C:\WINDOWS\Temp\win139.tmp - Deleted
C:\WINDOWS\Temp\win13A.tmp - Deleted
C:\WINDOWS\Temp\win13B.tmp - Deleted
C:\WINDOWS\Temp\win13C.tmp - Deleted
C:\WINDOWS\Temp\win13D.tmp - Deleted
C:\WINDOWS\Temp\win13E.tmp - Deleted
C:\WINDOWS\Temp\win13F.tmp - Deleted
C:\WINDOWS\Temp\win14.tmp - Deleted
C:\WINDOWS\Temp\win140.tmp - Deleted
C:\WINDOWS\Temp\win141.tmp - Deleted
C:\WINDOWS\Temp\win142.tmp - Deleted
C:\WINDOWS\Temp\win143.tmp - Deleted
C:\WINDOWS\Temp\win144.tmp - Deleted
C:\WINDOWS\Temp\win145.tmp - Deleted
C:\WINDOWS\Temp\win146.tmp - Deleted
C:\WINDOWS\Temp\win147.tmp - Deleted
C:\WINDOWS\Temp\win148.tmp - Deleted
C:\WINDOWS\Temp\win149.tmp - Deleted
C:\WINDOWS\Temp\win14A.tmp - Deleted
C:\WINDOWS\Temp\win14B.tmp - Deleted
C:\WINDOWS\Temp\win14C.tmp - Deleted
C:\WINDOWS\Temp\win14D.tmp - Deleted
C:\WINDOWS\Temp\win14E.tmp - Deleted
C:\WINDOWS\Temp\win14F.tmp - Deleted
C:\WINDOWS\Temp\win15.tmp - Deleted
C:\WINDOWS\Temp\win150.tmp - Deleted
C:\WINDOWS\Temp\win151.tmp - Deleted
C:\WINDOWS\Temp\win152.tmp - Deleted
C:\WINDOWS\Temp\win153.tmp - Deleted
C:\WINDOWS\Temp\win154.tmp - Deleted
C:\WINDOWS\Temp\win155.tmp - Deleted
C:\WINDOWS\Temp\win156.tmp - Deleted
C:\WINDOWS\Temp\win157.tmp - Deleted
C:\WINDOWS\Temp\win158.tmp - Deleted
C:\WINDOWS\Temp\win159.tmp - Deleted
C:\WINDOWS\Temp\win15A.tmp - Deleted
C:\WINDOWS\Temp\win15B.tmp - Deleted
C:\WINDOWS\Temp\win15C.tmp - Deleted
C:\WINDOWS\Temp\win15D.tmp - Deleted
C:\WINDOWS\Temp\win15E.tmp - Deleted
C:\WINDOWS\Temp\win15F.tmp - Deleted
C:\WINDOWS\Temp\win16.tmp - Deleted
C:\WINDOWS\Temp\win160.tmp - Deleted
C:\WINDOWS\Temp\win161.tmp - Deleted
C:\WINDOWS\Temp\win162.tmp - Deleted
C:\WINDOWS\Temp\win163.tmp - Deleted
C:\WINDOWS\Temp\win164.tmp - Deleted
C:\WINDOWS\Temp\win165.tmp - Deleted
C:\WINDOWS\Temp\win166.tmp - Deleted
C:\WINDOWS\Temp\win167.tmp - Deleted
C:\WINDOWS\Temp\win168.tmp - Deleted
C:\WINDOWS\Temp\win169.tmp - Deleted
C:\WINDOWS\Temp\win16A.tmp - Deleted
C:\WINDOWS\Temp\win16B.tmp - Deleted
C:\WINDOWS\Temp\win16C.tmp - Deleted
C:\WINDOWS\Temp\win16D.tmp - Deleted
C:\WINDOWS\Temp\win16E.tmp - Deleted
C:\WINDOWS\Temp\win16F.tmp - Deleted
C:\WINDOWS\Temp\win17.tmp - Deleted
C:\WINDOWS\Temp\win170.tmp - Deleted
C:\WINDOWS\Temp\win171.tmp - Deleted
C:\WINDOWS\Temp\win172.tmp - Deleted
C:\WINDOWS\Temp\win173.tmp - Deleted
C:\WINDOWS\Temp\win174.tmp - Deleted
C:\WINDOWS\Temp\win175.tmp - Deleted
C:\WINDOWS\Temp\win176.tmp - Deleted
C:\WINDOWS\Temp\win177.tmp - Deleted
C:\WINDOWS\Temp\win178.tmp - Deleted
C:\WINDOWS\Temp\win179.tmp - Deleted
C:\WINDOWS\Temp\win17A.tmp - Deleted
C:\WINDOWS\Temp\win17B.tmp - Deleted
C:\WINDOWS\Temp\win17C.tmp - Deleted
C:\WINDOWS\Temp\win17D.tmp - Deleted
C:\WINDOWS\Temp\win17E.tmp - Deleted
C:\WINDOWS\Temp\win17F.tmp - Deleted
C:\WINDOWS\Temp\win18.tmp - Deleted
C:\WINDOWS\Temp\win180.tmp - Deleted
C:\WINDOWS\Temp\win181.tmp - Deleted
C:\WINDOWS\Temp\win182.tmp - Deleted
C:\WINDOWS\Temp\win183.tmp - Deleted
C:\WINDOWS\Temp\win184.tmp - Deleted
C:\WINDOWS\Temp\win185.tmp - Deleted
C:\WINDOWS\Temp\win186.tmp - Deleted
C:\WINDOWS\Temp\win187.tmp - Deleted
C:\WINDOWS\Temp\win188.tmp - Deleted
C:\WINDOWS\Temp\win189.tmp - Deleted
C:\WINDOWS\Temp\win18A.tmp - Deleted
C:\WINDOWS\Temp\win18B.tmp - Deleted
C:\WINDOWS\Temp\win18C.tmp - Deleted
C:\WINDOWS\Temp\win18D.tmp - Deleted
C:\WINDOWS\Temp\win18E.tmp - Deleted
C:\WINDOWS\Temp\win18F.tmp - Deleted
C:\WINDOWS\Temp\win19.tmp - Deleted
C:\WINDOWS\Temp\win190.tmp - Deleted
C:\WINDOWS\Temp\win191.tmp - Deleted
C:\WINDOWS\Temp\win192.tmp - Deleted
C:\WINDOWS\Temp\win193.tmp - Deleted
C:\WINDOWS\Temp\win194.tmp - Deleted
C:\WINDOWS\Temp\win195.tmp - Deleted
C:\WINDOWS\Temp\win196.tmp - Deleted
C:\WINDOWS\Temp\win197.tmp - Deleted
C:\WINDOWS\Temp\win198.tmp - Deleted
C:\WINDOWS\Temp\win199.tmp - Deleted
C:\WINDOWS\Temp\win19A.tmp - Deleted
C:\WINDOWS\Temp\win19B.tmp - Deleted
C:\WINDOWS\Temp\win19C.tmp - Deleted
C:\WINDOWS\Temp\win19D.tmp - Deleted
C:\WINDOWS\Temp\win19E.tmp - Deleted
C:\WINDOWS\Temp\win19F.tmp - Deleted
C:\WINDOWS\Temp\win1A.tmp - Deleted
C:\WINDOWS\Temp\win1A0.tmp - Deleted
C:\WINDOWS\Temp\win1A1.tmp - Deleted
C:\WINDOWS\Temp\win1A2.tmp - Deleted
C:\WINDOWS\Temp\win1A3.tmp - Deleted
C:\WINDOWS\Temp\win1A4.tmp - Deleted
C:\WINDOWS\Temp\win1A5.tmp - Deleted
C:\WINDOWS\Temp\win1A6.tmp - Deleted
C:\WINDOWS\Temp\win1A7.tmp - Deleted
C:\WINDOWS\Temp\win1A8.tmp - Deleted
C:\WINDOWS\Temp\win1A9.tmp - Deleted
C:\WINDOWS\Temp\win1AA.tmp - Deleted
C:\WINDOWS\Temp\win1AB.tmp - Deleted
C:\WINDOWS\Temp\win1AC.tmp - Deleted
C:\WINDOWS\Temp\win1AD.tmp - Deleted
C:\WINDOWS\Temp\win1AE.tmp - Deleted
C:\WINDOWS\Temp\win1AF.tmp - Deleted
C:\WINDOWS\Temp\win1B.tmp - Deleted
C:\WINDOWS\Temp\win1B0.tmp - Deleted
C:\WINDOWS\Temp\win1B1.tmp - Deleted
C:\WINDOWS\Temp\win1B2.tmp - Deleted
C:\WINDOWS\Temp\win1B3.tmp - Deleted
C:\WINDOWS\Temp\win1B4.tmp - Deleted
C:\WINDOWS\Temp\win1B5.tmp - Deleted
C:\WINDOWS\Temp\win1B6.tmp - Deleted
C:\WINDOWS\Temp\win1B7.tmp - Deleted
C:\WINDOWS\Temp\win1B8.tmp - Deleted
C:\WINDOWS\Temp\win1B9.tmp - Deleted
C:\WINDOWS\Temp\win1BA.tmp - Deleted
C:\WINDOWS\Temp\win1BB.tmp - Deleted
C:\WINDOWS\Temp\win1BC.tmp - Deleted
C:\WINDOWS\Temp\win1BD.tmp - Deleted
C:\WINDOWS\Temp\win1BE.tmp - Deleted
C:\WINDOWS\Temp\win1BF.tmp - Deleted
C:\WINDOWS\Temp\win1C.tmp - Deleted
C:\WINDOWS\Temp\win1C0.tmp - Deleted
C:\WINDOWS\Temp\win1C1.tmp - Deleted
C:\WINDOWS\Temp\win1C2.tmp - Deleted
C:\WINDOWS\Temp\win1C3.tmp - Deleted
C:\WINDOWS\Temp\win1C4.tmp - Deleted
C:\WINDOWS\Temp\win1C5.tmp - Deleted
C:\WINDOWS\Temp\win1C6.tmp - Deleted
C:\WINDOWS\Temp\win1C7.tmp - Deleted
C:\WINDOWS\Temp\win1C8.tmp - Deleted
C:\WINDOWS\Temp\win1C9.tmp - Deleted
C:\WINDOWS\Temp\win1CA.tmp - Deleted
C:\WINDOWS\Temp\win1CB.tmp - Deleted
C:\WINDOWS\Temp\win1CC.tmp - Deleted
C:\WINDOWS\Temp\win1CD.tmp - Deleted
C:\WINDOWS\Temp\win1CE.tmp - Deleted
C:\WINDOWS\Temp\win1CF.tmp - Deleted
C:\WINDOWS\Temp\win1D.tmp - Deleted
C:\WINDOWS\Temp\win1D0.tmp - Deleted
C:\WINDOWS\Temp\win1D1.tmp - Deleted
C:\WINDOWS\Temp\win1D2.tmp - Deleted
C:\WINDOWS\Temp\win1D3.tmp - Deleted
C:\WINDOWS\Temp\win1D4.tmp - Deleted
C:\WINDOWS\Temp\win1D5.tmp - Deleted
C:\WINDOWS\Temp\win1D6.tmp - Deleted
C:\WINDOWS\Temp\win1D7.tmp - Deleted
C:\WINDOWS\Temp\win1D8.tmp - Deleted
C:\WINDOWS\Temp\win1D9.tmp - Deleted
C:\WINDOWS\Temp\win1DA.tmp - Deleted
C:\WINDOWS\Temp\win1DB.tmp - Deleted
C:\WINDOWS\Temp\win1DC.tmp - Deleted
C:\WINDOWS\Temp\win1DD.tmp - Deleted
C:\WINDOWS\Temp\win1DE.tmp - Deleted
C:\WINDOWS\Temp\win1DF.tmp - Deleted
C:\WINDOWS\Temp\win1E.tmp - Deleted
C:\WINDOWS\Temp\win1E0.tmp - Deleted
C:\WINDOWS\Temp\win1E1.tmp - Deleted
C:\WINDOWS\Temp\win1E2.tmp - Deleted
C:\WINDOWS\Temp\win1E3.tmp - Deleted
C:\WINDOWS\Temp\win1E4.tmp - Deleted
C:\WINDOWS\Temp\win1E5.tmp - Deleted
C:\WINDOWS\Temp\win1E6.tmp - Deleted
C:\WINDOWS\Temp\win1E7.tmp - Deleted
C:\WINDOWS\Temp\win1E8.tmp - Deleted
C:\WINDOWS\Temp\win1E9.tmp - Deleted
C:\WINDOWS\Temp\win1EA.tmp - Deleted
C:\WINDOWS\Temp\win1EB.tmp - Deleted
C:\WINDOWS\Temp\win1EC.tmp - Deleted
C:\WINDOWS\Temp\win1ED.tmp - Deleted
C:\WINDOWS\Temp\win1EE.tmp - Deleted
C:\WINDOWS\Temp\win1EF.tmp - Deleted
C:\WINDOWS\Temp\win1F.tmp - Deleted
C:\WINDOWS\Temp\win1F0.tmp - Deleted
C:\WINDOWS\Temp\win1F1.tmp - Deleted
C:\WINDOWS\Temp\win1F2.tmp - Deleted
C:\WINDOWS\Temp\win1F3.tmp - Deleted
C:\WINDOWS\Temp\win1F4.tmp - Deleted
C:\WINDOWS\Temp\win1F5.tmp - Deleted
C:\WINDOWS\Temp\win1F6.tmp - Deleted
C:\WINDOWS\Temp\win1F7.tmp - Deleted
C:\WINDOWS\Temp\win1F8.tmp - Deleted
C:\WINDOWS\Temp\win1F9.tmp - Deleted
C:\WINDOWS\Temp\win1FA.tmp - Deleted
C:\WINDOWS\Temp\win1FB.tmp - Deleted
C:\WINDOWS\Temp\win1FC.tmp - Deleted
C:\WINDOWS\Temp\win1FD.tmp - Deleted
C:\WINDOWS\Temp\win1FE.tmp - Deleted
C:\WINDOWS\Temp\win1FF.tmp - Deleted
C:\WINDOWS\Temp\win2.tmp - Deleted
C:\WINDOWS\Temp\win20.tmp - Deleted
C:\WINDOWS\Temp\win200.tmp - Deleted
C:\WINDOWS\Temp\win201.tmp - Deleted
C:\WINDOWS\Temp\win202.tmp - Deleted
C:\WINDOWS\Temp\win203.tmp - Deleted
C:\WINDOWS\Temp\win204.tmp - Deleted
C:\WINDOWS\Temp\win205.tmp - Deleted
C:\WINDOWS\Temp\win206.tmp - Deleted
C:\WINDOWS\Temp\win207.tmp - Deleted
C:\WINDOWS\Temp\win208.tmp - Deleted
C:\WINDOWS\Temp\win209.tmp - Deleted
C:\WINDOWS\Temp\win20A.tmp - Deleted
C:\WINDOWS\Temp\win20B.tmp - Deleted
C:\WINDOWS\Temp\win20C.tmp - Deleted
C:\WINDOWS\Temp\win20D.tmp - Deleted
C:\WINDOWS\Temp\win20E.tmp - Deleted
C:\WINDOWS\Temp\win20F.tmp - Deleted
C:\WINDOWS\Temp\win21.tmp - Deleted
C:\WINDOWS\Temp\win210.tmp - Deleted
C:\WINDOWS\Temp\win211.tmp - Deleted
C:\WINDOWS\Temp\win212.tmp - Deleted
C:\WINDOWS\Temp\win213.tmp - Deleted
C:\WINDOWS\Temp\win214.tmp - Deleted
C:\WINDOWS\Temp\win215.tmp - Deleted
C:\WINDOWS\Temp\win216.tmp - Deleted
C:\WINDOWS\Temp\win217.tmp - Deleted
C:\WINDOWS\Temp\win218.tmp - Deleted
C:\WINDOWS\Temp\win219.tmp - Deleted
C:\WINDOWS\Temp\win21A.tmp - Deleted
C:\WINDOWS\Temp\win21B.tmp - Deleted
C:\WINDOWS\Temp\win21C.tmp - Deleted
C:\WINDOWS\Temp\win21D.tmp - Deleted
C:\WINDOWS\Temp\win21E.tmp - Deleted
C:\WINDOWS\Temp\win21F.tmp - Deleted
C:\WINDOWS\Temp\win22.tmp - Deleted
C:\WINDOWS\Temp\win220.tmp - Deleted
C:\WINDOWS\Temp\win221.tmp - Deleted
C:\WINDOWS\Temp\win222.tmp - Deleted
C:\WINDOWS\Temp\win223.tmp - Deleted
C:\WINDOWS\Temp\win224.tmp - Deleted
C:\WINDOWS\Temp\win225.tmp - Deleted
C:\WINDOWS\Temp\win226.tmp - Deleted
C:\WINDOWS\Temp\win227.tmp - Deleted
C:\WINDOWS\Temp\win228.tmp - Deleted
C:\WINDOWS\Temp\win229.tmp - Deleted
C:\WINDOWS\Temp\win22A.tmp - Deleted
C:\WINDOWS\Temp\win22B.tmp - Deleted
C:\WINDOWS\Temp\win22C.tmp - Deleted
C:\WINDOWS\Temp\win22D.tmp - Deleted
C:\WINDOWS\Temp\win22E.tmp - Deleted
C:\WINDOWS\Temp\win22F.tmp - Deleted
C:\WINDOWS\Temp\win23.tmp - Deleted
C:\WINDOWS\Temp\win230.tmp - Deleted
C:\WINDOWS\Temp\win231.tmp - Deleted
C:\WINDOWS\Temp\win232.tmp - Deleted
C:\WINDOWS\Temp\win233.tmp - Deleted
C:\WINDOWS\Temp\win234.tmp - Deleted
C:\WINDOWS\Temp\win235.tmp - Deleted
C:\WINDOWS\Temp\win236.tmp - Deleted
C:\WINDOWS\Temp\win237.tmp - Deleted
C:\WINDOWS\Temp\win238.tmp - Deleted
C:\WINDOWS\Temp\win239.tmp - Deleted
C:\WINDOWS\Temp\win23A.tmp - Deleted
C:\WINDOWS\Temp\win23B.tmp - Deleted
C:\WINDOWS\Temp\win23C.tmp - Deleted
C:\WINDOWS\Temp\win23D.tmp - Deleted
C:\WINDOWS\Temp\win23E.tmp - Deleted
C:\WINDOWS\Temp\win23F.tmp - Deleted
C:\WINDOWS\Temp\win24.tmp - Deleted
C:\WINDOWS\Temp\win240.tmp - Deleted
C:\WINDOWS\Temp\win241.tmp - Deleted
C:\WINDOWS\Temp\win242.tmp - Deleted
C:\WINDOWS\Temp\win243.tmp - Deleted
C:\WINDOWS\Temp\win244.tmp - Deleted
C:\WINDOWS\Temp\win245.tmp - Deleted
C:\WINDOWS\Temp\win246.tmp - Deleted
C:\WINDOWS\Temp\win247.tmp - Deleted
C:\WINDOWS\Temp\win248.tmp - Deleted
C:\WINDOWS\Temp\win249.tmp - Deleted
C:\WINDOWS\Temp\win24A.tmp - Deleted
C:\WINDOWS\Temp\win24B.tmp - Deleted
C:\WINDOWS\Temp\win24C.tmp - Deleted
C:\WINDOWS\Temp\win24D.tmp - Deleted
C:\WINDOWS\Temp\win24E.tmp - Deleted
C:\WINDOWS\Temp\win24F.tmp - Deleted
C:\WINDOWS\Temp\win25.tmp - Deleted
C:\WINDOWS\Temp\win250.tmp - Deleted
C:\WINDOWS\Temp\win251.tmp - Deleted
C:\WINDOWS\Temp\win252.tmp - Deleted
C:\WINDOWS\Temp\win253.tmp - Deleted
C:\WINDOWS\Temp\win254.tmp - Deleted
C:\WINDOWS\Temp\win255.tmp - Deleted
C:\WINDOWS\Temp\win256.tmp - Deleted
C:\WINDOWS\Temp\win257.tmp - Deleted
C:\WINDOWS\Temp\win258.tmp - Deleted
C:\WINDOWS\Temp\win259.tmp - Deleted
C:\WINDOWS\Temp\win25A.tmp - Deleted
C:\WINDOWS\Temp\win25B.tmp - Deleted
C:\WINDOWS\Temp\win25C.tmp - Deleted
C:\WINDOWS\Temp\win25D.tmp - Deleted
C:\WINDOWS\Temp\win25E.tmp - Deleted
C:\WINDOWS\Temp\win25F.tmp - Deleted
C:\WINDOWS\Temp\win26.tmp - Deleted
C:\WINDOWS\Temp\win260.tmp - Deleted
C:\WINDOWS\Temp\win261.tmp - Deleted
C:\WINDOWS\Temp\win262.tmp - Deleted
C:\WINDOWS\Temp\win263.tmp - Deleted
C:\WINDOWS\Temp\win264.tmp - Deleted
C:\WINDOWS\Temp\win265.tmp - Deleted
C:\WINDOWS\Temp\win266.tmp - Deleted
C:\WINDOWS\Temp\win267.tmp - Deleted
C:\WINDOWS\Temp\win268.tmp - Deleted
C:\WINDOWS\Temp\win269.tmp - Deleted
C:\WINDOWS\Temp\win26A.tmp - Deleted
C:\WINDOWS\Temp\win26B.tmp - Deleted
C:\WINDOWS\Temp\win26C.tmp - Deleted
C:\WINDOWS\Temp\win26D.tmp - Deleted
C:\WINDOWS\Temp\win26E.tmp - Deleted
C:\WINDOWS\Temp\win26F.tmp - Deleted
C:\WINDOWS\Temp\win27.tmp - Deleted
C:\WINDOWS\Temp\win270.tmp - Deleted
C:\WINDOWS\Temp\win271.tmp - Deleted
C:\WINDOWS\Temp\win272.tmp - Deleted
C:\WINDOWS\Temp\win273.tmp - Deleted
C:\WINDOWS\Temp\win274.tmp - Deleted
C:\WINDOWS\Temp\win275.tmp - Deleted
C:\WINDOWS\Temp\win276.tmp - Deleted
C:\WINDOWS\Temp\win277.tmp - Deleted
C:\WINDOWS\Temp\win278.tmp - Deleted
C:\WINDOWS\Temp\win279.tmp - Deleted
C:\WINDOWS\Temp\win27A.tmp - Deleted
C:\WINDOWS\Temp\win27B.tmp - Deleted
C:\WINDOWS\Temp\win27C.tmp - Deleted
C:\WINDOWS\Temp\win27D.tmp - Deleted
C:\WINDOWS\Temp\win27E.tmp - Deleted
C:\WINDOWS\Temp\win27F.tmp - Deleted
C:\WINDOWS\Temp\win28.tmp - Deleted
C:\WINDOWS\Temp\win280.tmp - Deleted
C:\WINDOWS\Temp\win281.tmp - Deleted
C:\WINDOWS\Temp\win282.tmp - Deleted
C:\WINDOWS\Temp\win283.tmp - Deleted
C:\WINDOWS\Temp\win284.tmp - Deleted
C:\WINDOWS\Temp\win285.tmp - Deleted
C:\WINDOWS\Temp\win286.tmp - Deleted
C:\WINDOWS\Temp\win287.tmp - Deleted
C:\WINDOWS\Temp\win288.tmp - Deleted
C:\WINDOWS\Temp\win289.tmp - Deleted
C:\WINDOWS\Temp\win28A.tmp - Deleted
C:\WINDOWS\Temp\win28B.tmp - Deleted
C:\WINDOWS\Temp\win28C.tmp - Deleted
C:\WINDOWS\Temp\win28D.tmp - Deleted
C:\WINDOWS\Temp\win28E.tmp - Deleted
C:\WINDOWS\Temp\win28F.tmp - Deleted
C:\WINDOWS\Temp\win29.tmp - Deleted
C:\WINDOWS\Temp\win290.tmp - Deleted
C:\WINDOWS\Temp\win291.tmp - Deleted
C:\WINDOWS\Temp\win292.tmp - Deleted
C:\WINDOWS\Temp\win293.tmp - Deleted
C:\WINDOWS\Temp\win294.tmp - Deleted
C:\WINDOWS\Temp\win295.tmp - Deleted
C:\WINDOWS\Temp\win296.tmp - Deleted
C:\WINDOWS\Temp\win297.tmp - Deleted
C:\WINDOWS\Temp\win298.tmp - Deleted
C:\WINDOWS\Temp\win299.tmp - Deleted
C:\WINDOWS\Temp\win29A.tmp - Deleted
C:\WINDOWS\Temp\win29B.tmp - Deleted
C:\WINDOWS\Temp\win29C.tmp - Deleted
C:\WINDOWS\Temp\win29D.tmp - Deleted
C:\WINDOWS\Temp\win29E.tmp - Deleted
C:\WINDOWS\Temp\win29F.tmp - Deleted
C:\WINDOWS\Temp\win2A.tmp - Deleted
C:\WINDOWS\Temp\win2A0.tmp - Deleted
C:\WINDOWS\Temp\win2A1.tmp - Deleted
C:\WINDOWS\Temp\win2A2.tmp - Deleted
C:\WINDOWS\Temp\win2A3.tmp - Deleted
C:\WINDOWS\Temp\win2A4.tmp - Deleted
C:\WINDOWS\Temp\win2A5.tmp - Deleted
C:\WINDOWS\Temp\win2A6.tmp - Deleted
C:\WINDOWS\Temp\win2A7.tmp - Deleted
C:\WINDOWS\Temp\win2A8.tmp - Deleted
C:\WINDOWS\Temp\win2A9.tmp - Deleted
C:\WINDOWS\Temp\win2AA.tmp - Deleted
C:\WINDOWS\Temp\win2AB.tmp - Deleted
C:\WINDOWS\Temp\win2AC.tmp - Deleted
C:\WINDOWS\Temp\win2AD.tmp - Deleted
C:\WINDOWS\Temp\win2AE.tmp - Deleted
C:\WINDOWS\Temp\win2AF.tmp - Deleted
C:\WINDOWS\Temp\win2B.tmp - Deleted
C:\WINDOWS\Temp\win2B0.tmp - Deleted
C:\WINDOWS\Temp\win2B1.tmp - Deleted
C:\WINDOWS\Temp\win2B2.tmp - Deleted
C:\WINDOWS\Temp\win2B3.tmp - Deleted
C:\WINDOWS\Temp\win2B4.tmp - Deleted
C:\WINDOWS\Temp\win2B5.tmp - Deleted
C:\WINDOWS\Temp\win2B6.tmp - Deleted
C:\WINDOWS\Temp\win2B7.tmp - Deleted
C:\WINDOWS\Temp\win2B8.tmp - Deleted
C:\WINDOWS\Temp\win2B9.tmp - Deleted
C:\WINDOWS\Temp\win2BA.tmp - Deleted
C:\WINDOWS\Temp\win2BB.tmp - Deleted
C:\WINDOWS\Temp\win2BC.tmp - Deleted
C:\WINDOWS\Temp\win2BD.tmp - Deleted
C:\WINDOWS\Temp\win2BE.tmp - Deleted
C:\WINDOWS\Temp\win2BF.tmp - Deleted
C:\WINDOWS\Temp\win2C.tmp - Deleted
C:\WINDOWS\Temp\win2C0.tmp - Deleted
C:\WINDOWS\Temp\win2C1.tmp - Deleted
C:\WINDOWS\Temp\win2C2.tmp - Deleted
C:\WINDOWS\Temp\win2C3.tmp - Deleted
C:\WINDOWS\Temp\win2C4.tmp - Deleted
C:\WINDOWS\Temp\win2C5.tmp - Deleted
C:\WINDOWS\Temp\win2C6.tmp - Deleted
C:\WINDOWS\Temp\win2C7.tmp - Deleted
C:\WINDOWS\Temp\win2C8.tmp - Deleted
C:\WINDOWS\Temp\win2C9.tmp - Deleted
C:\WINDOWS\Temp\win2CA.tmp - Deleted
C:\WINDOWS\Temp\win2CB.tmp - Deleted
C:\WINDOWS\Temp\win2CC.tmp - Deleted
C:\WINDOWS\Temp\win2CD.tmp - Deleted
C:\WINDOWS\Temp\win2CE.tmp - Deleted
C:\WINDOWS\Temp\win2CF.tmp - Deleted
C:\WINDOWS\Temp\win2D.tmp - Deleted
C:\WINDOWS\Temp\win2D0.tmp - Deleted
C:\WINDOWS\Temp\win2D1.tmp - Deleted
C:\WINDOWS\Temp\win2D2.tmp - Deleted
C:\WINDOWS\Temp\win2D3.tmp - Deleted
C:\WINDOWS\Temp\win2D4.tmp - Deleted
C:\WINDOWS\Temp\win2D5.tmp - Deleted
C:\WINDOWS\Temp\win2D6.tmp - Deleted
C:\WINDOWS\Temp\win2D7.tmp - Deleted
C:\WINDOWS\Temp\win2D8.tmp - Deleted
C:\WINDOWS\Temp\win2D9.tmp - Deleted
C:\WINDOWS\Temp\win2DA.tmp - Deleted
C:\WINDOWS\Temp\win2DB.tmp - Deleted
C:\WINDOWS\Temp\win2DC.tmp - Deleted
C:\WINDOWS\Temp\win2DD.tmp - Deleted
C:\WINDOWS\Temp\win2DE.tmp - Deleted
C:\WINDOWS\Temp\win2DF.tmp - Deleted
C:\WINDOWS\Temp\win2E.tmp - Deleted
C:\WINDOWS\Temp\win2E0.tmp - Deleted
C:\WINDOWS\Temp\win2E1.tmp - Deleted
C:\WINDOWS\Temp\win2E2.tmp - Deleted
C:\WINDOWS\Temp\win2E3.tmp - Deleted
C:\WINDOWS\Temp\win2E4.tmp - Deleted
C:\WINDOWS\Temp\win2E5.tmp - Deleted
C:\WINDOWS\Temp\win2E6.tmp - Deleted
C:\WINDOWS\Temp\win2E7.tmp - Deleted
C:\WINDOWS\Temp\win2E8.tmp - Deleted
C:\WINDOWS\Temp\win2E9.tmp - Deleted
C:\WINDOWS\Temp\win2EA.tmp - Deleted
C:\WINDOWS\Temp\win2EB.tmp - Deleted
C:\WINDOWS\Temp\win2EC.tmp - Deleted
C:\WINDOWS\Temp\win2ED.tmp - Deleted
C:\WINDOWS\Temp\win2EE.tmp - Deleted
C:\WINDOWS\Temp\win2EF.tmp - Deleted
C:\WINDOWS\Temp\win2F.tmp - Deleted
C:\WINDOWS\Temp\win2F0.tmp - Deleted
C:\WINDOWS\Temp\win2F1.tmp - Deleted
C:\WINDOWS\Temp\win2F2.tmp - Deleted
C:\WINDOWS\Temp\win2F3.tmp - Deleted
C:\WINDOWS\Temp\win2F4.tmp - Deleted
C:\WINDOWS\Temp\win2F5.tmp - Deleted
C:\WINDOWS\Temp\win2F6.tmp - Deleted
C:\WINDOWS\Temp\win2F7.tmp - Deleted
C:\WINDOWS\Temp\win2F8.tmp - Deleted
C:\WINDOWS\Temp\win2F9.tmp - Deleted
C:\WINDOWS\Temp\win2FA.tmp - Deleted
C:\WINDOWS\Temp\win2FB.tmp - Deleted
C:\WINDOWS\Temp\win2FC.tmp - Deleted
C:\WINDOWS\Temp\win2FD.tmp - Deleted
C:\WINDOWS\Temp\win2FE.tmp - Deleted
C:\WINDOWS\Temp\win2FF.tmp - Deleted
C:\WINDOWS\Temp\win3.tmp - Deleted
C:\WINDOWS\Temp\win30.tmp - Deleted
C:\WINDOWS\Temp\win300.tmp - Deleted
C:\WINDOWS\Temp\win301.tmp - Deleted
C:\WINDOWS\Temp\win302.tmp - Deleted
C:\WINDOWS\Temp\win303.tmp - Deleted
C:\WINDOWS\Temp\win304.tmp - Deleted
C:\WINDOWS\Temp\win305.tmp - Deleted
C:\WINDOWS\Temp\win306.tmp - Deleted
C:\WINDOWS\Temp\win307.tmp - Deleted
C:\WINDOWS\Temp\win308.tmp - Deleted
C:\WINDOWS\Temp\win309.tmp - Deleted
C:\WINDOWS\Temp\win30A.tmp - Deleted
C:\WINDOWS\Temp\win30B.tmp - Deleted
C:\WINDOWS\Temp\win30C.tmp - Deleted
C:\WINDOWS\Temp\win30D.tmp - Deleted
C:\WINDOWS\Temp\win30E.tmp - Deleted
C:\WINDOWS\Temp\win30F.tmp - Deleted
C:\WINDOWS\Temp\win31.tmp - Deleted
C:\WINDOWS\Temp\win310.tmp - Deleted
C:\WINDOWS\Temp\win311.tmp - Deleted
C:\WINDOWS\Temp\win312.tmp - Deleted
C:\WINDOWS\Temp\win313.tmp - Deleted
C:\WINDOWS\Temp\win314.tmp - Deleted
C:\WINDOWS\Temp\win315.tmp - Deleted
C:\WINDOWS\Temp\win316.tmp - Deleted
C:\WINDOWS\Temp\win317.tmp - Deleted
C:\WINDOWS\Temp\win318.tmp - Deleted
C:\WINDOWS\Temp\win319.tmp - Deleted
C:\WINDOWS\Temp\win31A.tmp - Deleted
C:\WINDOWS\Temp\win31B.tmp - Deleted
C:\WINDOWS\Temp\win31C.tmp - Deleted
C:\WINDOWS\Temp\win31D.tmp - Deleted
C:\WINDOWS\Temp\win31E.tmp - Deleted
C:\WINDOWS\Temp\win31F.tmp - Deleted
C:\WINDOWS\Temp\win32.tmp - Deleted
C:\WINDOWS\Temp\win320.tmp - Deleted
C:\WINDOWS\Temp\win321.tmp - Deleted
C:\WINDOWS\Temp\win322.tmp - Deleted
C:\WINDOWS\Temp\win323.tmp - Deleted
C:\WINDOWS\Temp\win324.tmp - Deleted
C:\WINDOWS\Temp\win325.tmp - Deleted
C:\WINDOWS\Temp\win326.tmp - Deleted
C:\WINDOWS\Temp\win327.tmp - Deleted
C:\WINDOWS\Temp\win328.tmp - Deleted
C:\WINDOWS\Temp\win329.tmp - Deleted
C:\WINDOWS\Temp\win32A.tmp - Deleted
C:\WINDOWS\Temp\win32B.tmp - Deleted
C:\WINDOWS\Temp\win32C.tmp - Deleted
C:\WINDOWS\Temp\win32D.tmp - Deleted
C:\WINDOWS\Temp\win32E.tmp - Deleted
C:\WINDOWS\Temp\win32F.tmp - Deleted
C:\WINDOWS\Temp\win33.tmp - Deleted
C:\WINDOWS\Temp\win330.tmp - Deleted
C:\WINDOWS\Temp\win331.tmp - Deleted
C:\WINDOWS\Temp\win332.tmp - Deleted
C:\WINDOWS\Temp\win333.tmp - Deleted
C:\WINDOWS\Temp\win334.tmp - Deleted
C:\WINDOWS\Temp\win335.tmp - Deleted
C:\WINDOWS\Temp\win336.tmp - Deleted
C:\WINDOWS\Temp\win337.tmp - Deleted
C:\WINDOWS\Temp\win338.tmp - Deleted
C:\WINDOWS\Temp\win339.tmp - Deleted
C:\WINDOWS\Temp\win33A.tmp - Deleted
C:\WINDOWS\Temp\win33B.tmp - Deleted
C:\WINDOWS\Temp\win33C.tmp - Deleted
C:\WINDOWS\Temp\win33D.tmp - Deleted
C:\WINDOWS\Temp\win33E.tmp - Deleted
C:\WINDOWS\Temp\win33F.tmp - Deleted
C:\WINDOWS\Temp\win34.tmp - Deleted
C:\WINDOWS\Temp\win340.tmp - Deleted
C:\WINDOWS\Temp\win341.tmp - Deleted
C:\WINDOWS\Temp\win342.tmp - Deleted
C:\WINDOWS\Temp\win343.tmp - Deleted
C:\WINDOWS\Temp\win344.tmp - Deleted
C:\WINDOWS\Temp\win345.tmp - Deleted
C:\WINDOWS\Temp\win346.tmp - Deleted
C:\WINDOWS\Temp\win347.tmp - Deleted
C:\WINDOWS\Temp\win348.tmp - Deleted
C:\WINDOWS\Temp\win349.tmp - Deleted
C:\WINDOWS\Temp\win34A.tmp - Deleted
C:\WINDOWS\Temp\win34B.tmp - Deleted
C:\WINDOWS\Temp\win34C.tmp - Deleted
C:\WINDOWS\Temp\win34D.tmp - Deleted
C:\WINDOWS\Temp\win34E.tmp - Deleted
C:\WINDOWS\Temp\win34F.tmp - Deleted
C:\WINDOWS\Temp\win35.tmp - Deleted
C:\WINDOWS\Temp\win350.tmp - Deleted
C:\WINDOWS\Temp\win351.tmp - Deleted
C:\WINDOWS\Temp\win352.tmp - Deleted
C:\WINDOWS\Temp\win353.tmp - Deleted
C:\WINDOWS\Temp\win354.tmp - Deleted
C:\WINDOWS\Temp\win355.tmp - Deleted
C:\WINDOWS\Temp\win356.tmp - Deleted
C:\WINDOWS\Temp\win357.tmp - Deleted
C:\WINDOWS\Temp\win358.tmp - Deleted
C:\WINDOWS\Temp\win359.tmp - Deleted
C:\WINDOWS\Temp\win35A.tmp - Deleted
C:\WINDOWS\Temp\win35B.tmp - Deleted
C:\WINDOWS\Temp\win35C.tmp - Deleted
C:\WINDOWS\Temp\win35D.tmp - Deleted
C:\WINDOWS\Temp\win35E.tmp - Deleted
C:\WINDOWS\Temp\win35F.tmp - Deleted
C:\WINDOWS\Temp\win36.tmp - Deleted
C:\WINDOWS\Temp\win360.tmp - Deleted
C:\WINDOWS\Temp\win361.tmp - Deleted
C:\WINDOWS\Temp\win362.tmp - Deleted
C:\WINDOWS\Temp\win363.tmp - Deleted
C:\WINDOWS\Temp\win364.tmp - Deleted
C:\WINDOWS\Temp\win365.tmp - Deleted
C:\WINDOWS\Temp\win366.tmp - Deleted
C:\WINDOWS\Temp\win367.tmp - Deleted
C:\WINDOWS\Temp\win368.tmp - Deleted
C:\WINDOWS\Temp\win369.tmp - Deleted
C:\WINDOWS\Temp\win36A.tmp - Deleted
C:\WINDOWS\Temp\win36B.tmp - Deleted
C:\WINDOWS\Temp\win36C.tmp - Deleted
C:\WINDOWS\Temp\win36D.tmp - Deleted
C:\WINDOWS\Temp\win36E.tmp - Deleted
C:\WINDOWS\Temp\win36F.tmp - Deleted
C:\WINDOWS\Temp\win37.tmp - Deleted
C:\WINDOWS\Temp\win370.tmp - Deleted
C:\WINDOWS\Temp\win371.tmp - Deleted
C:\WINDOWS\Temp\win372.tmp - Deleted
C:\WINDOWS\Temp\win373.tmp - Deleted
C:\WINDOWS\Temp\win374.tmp - Deleted
C:\WINDOWS\Temp\win375.tmp - Deleted
C:\WINDOWS\Temp\win376.tmp - Deleted
C:\WINDOWS\Temp\win377.tmp - Deleted
C:\WINDOWS\Temp\win378.tmp - Deleted
C:\WINDOWS\Temp\win379.tmp - Deleted
C:\WINDOWS\Temp\win37A.tmp - Deleted
C:\WINDOWS\Temp\win37B.tmp - Deleted
C:\WINDOWS\Temp\win37C.tmp - Deleted
C:\WINDOWS\Temp\win37D.tmp - Deleted
C:\WINDOWS\Temp\win37E.tmp - Deleted
C:\WINDOWS\Temp\win37F.tmp - Deleted
C:\WINDOWS\Temp\win38.tmp - Deleted
C:\WINDOWS\Temp\win380.tmp - Deleted
C:\WINDOWS\Temp\win381.tmp - Deleted
C:\WINDOWS\Temp\win382.tmp - Deleted
C:\WINDOWS\Temp\win383.tmp - Deleted
C:\WINDOWS\Temp\win384.tmp - Deleted
C:\WINDOWS\Temp\win385.tmp - Deleted
C:\WINDOWS\Temp\win386.tmp - Deleted
C:\WINDOWS\Temp\win387.tmp - Deleted
C:\WINDOWS\Temp\win388.tmp - Deleted
C:\WINDOWS\Temp\win389.tmp - Deleted
C:\WINDOWS\Temp\win38A.tmp - Deleted
C:\WINDOWS\Temp\win38B.tmp - Deleted
C:\WINDOWS\Temp\win38C.tmp - Deleted
C:\WINDOWS\Temp\win38D.tmp - Deleted
C:\WINDOWS\Temp\win38E.tmp - Deleted
C:\WINDOWS\Temp\win38F.tmp - Deleted
C:\WINDOWS\Temp\win39.tmp - Deleted
C:\WINDOWS\Temp\win390.tmp - Deleted
C:\WINDOWS\Temp\win391.tmp - Deleted
C:\WINDOWS\Temp\win392.tmp - Deleted
C:\WINDOWS\Temp\win393.tmp - Deleted
C:\WINDOWS\Temp\win394.tmp - Deleted
C:\WINDOWS\Temp\win395.tmp - Deleted
C:\WINDOWS\Temp\win396.tmp - Deleted
C:\WINDOWS\Temp\win397.tmp - Deleted
C:\WINDOWS\Temp\win398.tmp - Deleted
C:\WINDOWS\Temp\win399.tmp - Deleted
C:\WINDOWS\Temp\win39A.tmp - Deleted
C:\WINDOWS\Temp\win39B.tmp - Deleted
C:\WINDOWS\Temp\win39C.tmp - Deleted
C:\WINDOWS\Temp\win39D.tmp - Deleted
C:\WINDOWS\Temp\win39E.tmp - Deleted
C:\WINDOWS\Temp\win39F.tmp - Deleted
C:\WINDOWS\Temp\win3A.tmp - Deleted
C:\WINDOWS\Temp\win3A0.tmp - Deleted
C:\WINDOWS\Temp\win3A1.tmp - Deleted
C:\WINDOWS\Temp\win3A2.tmp - Deleted
C:\WINDOWS\Temp\win3A3.tmp - Deleted
C:\WINDOWS\Temp\win3A4.tmp - Deleted
C:\WINDOWS\Temp\win3A5.tmp - Deleted
C:\WINDOWS\Temp\win3A6.tmp - Deleted
C:\WINDOWS\Temp\win3A7.tmp - Deleted
C:\WINDOWS\Temp\win3A8.tmp - Deleted
C:\WINDOWS\Temp\win3A9.tmp - Deleted
C:\WINDOWS\Temp\win3AA.tmp - Deleted
C:\WINDOWS\Temp\win3AB.tmp - Deleted
C:\WINDOWS\Temp\win3AC.tmp - Deleted
C:\WINDOWS\Temp\win3AD.tmp - Deleted
C:\WINDOWS\Temp\win3AE.tmp - Deleted
C:\WINDOWS\Temp\win3AF.tmp - Deleted
C:\WINDOWS\Temp\win3B.tmp - Deleted
C:\WINDOWS\Temp\win3B0.tmp - Deleted
C:\WINDOWS\Temp\win3B1.tmp - Deleted
C:\WINDOWS\Temp\win3B2.tmp - Deleted
C:\WINDOWS\Temp\win3B3.tmp - Deleted
C:\WINDOWS\Temp\win3B4.tmp - Deleted
C:\WINDOWS\Temp\win3B5.tmp - Deleted
C:\WINDOWS\Temp\win3B6.tmp - Deleted
C:\WINDOWS\Temp\win3B7.tmp - Deleted
C:\WINDOWS\Temp\win3B8.tmp - Deleted
C:\WINDOWS\Temp\win3B9.tmp - Deleted
C:\WINDOWS\Temp\win3BA.tmp - Deleted
C:\WINDOWS\Temp\win3BB.tmp - Deleted
C:\WINDOWS\Temp\win3BC.tmp - Deleted
C:\WINDOWS\Temp\win3BD.tmp - Deleted
C:\WINDOWS\Temp\win3BE.tmp - Deleted
C:\WINDOWS\Temp\win3BF.tmp - Deleted
C:\WINDOWS\Temp\win3C.tmp - Deleted


----------



## USMCBUCK10 (Jan 21, 2007)

C:\WINDOWS\Temp\win3C0.tmp - Deleted
C:\WINDOWS\Temp\win3C1.tmp - Deleted
C:\WINDOWS\Temp\win3C2.tmp - Deleted
C:\WINDOWS\Temp\win3C3.tmp - Deleted
C:\WINDOWS\Temp\win3C4.tmp - Deleted
C:\WINDOWS\Temp\win3C5.tmp - Deleted
C:\WINDOWS\Temp\win3C6.tmp - Deleted
C:\WINDOWS\Temp\win3C7.tmp - Deleted
C:\WINDOWS\Temp\win3C8.tmp - Deleted
C:\WINDOWS\Temp\win3C9.tmp - Deleted
C:\WINDOWS\Temp\win3CA.tmp - Deleted
C:\WINDOWS\Temp\win3CB.tmp - Deleted
C:\WINDOWS\Temp\win3CC.tmp - Deleted
C:\WINDOWS\Temp\win3CD.tmp - Deleted
C:\WINDOWS\Temp\win3CE.tmp - Deleted
C:\WINDOWS\Temp\win3CF.tmp - Deleted
C:\WINDOWS\Temp\win3D.tmp - Deleted
C:\WINDOWS\Temp\win3D0.tmp - Deleted
C:\WINDOWS\Temp\win3D1.tmp - Deleted
C:\WINDOWS\Temp\win3D2.tmp - Deleted
C:\WINDOWS\Temp\win3D3.tmp - Deleted
C:\WINDOWS\Temp\win3D4.tmp - Deleted
C:\WINDOWS\Temp\win3D5.tmp - Deleted
C:\WINDOWS\Temp\win3D6.tmp - Deleted
C:\WINDOWS\Temp\win3D7.tmp - Deleted
C:\WINDOWS\Temp\win3D8.tmp - Deleted
C:\WINDOWS\Temp\win3D9.tmp - Deleted
C:\WINDOWS\Temp\win3DA.tmp - Deleted
C:\WINDOWS\Temp\win3DB.tmp - Deleted
C:\WINDOWS\Temp\win3DC.tmp - Deleted
C:\WINDOWS\Temp\win3DD.tmp - Deleted
C:\WINDOWS\Temp\win3DE.tmp - Deleted
C:\WINDOWS\Temp\win3DF.tmp - Deleted
C:\WINDOWS\Temp\win3E.tmp - Deleted
C:\WINDOWS\Temp\win3E0.tmp - Deleted
C:\WINDOWS\Temp\win3E1.tmp - Deleted
C:\WINDOWS\Temp\win3E2.tmp - Deleted
C:\WINDOWS\Temp\win3E3.tmp - Deleted
C:\WINDOWS\Temp\win3E4.tmp - Deleted
C:\WINDOWS\Temp\win3E5.tmp - Deleted
C:\WINDOWS\Temp\win3E6.tmp - Deleted
C:\WINDOWS\Temp\win3E7.tmp - Deleted
C:\WINDOWS\Temp\win3E8.tmp - Deleted
C:\WINDOWS\Temp\win3E9.tmp - Deleted
C:\WINDOWS\Temp\win3EA.tmp - Deleted
C:\WINDOWS\Temp\win3EB.tmp - Deleted
C:\WINDOWS\Temp\win3EC.tmp - Deleted
C:\WINDOWS\Temp\win3ED.tmp - Deleted
C:\WINDOWS\Temp\win3EE.tmp - Deleted
C:\WINDOWS\Temp\win3EF.tmp - Deleted
C:\WINDOWS\Temp\win3F.tmp - Deleted
C:\WINDOWS\Temp\win3F0.tmp - Deleted
C:\WINDOWS\Temp\win3F1.tmp - Deleted
C:\WINDOWS\Temp\win3F2.tmp - Deleted
C:\WINDOWS\Temp\win3F3.tmp - Deleted
C:\WINDOWS\Temp\win3F4.tmp - Deleted
C:\WINDOWS\Temp\win3F5.tmp - Deleted
C:\WINDOWS\Temp\win3F6.tmp - Deleted
C:\WINDOWS\Temp\win3F7.tmp - Deleted
C:\WINDOWS\Temp\win3F8.tmp - Deleted
C:\WINDOWS\Temp\win3F9.tmp - Deleted
C:\WINDOWS\Temp\win3FA.tmp - Deleted
C:\WINDOWS\Temp\win3FB.tmp - Deleted
C:\WINDOWS\Temp\win3FC.tmp - Deleted
C:\WINDOWS\Temp\win3FD.tmp - Deleted
C:\WINDOWS\Temp\win3FE.tmp - Deleted
C:\WINDOWS\Temp\win3FF.tmp - Deleted
C:\WINDOWS\Temp\win4.tmp - Deleted
C:\WINDOWS\Temp\win40.tmp - Deleted
C:\WINDOWS\Temp\win400.tmp - Deleted
C:\WINDOWS\Temp\win401.tmp - Deleted
C:\WINDOWS\Temp\win402.tmp - Deleted
C:\WINDOWS\Temp\win403.tmp - Deleted
C:\WINDOWS\Temp\win404.tmp - Deleted
C:\WINDOWS\Temp\win405.tmp - Deleted
C:\WINDOWS\Temp\win406.tmp - Deleted
C:\WINDOWS\Temp\win407.tmp - Deleted
C:\WINDOWS\Temp\win408.tmp - Deleted
C:\WINDOWS\Temp\win409.tmp - Deleted
C:\WINDOWS\Temp\win40A.tmp - Deleted
C:\WINDOWS\Temp\win40B.tmp - Deleted
C:\WINDOWS\Temp\win40C.tmp - Deleted
C:\WINDOWS\Temp\win40D.tmp - Deleted
C:\WINDOWS\Temp\win40E.tmp - Deleted
C:\WINDOWS\Temp\win40F.tmp - Deleted
C:\WINDOWS\Temp\win41.tmp - Deleted
C:\WINDOWS\Temp\win410.tmp - Deleted
C:\WINDOWS\Temp\win411.tmp - Deleted
C:\WINDOWS\Temp\win412.tmp - Deleted
C:\WINDOWS\Temp\win413.tmp - Deleted
C:\WINDOWS\Temp\win414.tmp - Deleted
C:\WINDOWS\Temp\win415.tmp - Deleted
C:\WINDOWS\Temp\win416.tmp - Deleted
C:\WINDOWS\Temp\win417.tmp - Deleted
C:\WINDOWS\Temp\win418.tmp - Deleted
C:\WINDOWS\Temp\win419.tmp - Deleted
C:\WINDOWS\Temp\win41A.tmp - Deleted
C:\WINDOWS\Temp\win41B.tmp - Deleted
C:\WINDOWS\Temp\win41C.tmp - Deleted
C:\WINDOWS\Temp\win41D.tmp - Deleted
C:\WINDOWS\Temp\win41E.tmp - Deleted
C:\WINDOWS\Temp\win41F.tmp - Deleted
C:\WINDOWS\Temp\win42.tmp - Deleted
C:\WINDOWS\Temp\win420.tmp - Deleted
C:\WINDOWS\Temp\win421.tmp - Deleted
C:\WINDOWS\Temp\win422.tmp - Deleted
C:\WINDOWS\Temp\win423.tmp - Deleted
C:\WINDOWS\Temp\win424.tmp - Deleted
C:\WINDOWS\Temp\win425.tmp - Deleted
C:\WINDOWS\Temp\win426.tmp - Deleted
C:\WINDOWS\Temp\win427.tmp - Deleted
C:\WINDOWS\Temp\win428.tmp - Deleted
C:\WINDOWS\Temp\win429.tmp - Deleted
C:\WINDOWS\Temp\win42A.tmp - Deleted
C:\WINDOWS\Temp\win42B.tmp - Deleted
C:\WINDOWS\Temp\win42C.tmp - Deleted
C:\WINDOWS\Temp\win42D.tmp - Deleted
C:\WINDOWS\Temp\win42E.tmp - Deleted
C:\WINDOWS\Temp\win42F.tmp - Deleted
C:\WINDOWS\Temp\win43.tmp - Deleted
C:\WINDOWS\Temp\win430.tmp - Deleted
C:\WINDOWS\Temp\win431.tmp - Deleted
C:\WINDOWS\Temp\win432.tmp - Deleted
C:\WINDOWS\Temp\win433.tmp - Deleted
C:\WINDOWS\Temp\win434.tmp - Deleted
C:\WINDOWS\Temp\win435.tmp - Deleted
C:\WINDOWS\Temp\win436.tmp - Deleted
C:\WINDOWS\Temp\win437.tmp - Deleted
C:\WINDOWS\Temp\win438.tmp - Deleted
C:\WINDOWS\Temp\win439.tmp - Deleted
C:\WINDOWS\Temp\win43A.tmp - Deleted
C:\WINDOWS\Temp\win43B.tmp - Deleted
C:\WINDOWS\Temp\win43C.tmp - Deleted
C:\WINDOWS\Temp\win43D.tmp - Deleted
C:\WINDOWS\Temp\win43E.tmp - Deleted
C:\WINDOWS\Temp\win43F.tmp - Deleted
C:\WINDOWS\Temp\win44.tmp - Deleted
C:\WINDOWS\Temp\win440.tmp - Deleted
C:\WINDOWS\Temp\win441.tmp - Deleted
C:\WINDOWS\Temp\win442.tmp - Deleted
C:\WINDOWS\Temp\win443.tmp - Deleted
C:\WINDOWS\Temp\win444.tmp - Deleted
C:\WINDOWS\Temp\win445.tmp - Deleted
C:\WINDOWS\Temp\win446.tmp - Deleted
C:\WINDOWS\Temp\win447.tmp - Deleted
C:\WINDOWS\Temp\win448.tmp - Deleted
C:\WINDOWS\Temp\win449.tmp - Deleted
C:\WINDOWS\Temp\win44A.tmp - Deleted
C:\WINDOWS\Temp\win44B.tmp - Deleted
C:\WINDOWS\Temp\win44C.tmp - Deleted
C:\WINDOWS\Temp\win44D.tmp - Deleted
C:\WINDOWS\Temp\win44E.tmp - Deleted
C:\WINDOWS\Temp\win44F.tmp - Deleted
C:\WINDOWS\Temp\win45.tmp - Deleted
C:\WINDOWS\Temp\win450.tmp - Deleted
C:\WINDOWS\Temp\win451.tmp - Deleted
C:\WINDOWS\Temp\win452.tmp - Deleted
C:\WINDOWS\Temp\win453.tmp - Deleted
C:\WINDOWS\Temp\win454.tmp - Deleted
C:\WINDOWS\Temp\win455.tmp - Deleted
C:\WINDOWS\Temp\win456.tmp - Deleted
C:\WINDOWS\Temp\win457.tmp - Deleted
C:\WINDOWS\Temp\win458.tmp - Deleted
C:\WINDOWS\Temp\win459.tmp - Deleted
C:\WINDOWS\Temp\win45A.tmp - Deleted
C:\WINDOWS\Temp\win45B.tmp - Deleted
C:\WINDOWS\Temp\win45C.tmp - Deleted
C:\WINDOWS\Temp\win45D.tmp - Deleted
C:\WINDOWS\Temp\win45E.tmp - Deleted
C:\WINDOWS\Temp\win45F.tmp - Deleted
C:\WINDOWS\Temp\win46.tmp - Deleted
C:\WINDOWS\Temp\win460.tmp - Deleted
C:\WINDOWS\Temp\win461.tmp - Deleted
C:\WINDOWS\Temp\win462.tmp - Deleted
C:\WINDOWS\Temp\win463.tmp - Deleted
C:\WINDOWS\Temp\win464.tmp - Deleted
C:\WINDOWS\Temp\win465.tmp - Deleted
C:\WINDOWS\Temp\win466.tmp - Deleted
C:\WINDOWS\Temp\win467.tmp - Deleted
C:\WINDOWS\Temp\win468.tmp - Deleted
C:\WINDOWS\Temp\win469.tmp - Deleted
C:\WINDOWS\Temp\win46A.tmp - Deleted
C:\WINDOWS\Temp\win46B.tmp - Deleted
C:\WINDOWS\Temp\win46C.tmp - Deleted
C:\WINDOWS\Temp\win46D.tmp - Deleted
C:\WINDOWS\Temp\win46E.tmp - Deleted
C:\WINDOWS\Temp\win46F.tmp - Deleted
C:\WINDOWS\Temp\win47.tmp - Deleted
C:\WINDOWS\Temp\win470.tmp - Deleted
C:\WINDOWS\Temp\win471.tmp - Deleted
C:\WINDOWS\Temp\win472.tmp - Deleted
C:\WINDOWS\Temp\win473.tmp - Deleted
C:\WINDOWS\Temp\win474.tmp - Deleted
C:\WINDOWS\Temp\win475.tmp - Deleted
C:\WINDOWS\Temp\win476.tmp - Deleted
C:\WINDOWS\Temp\win477.tmp - Deleted
C:\WINDOWS\Temp\win478.tmp - Deleted
C:\WINDOWS\Temp\win479.tmp - Deleted
C:\WINDOWS\Temp\win47A.tmp - Deleted
C:\WINDOWS\Temp\win47B.tmp - Deleted
C:\WINDOWS\Temp\win47C.tmp - Deleted
C:\WINDOWS\Temp\win47D.tmp - Deleted
C:\WINDOWS\Temp\win47E.tmp - Deleted
C:\WINDOWS\Temp\win47F.tmp - Deleted
C:\WINDOWS\Temp\win48.tmp - Deleted
C:\WINDOWS\Temp\win480.tmp - Deleted
C:\WINDOWS\Temp\win481.tmp - Deleted
C:\WINDOWS\Temp\win482.tmp - Deleted
C:\WINDOWS\Temp\win483.tmp - Deleted
C:\WINDOWS\Temp\win484.tmp - Deleted
C:\WINDOWS\Temp\win485.tmp - Deleted
C:\WINDOWS\Temp\win486.tmp - Deleted
C:\WINDOWS\Temp\win487.tmp - Deleted
C:\WINDOWS\Temp\win488.tmp - Deleted
C:\WINDOWS\Temp\win489.tmp - Deleted
C:\WINDOWS\Temp\win48A.tmp - Deleted
C:\WINDOWS\Temp\win48B.tmp - Deleted
C:\WINDOWS\Temp\win48C.tmp - Deleted
C:\WINDOWS\Temp\win48D.tmp - Deleted
C:\WINDOWS\Temp\win48E.tmp - Deleted
C:\WINDOWS\Temp\win48F.tmp - Deleted
C:\WINDOWS\Temp\win49.tmp - Deleted
C:\WINDOWS\Temp\win490.tmp - Deleted
C:\WINDOWS\Temp\win491.tmp - Deleted
C:\WINDOWS\Temp\win492.tmp - Deleted
C:\WINDOWS\Temp\win493.tmp - Deleted
C:\WINDOWS\Temp\win494.tmp - Deleted
C:\WINDOWS\Temp\win495.tmp - Deleted
C:\WINDOWS\Temp\win496.tmp - Deleted
C:\WINDOWS\Temp\win497.tmp - Deleted
C:\WINDOWS\Temp\win498.tmp - Deleted
C:\WINDOWS\Temp\win499.tmp - Deleted
C:\WINDOWS\Temp\win49A.tmp - Deleted
C:\WINDOWS\Temp\win49B.tmp - Deleted
C:\WINDOWS\Temp\win49C.tmp - Deleted
C:\WINDOWS\Temp\win49D.tmp - Deleted
C:\WINDOWS\Temp\win49E.tmp - Deleted
C:\WINDOWS\Temp\win49F.tmp - Deleted
C:\WINDOWS\Temp\win4A.tmp - Deleted
C:\WINDOWS\Temp\win4A0.tmp - Deleted
C:\WINDOWS\Temp\win4A1.tmp - Deleted
C:\WINDOWS\Temp\win4A2.tmp - Deleted
C:\WINDOWS\Temp\win4A3.tmp - Deleted
C:\WINDOWS\Temp\win4A4.tmp - Deleted
C:\WINDOWS\Temp\win4A5.tmp - Deleted
C:\WINDOWS\Temp\win4A6.tmp - Deleted
C:\WINDOWS\Temp\win4A7.tmp - Deleted
C:\WINDOWS\Temp\win4A8.tmp - Deleted
C:\WINDOWS\Temp\win4A9.tmp - Deleted
C:\WINDOWS\Temp\win4AA.tmp - Deleted
C:\WINDOWS\Temp\win4AB.tmp - Deleted
C:\WINDOWS\Temp\win4AC.tmp - Deleted
C:\WINDOWS\Temp\win4AD.tmp - Deleted
C:\WINDOWS\Temp\win4AE.tmp - Deleted
C:\WINDOWS\Temp\win4AF.tmp - Deleted
C:\WINDOWS\Temp\win4B.tmp - Deleted
C:\WINDOWS\Temp\win4B0.tmp - Deleted
C:\WINDOWS\Temp\win4B1.tmp - Deleted
C:\WINDOWS\Temp\win4B2.tmp - Deleted
C:\WINDOWS\Temp\win4B3.tmp - Deleted
C:\WINDOWS\Temp\win4B4.tmp - Deleted
C:\WINDOWS\Temp\win4B5.tmp - Deleted
C:\WINDOWS\Temp\win4B6.tmp - Deleted
C:\WINDOWS\Temp\win4B7.tmp - Deleted
C:\WINDOWS\Temp\win4B8.tmp - Deleted
C:\WINDOWS\Temp\win4B9.tmp - Deleted
C:\WINDOWS\Temp\win4BA.tmp - Deleted
C:\WINDOWS\Temp\win4BB.tmp - Deleted
C:\WINDOWS\Temp\win4BC.tmp - Deleted
C:\WINDOWS\Temp\win4BD.tmp - Deleted
C:\WINDOWS\Temp\win4BE.tmp - Deleted
C:\WINDOWS\Temp\win4BF.tmp - Deleted
C:\WINDOWS\Temp\win4C.tmp - Deleted
C:\WINDOWS\Temp\win4C0.tmp - Deleted
C:\WINDOWS\Temp\win4C1.tmp - Deleted
C:\WINDOWS\Temp\win4C2.tmp - Deleted
C:\WINDOWS\Temp\win4C3.tmp - Deleted
C:\WINDOWS\Temp\win4C4.tmp - Deleted
C:\WINDOWS\Temp\win4C5.tmp - Deleted
C:\WINDOWS\Temp\win4C6.tmp - Deleted
C:\WINDOWS\Temp\win4C7.tmp - Deleted
C:\WINDOWS\Temp\win4C8.tmp - Deleted
C:\WINDOWS\Temp\win4C9.tmp - Deleted
C:\WINDOWS\Temp\win4CA.tmp - Deleted
C:\WINDOWS\Temp\win4CB.tmp - Deleted
C:\WINDOWS\Temp\win4CC.tmp - Deleted
C:\WINDOWS\Temp\win4CD.tmp - Deleted
C:\WINDOWS\Temp\win4CE.tmp - Deleted
C:\WINDOWS\Temp\win4CF.tmp - Deleted
C:\WINDOWS\Temp\win4D.tmp - Deleted
C:\WINDOWS\Temp\win4D0.tmp - Deleted
C:\WINDOWS\Temp\win4D1.tmp - Deleted
C:\WINDOWS\Temp\win4D2.tmp - Deleted
C:\WINDOWS\Temp\win4D3.tmp - Deleted
C:\WINDOWS\Temp\win4D4.tmp - Deleted
C:\WINDOWS\Temp\win4D5.tmp - Deleted
C:\WINDOWS\Temp\win4D6.tmp - Deleted
C:\WINDOWS\Temp\win4D7.tmp - Deleted
C:\WINDOWS\Temp\win4D8.tmp - Deleted
C:\WINDOWS\Temp\win4D9.tmp - Deleted
C:\WINDOWS\Temp\win4DA.tmp - Deleted
C:\WINDOWS\Temp\win4DB.tmp - Deleted
C:\WINDOWS\Temp\win4DC.tmp - Deleted
C:\WINDOWS\Temp\win4DD.tmp - Deleted
C:\WINDOWS\Temp\win4DE.tmp - Deleted
C:\WINDOWS\Temp\win4DF.tmp - Deleted
C:\WINDOWS\Temp\win4E.tmp - Deleted
C:\WINDOWS\Temp\win4E0.tmp - Deleted
C:\WINDOWS\Temp\win4E1.tmp - Deleted
C:\WINDOWS\Temp\win4E2.tmp - Deleted
C:\WINDOWS\Temp\win4E3.tmp - Deleted
C:\WINDOWS\Temp\win4E4.tmp - Deleted
C:\WINDOWS\Temp\win4E5.tmp - Deleted
C:\WINDOWS\Temp\win4E6.tmp - Deleted
C:\WINDOWS\Temp\win4E7.tmp - Deleted
C:\WINDOWS\Temp\win4E8.tmp - Deleted
C:\WINDOWS\Temp\win4E9.tmp - Deleted
C:\WINDOWS\Temp\win4EA.tmp - Deleted
C:\WINDOWS\Temp\win4EB.tmp - Deleted
C:\WINDOWS\Temp\win4EC.tmp - Deleted
C:\WINDOWS\Temp\win4ED.tmp - Deleted
C:\WINDOWS\Temp\win4EE.tmp - Deleted
C:\WINDOWS\Temp\win4EF.tmp - Deleted
C:\WINDOWS\Temp\win4F.tmp - Deleted
C:\WINDOWS\Temp\win4F0.tmp - Deleted
C:\WINDOWS\Temp\win4F1.tmp - Deleted
C:\WINDOWS\Temp\win4F2.tmp - Deleted
C:\WINDOWS\Temp\win4F3.tmp - Deleted
C:\WINDOWS\Temp\win4F4.tmp - Deleted
C:\WINDOWS\Temp\win4F5.tmp - Deleted
C:\WINDOWS\Temp\win4F6.tmp - Deleted
C:\WINDOWS\Temp\win4F7.tmp - Deleted
C:\WINDOWS\Temp\win4F8.tmp - Deleted
C:\WINDOWS\Temp\win4F9.tmp - Deleted
C:\WINDOWS\Temp\win4FA.tmp - Deleted
C:\WINDOWS\Temp\win4FB.tmp - Deleted
C:\WINDOWS\Temp\win4FC.tmp - Deleted
C:\WINDOWS\Temp\win4FD.tmp - Deleted
C:\WINDOWS\Temp\win4FE.tmp - Deleted
C:\WINDOWS\Temp\win4FF.tmp - Deleted
C:\WINDOWS\Temp\win5.tmp - Deleted
C:\WINDOWS\Temp\win50.tmp - Deleted
C:\WINDOWS\Temp\win500.tmp - Deleted
C:\WINDOWS\Temp\win501.tmp - Deleted
C:\WINDOWS\Temp\win502.tmp - Deleted
C:\WINDOWS\Temp\win503.tmp - Deleted
C:\WINDOWS\Temp\win504.tmp - Deleted
C:\WINDOWS\Temp\win505.tmp - Deleted
C:\WINDOWS\Temp\win506.tmp - Deleted
C:\WINDOWS\Temp\win507.tmp - Deleted
C:\WINDOWS\Temp\win508.tmp - Deleted
C:\WINDOWS\Temp\win509.tmp - Deleted
C:\WINDOWS\Temp\win50A.tmp - Deleted
C:\WINDOWS\Temp\win50B.tmp - Deleted
C:\WINDOWS\Temp\win50C.tmp - Deleted
C:\WINDOWS\Temp\win50D.tmp - Deleted
C:\WINDOWS\Temp\win50E.tmp - Deleted
C:\WINDOWS\Temp\win50F.tmp - Deleted
C:\WINDOWS\Temp\win51.tmp - Deleted
C:\WINDOWS\Temp\win510.tmp - Deleted
C:\WINDOWS\Temp\win511.tmp - Deleted
C:\WINDOWS\Temp\win512.tmp - Deleted
C:\WINDOWS\Temp\win513.tmp - Deleted
C:\WINDOWS\Temp\win514.tmp - Deleted
C:\WINDOWS\Temp\win515.tmp - Deleted
C:\WINDOWS\Temp\win516.tmp - Deleted
C:\WINDOWS\Temp\win517.tmp - Deleted
C:\WINDOWS\Temp\win518.tmp - Deleted
C:\WINDOWS\Temp\win519.tmp - Deleted
C:\WINDOWS\Temp\win51A.tmp - Deleted
C:\WINDOWS\Temp\win51B.tmp - Deleted
C:\WINDOWS\Temp\win51C.tmp - Deleted
C:\WINDOWS\Temp\win51D.tmp - Deleted
C:\WINDOWS\Temp\win51E.tmp - Deleted
C:\WINDOWS\Temp\win51F.tmp - Deleted
C:\WINDOWS\Temp\win52.tmp - Deleted
C:\WINDOWS\Temp\win520.tmp - Deleted
C:\WINDOWS\Temp\win521.tmp - Deleted
C:\WINDOWS\Temp\win522.tmp - Deleted
C:\WINDOWS\Temp\win523.tmp - Deleted
C:\WINDOWS\Temp\win524.tmp - Deleted
C:\WINDOWS\Temp\win525.tmp - Deleted
C:\WINDOWS\Temp\win526.tmp - Deleted
C:\WINDOWS\Temp\win527.tmp - Deleted
C:\WINDOWS\Temp\win528.tmp - Deleted
C:\WINDOWS\Temp\win529.tmp - Deleted
C:\WINDOWS\Temp\win52A.tmp - Deleted
C:\WINDOWS\Temp\win52B.tmp - Deleted
C:\WINDOWS\Temp\win52C.tmp - Deleted
C:\WINDOWS\Temp\win52D.tmp - Deleted
C:\WINDOWS\Temp\win52E.tmp - Deleted
C:\WINDOWS\Temp\win52F.tmp - Deleted
C:\WINDOWS\Temp\win53.tmp - Deleted
C:\WINDOWS\Temp\win530.tmp - Deleted
C:\WINDOWS\Temp\win531.tmp - Deleted
C:\WINDOWS\Temp\win532.tmp - Deleted
C:\WINDOWS\Temp\win533.tmp - Deleted
C:\WINDOWS\Temp\win534.tmp - Deleted
C:\WINDOWS\Temp\win535.tmp - Deleted
C:\WINDOWS\Temp\win536.tmp - Deleted
C:\WINDOWS\Temp\win537.tmp - Deleted
C:\WINDOWS\Temp\win538.tmp - Deleted
C:\WINDOWS\Temp\win539.tmp - Deleted
C:\WINDOWS\Temp\win53A.tmp - Deleted
C:\WINDOWS\Temp\win53B.tmp - Deleted
C:\WINDOWS\Temp\win53C.tmp - Deleted
C:\WINDOWS\Temp\win53D.tmp - Deleted
C:\WINDOWS\Temp\win53E.tmp - Deleted
C:\WINDOWS\Temp\win53F.tmp - Deleted
C:\WINDOWS\Temp\win54.tmp - Deleted
C:\WINDOWS\Temp\win540.tmp - Deleted
C:\WINDOWS\Temp\win541.tmp - Deleted
C:\WINDOWS\Temp\win542.tmp - Deleted
C:\WINDOWS\Temp\win543.tmp - Deleted
C:\WINDOWS\Temp\win544.tmp - Deleted
C:\WINDOWS\Temp\win545.tmp - Deleted
C:\WINDOWS\Temp\win546.tmp - Deleted
C:\WINDOWS\Temp\win547.tmp - Deleted
C:\WINDOWS\Temp\win548.tmp - Deleted
C:\WINDOWS\Temp\win549.tmp - Deleted
C:\WINDOWS\Temp\win54A.tmp - Deleted
C:\WINDOWS\Temp\win54B.tmp - Deleted
C:\WINDOWS\Temp\win54C.tmp - Deleted
C:\WINDOWS\Temp\win54D.tmp - Deleted
C:\WINDOWS\Temp\win54E.tmp - Deleted
C:\WINDOWS\Temp\win54F.tmp - Deleted
C:\WINDOWS\Temp\win55.tmp - Deleted
C:\WINDOWS\Temp\win550.tmp - Deleted
C:\WINDOWS\Temp\win551.tmp - Deleted
C:\WINDOWS\Temp\win552.tmp - Deleted
C:\WINDOWS\Temp\win553.tmp - Deleted
C:\WINDOWS\Temp\win554.tmp - Deleted
C:\WINDOWS\Temp\win555.tmp - Deleted
C:\WINDOWS\Temp\win556.tmp - Deleted
C:\WINDOWS\Temp\win557.tmp - Deleted
C:\WINDOWS\Temp\win558.tmp - Deleted
C:\WINDOWS\Temp\win559.tmp - Deleted
C:\WINDOWS\Temp\win55A.tmp - Deleted
C:\WINDOWS\Temp\win55B.tmp - Deleted
C:\WINDOWS\Temp\win55C.tmp - Deleted
C:\WINDOWS\Temp\win55D.tmp - Deleted
C:\WINDOWS\Temp\win55E.tmp - Deleted
C:\WINDOWS\Temp\win55F.tmp - Deleted
C:\WINDOWS\Temp\win56.tmp - Deleted
C:\WINDOWS\Temp\win560.tmp - Deleted
C:\WINDOWS\Temp\win561.tmp - Deleted
C:\WINDOWS\Temp\win562.tmp - Deleted
C:\WINDOWS\Temp\win563.tmp - Deleted
C:\WINDOWS\Temp\win564.tmp - Deleted
C:\WINDOWS\Temp\win565.tmp - Deleted
C:\WINDOWS\Temp\win566.tmp - Deleted
C:\WINDOWS\Temp\win567.tmp - Deleted
C:\WINDOWS\Temp\win568.tmp - Deleted
C:\WINDOWS\Temp\win569.tmp - Deleted
C:\WINDOWS\Temp\win56A.tmp - Deleted
C:\WINDOWS\Temp\win56B.tmp - Deleted
C:\WINDOWS\Temp\win56C.tmp - Deleted
C:\WINDOWS\Temp\win56D.tmp - Deleted
C:\WINDOWS\Temp\win56E.tmp - Deleted
C:\WINDOWS\Temp\win56F.tmp - Deleted
C:\WINDOWS\Temp\win57.tmp - Deleted
C:\WINDOWS\Temp\win570.tmp - Deleted
C:\WINDOWS\Temp\win571.tmp - Deleted
C:\WINDOWS\Temp\win572.tmp - Deleted
C:\WINDOWS\Temp\win573.tmp - Deleted
C:\WINDOWS\Temp\win574.tmp - Deleted
C:\WINDOWS\Temp\win575.tmp - Deleted
C:\WINDOWS\Temp\win576.tmp - Deleted
C:\WINDOWS\Temp\win577.tmp - Deleted
C:\WINDOWS\Temp\win578.tmp - Deleted
C:\WINDOWS\Temp\win579.tmp - Deleted
C:\WINDOWS\Temp\win57A.tmp - Deleted
C:\WINDOWS\Temp\win57B.tmp - Deleted
C:\WINDOWS\Temp\win57C.tmp - Deleted
C:\WINDOWS\Temp\win57D.tmp - Deleted
C:\WINDOWS\Temp\win57E.tmp - Deleted
C:\WINDOWS\Temp\win57F.tmp - Deleted
C:\WINDOWS\Temp\win58.tmp - Deleted
C:\WINDOWS\Temp\win580.tmp - Deleted
C:\WINDOWS\Temp\win581.tmp - Deleted
C:\WINDOWS\Temp\win582.tmp - Deleted
C:\WINDOWS\Temp\win583.tmp - Deleted
C:\WINDOWS\Temp\win584.tmp - Deleted
C:\WINDOWS\Temp\win585.tmp - Deleted
C:\WINDOWS\Temp\win586.tmp - Deleted
C:\WINDOWS\Temp\win587.tmp - Deleted
C:\WINDOWS\Temp\win588.tmp - Deleted
C:\WINDOWS\Temp\win589.tmp - Deleted
C:\WINDOWS\Temp\win58A.tmp - Deleted
C:\WINDOWS\Temp\win58B.tmp - Deleted
C:\WINDOWS\Temp\win58C.tmp - Deleted
C:\WINDOWS\Temp\win58D.tmp - Deleted
C:\WINDOWS\Temp\win58E.tmp - Deleted
C:\WINDOWS\Temp\win58F.tmp - Deleted
C:\WINDOWS\Temp\win59.tmp - Deleted
C:\WINDOWS\Temp\win590.tmp - Deleted
C:\WINDOWS\Temp\win591.tmp - Deleted
C:\WINDOWS\Temp\win592.tmp - Deleted
C:\WINDOWS\Temp\win593.tmp - Deleted
C:\WINDOWS\Temp\win594.tmp - Deleted
C:\WINDOWS\Temp\win595.tmp - Deleted
C:\WINDOWS\Temp\win596.tmp - Deleted
C:\WINDOWS\Temp\win597.tmp - Deleted
C:\WINDOWS\Temp\win598.tmp - Deleted
C:\WINDOWS\Temp\win599.tmp - Deleted
C:\WINDOWS\Temp\win59A.tmp - Deleted
C:\WINDOWS\Temp\win59B.tmp - Deleted
C:\WINDOWS\Temp\win59C.tmp - Deleted
C:\WINDOWS\Temp\win59D.tmp - Deleted
C:\WINDOWS\Temp\win59E.tmp - Deleted
C:\WINDOWS\Temp\win59F.tmp - Deleted
C:\WINDOWS\Temp\win5A.tmp - Deleted
C:\WINDOWS\Temp\win5A0.tmp - Deleted
C:\WINDOWS\Temp\win5A1.tmp - Deleted
C:\WINDOWS\Temp\win5A2.tmp - Deleted
C:\WINDOWS\Temp\win5A3.tmp - Deleted
C:\WINDOWS\Temp\win5A4.tmp - Deleted
C:\WINDOWS\Temp\win5A5.tmp - Deleted
C:\WINDOWS\Temp\win5A6.tmp - Deleted
C:\WINDOWS\Temp\win5A7.tmp - Deleted
C:\WINDOWS\Temp\win5A8.tmp - Deleted
C:\WINDOWS\Temp\win5A9.tmp - Deleted
C:\WINDOWS\Temp\win5AA.tmp - Deleted
C:\WINDOWS\Temp\win5AB.tmp - Deleted
C:\WINDOWS\Temp\win5AC.tmp - Deleted
C:\WINDOWS\Temp\win5AD.tmp - Deleted
C:\WINDOWS\Temp\win5AE.tmp - Deleted
C:\WINDOWS\Temp\win5AF.tmp - Deleted
C:\WINDOWS\Temp\win5B.tmp - Deleted
C:\WINDOWS\Temp\win5B0.tmp - Deleted
C:\WINDOWS\Temp\win5B1.tmp - Deleted
C:\WINDOWS\Temp\win5B2.tmp - Deleted
C:\WINDOWS\Temp\win5B3.tmp - Deleted
C:\WINDOWS\Temp\win5B4.tmp - Deleted
C:\WINDOWS\Temp\win5B5.tmp - Deleted
C:\WINDOWS\Temp\win5B6.tmp - Deleted
C:\WINDOWS\Temp\win5B7.tmp - Deleted
C:\WINDOWS\Temp\win5B8.tmp - Deleted
C:\WINDOWS\Temp\win5B9.tmp - Deleted
C:\WINDOWS\Temp\win5BA.tmp - Deleted
C:\WINDOWS\Temp\win5BB.tmp - Deleted
C:\WINDOWS\Temp\win5BC.tmp - Deleted
C:\WINDOWS\Temp\win5BD.tmp - Deleted
C:\WINDOWS\Temp\win5BE.tmp - Deleted
C:\WINDOWS\Temp\win5BF.tmp - Deleted
C:\WINDOWS\Temp\win5C.tmp - Deleted
C:\WINDOWS\Temp\win5C0.tmp - Deleted
C:\WINDOWS\Temp\win5C1.tmp - Deleted
C:\WINDOWS\Temp\win5C2.tmp - Deleted
C:\WINDOWS\Temp\win5C3.tmp - Deleted
C:\WINDOWS\Temp\win5C4.tmp - Deleted
C:\WINDOWS\Temp\win5C5.tmp - Deleted
C:\WINDOWS\Temp\win5C6.tmp - Deleted
C:\WINDOWS\Temp\win5C7.tmp - Deleted
C:\WINDOWS\Temp\win5C8.tmp - Deleted
C:\WINDOWS\Temp\win5C9.tmp - Deleted
C:\WINDOWS\Temp\win5CA.tmp - Deleted
C:\WINDOWS\Temp\win5CB.tmp - Deleted
C:\WINDOWS\Temp\win5CC.tmp - Deleted
C:\WINDOWS\Temp\win5CD.tmp - Deleted
C:\WINDOWS\Temp\win5CE.tmp - Deleted
C:\WINDOWS\Temp\win5CF.tmp - Deleted
C:\WINDOWS\Temp\win5D.tmp - Deleted
C:\WINDOWS\Temp\win5D0.tmp - Deleted
C:\WINDOWS\Temp\win5D1.tmp - Deleted
C:\WINDOWS\Temp\win5D2.tmp - Deleted
C:\WINDOWS\Temp\win5D3.tmp - Deleted
C:\WINDOWS\Temp\win5D4.tmp - Deleted
C:\WINDOWS\Temp\win5D5.tmp - Deleted
C:\WINDOWS\Temp\win5D6.tmp - Deleted
C:\WINDOWS\Temp\win5D7.tmp - Deleted
C:\WINDOWS\Temp\win5D8.tmp - Deleted
C:\WINDOWS\Temp\win5D9.tmp - Deleted
C:\WINDOWS\Temp\win5DA.tmp - Deleted
C:\WINDOWS\Temp\win5DB.tmp - Deleted
C:\WINDOWS\Temp\win5DC.tmp - Deleted
C:\WINDOWS\Temp\win5DD.tmp - Deleted
C:\WINDOWS\Temp\win5DE.tmp - Deleted
C:\WINDOWS\Temp\win5DF.tmp - Deleted
C:\WINDOWS\Temp\win5E.tmp - Deleted
C:\WINDOWS\Temp\win5E0.tmp - Deleted
C:\WINDOWS\Temp\win5E1.tmp - Deleted
C:\WINDOWS\Temp\win5E2.tmp - Deleted
C:\WINDOWS\Temp\win5E3.tmp - Deleted
C:\WINDOWS\Temp\win5E4.tmp - Deleted
C:\WINDOWS\Temp\win5E5.tmp - Deleted
C:\WINDOWS\Temp\win5E6.tmp - Deleted
C:\WINDOWS\Temp\win5E7.tmp - Deleted
C:\WINDOWS\Temp\win5E8.tmp - Deleted
C:\WINDOWS\Temp\win5E9.tmp - Deleted
C:\WINDOWS\Temp\win5EA.tmp - Deleted
C:\WINDOWS\Temp\win5EB.tmp - Deleted
C:\WINDOWS\Temp\win5EC.tmp - Deleted
C:\WINDOWS\Temp\win5ED.tmp - Deleted
C:\WINDOWS\Temp\win5EE.tmp - Deleted
C:\WINDOWS\Temp\win5EF.tmp - Deleted
C:\WINDOWS\Temp\win5F.tmp - Deleted
C:\WINDOWS\Temp\win5F0.tmp - Deleted
C:\WINDOWS\Temp\win5F1.tmp - Deleted
C:\WINDOWS\Temp\win5F2.tmp - Deleted
C:\WINDOWS\Temp\win5F3.tmp - Deleted
C:\WINDOWS\Temp\win5F4.tmp - Deleted
C:\WINDOWS\Temp\win5F5.tmp - Deleted
C:\WINDOWS\Temp\win5F6.tmp - Deleted
C:\WINDOWS\Temp\win5F7.tmp - Deleted
C:\WINDOWS\Temp\win5F8.tmp - Deleted
C:\WINDOWS\Temp\win5F9.tmp - Deleted
C:\WINDOWS\Temp\win5FA.tmp - Deleted
C:\WINDOWS\Temp\win5FB.tmp - Deleted
C:\WINDOWS\Temp\win5FC.tmp - Deleted
C:\WINDOWS\Temp\win5FD.tmp - Deleted
C:\WINDOWS\Temp\win5FE.tmp - Deleted
C:\WINDOWS\Temp\win5FF.tmp - Deleted
C:\WINDOWS\Temp\win6.tmp - Deleted
C:\WINDOWS\Temp\win60.tmp - Deleted
C:\WINDOWS\Temp\win600.tmp - Deleted
C:\WINDOWS\Temp\win601.tmp - Deleted
C:\WINDOWS\Temp\win602.tmp - Deleted
C:\WINDOWS\Temp\win603.tmp - Deleted
C:\WINDOWS\Temp\win604.tmp - Deleted
C:\WINDOWS\Temp\win605.tmp - Deleted
C:\WINDOWS\Temp\win606.tmp - Deleted
C:\WINDOWS\Temp\win607.tmp - Deleted
C:\WINDOWS\Temp\win608.tmp - Deleted
C:\WINDOWS\Temp\win609.tmp - Deleted
C:\WINDOWS\Temp\win60A.tmp - Deleted
C:\WINDOWS\Temp\win60B.tmp - Deleted
C:\WINDOWS\Temp\win60C.tmp - Deleted
C:\WINDOWS\Temp\win60D.tmp - Deleted
C:\WINDOWS\Temp\win60E.tmp - Deleted
C:\WINDOWS\Temp\win60F.tmp - Deleted
C:\WINDOWS\Temp\win61.tmp - Deleted
C:\WINDOWS\Temp\win610.tmp - Deleted
C:\WINDOWS\Temp\win611.tmp - Deleted
C:\WINDOWS\Temp\win612.tmp - Deleted
C:\WINDOWS\Temp\win613.tmp - Deleted
C:\WINDOWS\Temp\win614.tmp - Deleted
C:\WINDOWS\Temp\win615.tmp - Deleted
C:\WINDOWS\Temp\win616.tmp - Deleted
C:\WINDOWS\Temp\win617.tmp - Deleted
C:\WINDOWS\Temp\win618.tmp - Deleted
C:\WINDOWS\Temp\win619.tmp - Deleted
C:\WINDOWS\Temp\win61A.tmp - Deleted
C:\WINDOWS\Temp\win61B.tmp - Deleted
C:\WINDOWS\Temp\win61C.tmp - Deleted
C:\WINDOWS\Temp\win61D.tmp - Deleted
C:\WINDOWS\Temp\win61E.tmp - Deleted
C:\WINDOWS\Temp\win61F.tmp - Deleted
C:\WINDOWS\Temp\win62.tmp - Deleted
C:\WINDOWS\Temp\win620.tmp - Deleted
C:\WINDOWS\Temp\win621.tmp - Deleted
C:\WINDOWS\Temp\win622.tmp - Deleted
C:\WINDOWS\Temp\win623.tmp - Deleted
C:\WINDOWS\Temp\win624.tmp - Deleted
C:\WINDOWS\Temp\win625.tmp - Deleted
C:\WINDOWS\Temp\win626.tmp - Deleted
C:\WINDOWS\Temp\win627.tmp - Deleted
C:\WINDOWS\Temp\win628.tmp - Deleted
C:\WINDOWS\Temp\win629.tmp - Deleted
C:\WINDOWS\Temp\win62A.tmp - Deleted
C:\WINDOWS\Temp\win62B.tmp - Deleted
C:\WINDOWS\Temp\win62C.tmp - Deleted
C:\WINDOWS\Temp\win62D.tmp - Deleted
C:\WINDOWS\Temp\win62E.tmp - Deleted
C:\WINDOWS\Temp\win62F.tmp - Deleted
C:\WINDOWS\Temp\win63.tmp - Deleted
C:\WINDOWS\Temp\win630.tmp - Deleted
C:\WINDOWS\Temp\win631.tmp - Deleted
C:\WINDOWS\Temp\win632.tmp - Deleted
C:\WINDOWS\Temp\win633.tmp - Deleted
C:\WINDOWS\Temp\win634.tmp - Deleted
C:\WINDOWS\Temp\win635.tmp - Deleted
C:\WINDOWS\Temp\win636.tmp - Deleted
C:\WINDOWS\Temp\win637.tmp - Deleted
C:\WINDOWS\Temp\win638.tmp - Deleted
C:\WINDOWS\Temp\win639.tmp - Deleted
C:\WINDOWS\Temp\win63A.tmp - Deleted
C:\WINDOWS\Temp\win63B.tmp - Deleted
C:\WINDOWS\Temp\win63C.tmp - Deleted
C:\WINDOWS\Temp\win63D.tmp - Deleted
C:\WINDOWS\Temp\win63E.tmp - Deleted
C:\WINDOWS\Temp\win63F.tmp - Deleted
C:\WINDOWS\Temp\win64.tmp - Deleted
C:\WINDOWS\Temp\win640.tmp - Deleted
C:\WINDOWS\Temp\win641.tmp - Deleted
C:\WINDOWS\Temp\win642.tmp - Deleted
C:\WINDOWS\Temp\win643.tmp - Deleted
C:\WINDOWS\Temp\win644.tmp - Deleted
C:\WINDOWS\Temp\win645.tmp - Deleted
C:\WINDOWS\Temp\win646.tmp - Deleted
C:\WINDOWS\Temp\win647.tmp - Deleted
C:\WINDOWS\Temp\win648.tmp - Deleted
C:\WINDOWS\Temp\win649.tmp - Deleted
C:\WINDOWS\Temp\win64A.tmp - Deleted
C:\WINDOWS\Temp\win64B.tmp - Deleted
C:\WINDOWS\Temp\win64C.tmp - Deleted
C:\WINDOWS\Temp\win64D.tmp - Deleted
C:\WINDOWS\Temp\win64E.tmp - Deleted
C:\WINDOWS\Temp\win64F.tmp - Deleted
C:\WINDOWS\Temp\win65.tmp - Deleted
C:\WINDOWS\Temp\win650.tmp - Deleted
C:\WINDOWS\Temp\win651.tmp - Deleted
C:\WINDOWS\Temp\win652.tmp - Deleted
C:\WINDOWS\Temp\win653.tmp - Deleted
C:\WINDOWS\Temp\win654.tmp - Deleted
C:\WINDOWS\Temp\win655.tmp - Deleted
C:\WINDOWS\Temp\win656.tmp - Deleted
C:\WINDOWS\Temp\win657.tmp - Deleted
C:\WINDOWS\Temp\win658.tmp - Deleted
C:\WINDOWS\Temp\win659.tmp - Deleted
C:\WINDOWS\Temp\win65A.tmp - Deleted
C:\WINDOWS\Temp\win65B.tmp - Deleted
C:\WINDOWS\Temp\win65C.tmp - Deleted
C:\WINDOWS\Temp\win65D.tmp - Deleted
C:\WINDOWS\Temp\win65E.tmp - Deleted
C:\WINDOWS\Temp\win65F.tmp - Deleted
C:\WINDOWS\Temp\win66.tmp - Deleted
C:\WINDOWS\Temp\win660.tmp - Deleted
C:\WINDOWS\Temp\win661.tmp - Deleted
C:\WINDOWS\Temp\win662.tmp - Deleted
C:\WINDOWS\Temp\win663.tmp - Deleted
C:\WINDOWS\Temp\win664.tmp - Deleted
C:\WINDOWS\Temp\win665.tmp - Deleted
C:\WINDOWS\Temp\win666.tmp - Deleted
C:\WINDOWS\Temp\win667.tmp - Deleted
C:\WINDOWS\Temp\win668.tmp - Deleted
C:\WINDOWS\Temp\win669.tmp - Deleted
C:\WINDOWS\Temp\win66A.tmp - Deleted
C:\WINDOWS\Temp\win66B.tmp - Deleted
C:\WINDOWS\Temp\win66C.tmp - Deleted
C:\WINDOWS\Temp\win66D.tmp - Deleted
C:\WINDOWS\Temp\win66E.tmp - Deleted
C:\WINDOWS\Temp\win66F.tmp - Deleted
C:\WINDOWS\Temp\win67.tmp - Deleted
C:\WINDOWS\Temp\win670.tmp - Deleted
C:\WINDOWS\Temp\win671.tmp - Deleted
C:\WINDOWS\Temp\win672.tmp - Deleted
C:\WINDOWS\Temp\win673.tmp - Deleted
C:\WINDOWS\Temp\win674.tmp - Deleted
C:\WINDOWS\Temp\win675.tmp - Deleted
C:\WINDOWS\Temp\win676.tmp - Deleted
C:\WINDOWS\Temp\win677.tmp - Deleted
C:\WINDOWS\Temp\win678.tmp - Deleted
C:\WINDOWS\Temp\win679.tmp - Deleted
C:\WINDOWS\Temp\win67A.tmp - Deleted
C:\WINDOWS\Temp\win67B.tmp - Deleted
C:\WINDOWS\Temp\win67C.tmp - Deleted
C:\WINDOWS\Temp\win67D.tmp - Deleted
C:\WINDOWS\Temp\win67E.tmp - Deleted
C:\WINDOWS\Temp\win67F.tmp - Deleted
C:\WINDOWS\Temp\win68.tmp - Deleted
C:\WINDOWS\Temp\win680.tmp - Deleted
C:\WINDOWS\Temp\win681.tmp - Deleted
C:\WINDOWS\Temp\win682.tmp - Deleted
C:\WINDOWS\Temp\win683.tmp - Deleted
C:\WINDOWS\Temp\win684.tmp - Deleted
C:\WINDOWS\Temp\win685.tmp - Deleted
C:\WINDOWS\Temp\win686.tmp - Deleted
C:\WINDOWS\Temp\win687.tmp - Deleted
C:\WINDOWS\Temp\win688.tmp - Deleted
C:\WINDOWS\Temp\win689.tmp - Deleted
C:\WINDOWS\Temp\win68A.tmp - Deleted
C:\WINDOWS\Temp\win68B.tmp - Deleted
C:\WINDOWS\Temp\win68C.tmp - Deleted
C:\WINDOWS\Temp\win68D.tmp - Deleted
C:\WINDOWS\Temp\win68E.tmp - Deleted
C:\WINDOWS\Temp\win68F.tmp - Deleted
C:\WINDOWS\Temp\win69.tmp - Deleted
C:\WINDOWS\Temp\win690.tmp - Deleted
C:\WINDOWS\Temp\win691.tmp - Deleted
C:\WINDOWS\Temp\win692.tmp - Deleted
C:\WINDOWS\Temp\win693.tmp - Deleted
C:\WINDOWS\Temp\win694.tmp - Deleted
C:\WINDOWS\Temp\win695.tmp - Deleted
C:\WINDOWS\Temp\win696.tmp - Deleted
C:\WINDOWS\Temp\win697.tmp - Deleted
C:\WINDOWS\Temp\win698.tmp - Deleted
C:\WINDOWS\Temp\win699.tmp - Deleted
C:\WINDOWS\Temp\win69A.tmp - Deleted
C:\WINDOWS\Temp\win69B.tmp - Deleted
C:\WINDOWS\Temp\win69C.tmp - Deleted
C:\WINDOWS\Temp\win69D.tmp - Deleted
C:\WINDOWS\Temp\win69E.tmp - Deleted
C:\WINDOWS\Temp\win69F.tmp - Deleted
C:\WINDOWS\Temp\win6A.tmp - Deleted


----------



## USMCBUCK10 (Jan 21, 2007)

C:\WINDOWS\Temp\win6A0.tmp - Deleted
C:\WINDOWS\Temp\win6A1.tmp - Deleted
C:\WINDOWS\Temp\win6A2.tmp - Deleted
C:\WINDOWS\Temp\win6A3.tmp - Deleted
C:\WINDOWS\Temp\win6A4.tmp - Deleted
C:\WINDOWS\Temp\win6A5.tmp - Deleted
C:\WINDOWS\Temp\win6A6.tmp - Deleted
C:\WINDOWS\Temp\win6A7.tmp - Deleted
C:\WINDOWS\Temp\win6A8.tmp - Deleted
C:\WINDOWS\Temp\win6A9.tmp - Deleted
C:\WINDOWS\Temp\win6AA.tmp - Deleted
C:\WINDOWS\Temp\win6AB.tmp - Deleted
C:\WINDOWS\Temp\win6AC.tmp - Deleted
C:\WINDOWS\Temp\win6AD.tmp - Deleted
C:\WINDOWS\Temp\win6AE.tmp - Deleted
C:\WINDOWS\Temp\win6AF.tmp - Deleted
C:\WINDOWS\Temp\win6B.tmp - Deleted
C:\WINDOWS\Temp\win6B0.tmp - Deleted
C:\WINDOWS\Temp\win6B1.tmp - Deleted
C:\WINDOWS\Temp\win6B2.tmp - Deleted
C:\WINDOWS\Temp\win6B3.tmp - Deleted
C:\WINDOWS\Temp\win6B4.tmp - Deleted
C:\WINDOWS\Temp\win6B5.tmp - Deleted
C:\WINDOWS\Temp\win6B6.tmp - Deleted
C:\WINDOWS\Temp\win6B7.tmp - Deleted
C:\WINDOWS\Temp\win6B8.tmp - Deleted
C:\WINDOWS\Temp\win6B9.tmp - Deleted
C:\WINDOWS\Temp\win6BA.tmp - Deleted
C:\WINDOWS\Temp\win6BB.tmp - Deleted
C:\WINDOWS\Temp\win6BC.tmp - Deleted
C:\WINDOWS\Temp\win6BD.tmp - Deleted
C:\WINDOWS\Temp\win6BE.tmp - Deleted
C:\WINDOWS\Temp\win6BF.tmp - Deleted
C:\WINDOWS\Temp\win6C.tmp - Deleted
C:\WINDOWS\Temp\win6C0.tmp - Deleted
C:\WINDOWS\Temp\win6C1.tmp - Deleted
C:\WINDOWS\Temp\win6C2.tmp - Deleted
C:\WINDOWS\Temp\win6C3.tmp - Deleted
C:\WINDOWS\Temp\win6C4.tmp - Deleted
C:\WINDOWS\Temp\win6C5.tmp - Deleted
C:\WINDOWS\Temp\win6C6.tmp - Deleted
C:\WINDOWS\Temp\win6C7.tmp - Deleted
C:\WINDOWS\Temp\win6C8.tmp - Deleted
C:\WINDOWS\Temp\win6C9.tmp - Deleted
C:\WINDOWS\Temp\win6CA.tmp - Deleted
C:\WINDOWS\Temp\win6CB.tmp - Deleted
C:\WINDOWS\Temp\win6CC.tmp - Deleted
C:\WINDOWS\Temp\win6CD.tmp - Deleted
C:\WINDOWS\Temp\win6CE.tmp - Deleted
C:\WINDOWS\Temp\win6CF.tmp - Deleted
C:\WINDOWS\Temp\win6D.tmp - Deleted
C:\WINDOWS\Temp\win6D0.tmp - Deleted
C:\WINDOWS\Temp\win6D1.tmp - Deleted
C:\WINDOWS\Temp\win6D2.tmp - Deleted
C:\WINDOWS\Temp\win6D3.tmp - Deleted
C:\WINDOWS\Temp\win6D4.tmp - Deleted
C:\WINDOWS\Temp\win6D5.tmp - Deleted
C:\WINDOWS\Temp\win6D6.tmp - Deleted
C:\WINDOWS\Temp\win6D7.tmp - Deleted
C:\WINDOWS\Temp\win6D8.tmp - Deleted
C:\WINDOWS\Temp\win6D9.tmp - Deleted
C:\WINDOWS\Temp\win6DA.tmp - Deleted
C:\WINDOWS\Temp\win6DB.tmp - Deleted
C:\WINDOWS\Temp\win6DC.tmp - Deleted
C:\WINDOWS\Temp\win6DD.tmp - Deleted
C:\WINDOWS\Temp\win6DE.tmp - Deleted
C:\WINDOWS\Temp\win6DF.tmp - Deleted
C:\WINDOWS\Temp\win6E.tmp - Deleted
C:\WINDOWS\Temp\win6E0.tmp - Deleted
C:\WINDOWS\Temp\win6E1.tmp - Deleted
C:\WINDOWS\Temp\win6E2.tmp - Deleted
C:\WINDOWS\Temp\win6E3.tmp - Deleted
C:\WINDOWS\Temp\win6E4.tmp - Deleted
C:\WINDOWS\Temp\win6E5.tmp - Deleted
C:\WINDOWS\Temp\win6E6.tmp - Deleted
C:\WINDOWS\Temp\win6E7.tmp - Deleted
C:\WINDOWS\Temp\win6E8.tmp - Deleted
C:\WINDOWS\Temp\win6E9.tmp - Deleted
C:\WINDOWS\Temp\win6EA.tmp - Deleted
C:\WINDOWS\Temp\win6EB.tmp - Deleted
C:\WINDOWS\Temp\win6EC.tmp - Deleted
C:\WINDOWS\Temp\win6ED.tmp - Deleted
C:\WINDOWS\Temp\win6EE.tmp - Deleted
C:\WINDOWS\Temp\win6EF.tmp - Deleted
C:\WINDOWS\Temp\win6F.tmp - Deleted
C:\WINDOWS\Temp\win6F0.tmp - Deleted
C:\WINDOWS\Temp\win6F1.tmp - Deleted
C:\WINDOWS\Temp\win6F2.tmp - Deleted
C:\WINDOWS\Temp\win6F3.tmp - Deleted
C:\WINDOWS\Temp\win6F4.tmp - Deleted
C:\WINDOWS\Temp\win6F5.tmp - Deleted
C:\WINDOWS\Temp\win6F6.tmp - Deleted
C:\WINDOWS\Temp\win6F7.tmp - Deleted
C:\WINDOWS\Temp\win6F8.tmp - Deleted
C:\WINDOWS\Temp\win6F9.tmp - Deleted
C:\WINDOWS\Temp\win6FA.tmp - Deleted
C:\WINDOWS\Temp\win6FB.tmp - Deleted
C:\WINDOWS\Temp\win6FC.tmp - Deleted
C:\WINDOWS\Temp\win6FD.tmp - Deleted
C:\WINDOWS\Temp\win6FE.tmp - Deleted
C:\WINDOWS\Temp\win6FF.tmp - Deleted
C:\WINDOWS\Temp\win7.tmp - Deleted
C:\WINDOWS\Temp\win70.tmp - Deleted
C:\WINDOWS\Temp\win700.tmp - Deleted
C:\WINDOWS\Temp\win701.tmp - Deleted
C:\WINDOWS\Temp\win702.tmp - Deleted
C:\WINDOWS\Temp\win703.tmp - Deleted
C:\WINDOWS\Temp\win704.tmp - Deleted
C:\WINDOWS\Temp\win705.tmp - Deleted
C:\WINDOWS\Temp\win706.tmp - Deleted
C:\WINDOWS\Temp\win707.tmp - Deleted
C:\WINDOWS\Temp\win708.tmp - Deleted
C:\WINDOWS\Temp\win709.tmp - Deleted
C:\WINDOWS\Temp\win70A.tmp - Deleted
C:\WINDOWS\Temp\win70B.tmp - Deleted
C:\WINDOWS\Temp\win70C.tmp - Deleted
C:\WINDOWS\Temp\win70D.tmp - Deleted
C:\WINDOWS\Temp\win70E.tmp - Deleted
C:\WINDOWS\Temp\win70F.tmp - Deleted
C:\WINDOWS\Temp\win71.tmp - Deleted
C:\WINDOWS\Temp\win710.tmp - Deleted
C:\WINDOWS\Temp\win711.tmp - Deleted
C:\WINDOWS\Temp\win712.tmp - Deleted
C:\WINDOWS\Temp\win713.tmp - Deleted
C:\WINDOWS\Temp\win714.tmp - Deleted
C:\WINDOWS\Temp\win715.tmp - Deleted
C:\WINDOWS\Temp\win716.tmp - Deleted
C:\WINDOWS\Temp\win717.tmp - Deleted
C:\WINDOWS\Temp\win718.tmp - Deleted
C:\WINDOWS\Temp\win719.tmp - Deleted
C:\WINDOWS\Temp\win71A.tmp - Deleted
C:\WINDOWS\Temp\win71B.tmp - Deleted
C:\WINDOWS\Temp\win71C.tmp - Deleted
C:\WINDOWS\Temp\win71D.tmp - Deleted
C:\WINDOWS\Temp\win71E.tmp - Deleted
C:\WINDOWS\Temp\win71F.tmp - Deleted
C:\WINDOWS\Temp\win72.tmp - Deleted
C:\WINDOWS\Temp\win720.tmp - Deleted
C:\WINDOWS\Temp\win721.tmp - Deleted
C:\WINDOWS\Temp\win722.tmp - Deleted
C:\WINDOWS\Temp\win723.tmp - Deleted
C:\WINDOWS\Temp\win724.tmp - Deleted
C:\WINDOWS\Temp\win725.tmp - Deleted
C:\WINDOWS\Temp\win726.tmp - Deleted
C:\WINDOWS\Temp\win727.tmp - Deleted
C:\WINDOWS\Temp\win728.tmp - Deleted
C:\WINDOWS\Temp\win729.tmp - Deleted
C:\WINDOWS\Temp\win72A.tmp - Deleted
C:\WINDOWS\Temp\win72B.tmp - Deleted
C:\WINDOWS\Temp\win72C.tmp - Deleted
C:\WINDOWS\Temp\win72D.tmp - Deleted
C:\WINDOWS\Temp\win72E.tmp - Deleted
C:\WINDOWS\Temp\win72F.tmp - Deleted
C:\WINDOWS\Temp\win73.tmp - Deleted
C:\WINDOWS\Temp\win730.tmp - Deleted
C:\WINDOWS\Temp\win731.tmp - Deleted
C:\WINDOWS\Temp\win732.tmp - Deleted
C:\WINDOWS\Temp\win733.tmp - Deleted
C:\WINDOWS\Temp\win734.tmp - Deleted
C:\WINDOWS\Temp\win735.tmp - Deleted
C:\WINDOWS\Temp\win736.tmp - Deleted
C:\WINDOWS\Temp\win737.tmp - Deleted
C:\WINDOWS\Temp\win738.tmp - Deleted
C:\WINDOWS\Temp\win739.tmp - Deleted
C:\WINDOWS\Temp\win73A.tmp - Deleted
C:\WINDOWS\Temp\win73B.tmp - Deleted
C:\WINDOWS\Temp\win73C.tmp - Deleted
C:\WINDOWS\Temp\win73D.tmp - Deleted
C:\WINDOWS\Temp\win73E.tmp - Deleted
C:\WINDOWS\Temp\win73F.tmp - Deleted
C:\WINDOWS\Temp\win74.tmp - Deleted
C:\WINDOWS\Temp\win740.tmp - Deleted
C:\WINDOWS\Temp\win741.tmp - Deleted
C:\WINDOWS\Temp\win742.tmp - Deleted
C:\WINDOWS\Temp\win743.tmp - Deleted
C:\WINDOWS\Temp\win744.tmp - Deleted
C:\WINDOWS\Temp\win745.tmp - Deleted
C:\WINDOWS\Temp\win746.tmp - Deleted
C:\WINDOWS\Temp\win747.tmp - Deleted
C:\WINDOWS\Temp\win748.tmp - Deleted
C:\WINDOWS\Temp\win749.tmp - Deleted
C:\WINDOWS\Temp\win74A.tmp - Deleted
C:\WINDOWS\Temp\win74B.tmp - Deleted
C:\WINDOWS\Temp\win74C.tmp - Deleted
C:\WINDOWS\Temp\win74D.tmp - Deleted
C:\WINDOWS\Temp\win74E.tmp - Deleted
C:\WINDOWS\Temp\win74F.tmp - Deleted
C:\WINDOWS\Temp\win75.tmp - Deleted
C:\WINDOWS\Temp\win750.tmp - Deleted
C:\WINDOWS\Temp\win751.tmp - Deleted
C:\WINDOWS\Temp\win752.tmp - Deleted
C:\WINDOWS\Temp\win753.tmp - Deleted
C:\WINDOWS\Temp\win754.tmp - Deleted
C:\WINDOWS\Temp\win755.tmp - Deleted
C:\WINDOWS\Temp\win756.tmp - Deleted
C:\WINDOWS\Temp\win757.tmp - Deleted
C:\WINDOWS\Temp\win758.tmp - Deleted
C:\WINDOWS\Temp\win759.tmp - Deleted
C:\WINDOWS\Temp\win75A.tmp - Deleted
C:\WINDOWS\Temp\win75B.tmp - Deleted
C:\WINDOWS\Temp\win75C.tmp - Deleted
C:\WINDOWS\Temp\win75D.tmp - Deleted
C:\WINDOWS\Temp\win75E.tmp - Deleted
C:\WINDOWS\Temp\win75F.tmp - Deleted
C:\WINDOWS\Temp\win76.tmp - Deleted
C:\WINDOWS\Temp\win760.tmp - Deleted
C:\WINDOWS\Temp\win761.tmp - Deleted
C:\WINDOWS\Temp\win762.tmp - Deleted
C:\WINDOWS\Temp\win763.tmp - Deleted
C:\WINDOWS\Temp\win764.tmp - Deleted
C:\WINDOWS\Temp\win765.tmp - Deleted
C:\WINDOWS\Temp\win766.tmp - Deleted
C:\WINDOWS\Temp\win767.tmp - Deleted
C:\WINDOWS\Temp\win768.tmp - Deleted
C:\WINDOWS\Temp\win769.tmp - Deleted
C:\WINDOWS\Temp\win76A.tmp - Deleted
C:\WINDOWS\Temp\win76B.tmp - Deleted
C:\WINDOWS\Temp\win76C.tmp - Deleted
C:\WINDOWS\Temp\win76D.tmp - Deleted
C:\WINDOWS\Temp\win76E.tmp - Deleted
C:\WINDOWS\Temp\win76F.tmp - Deleted
C:\WINDOWS\Temp\win77.tmp - Deleted
C:\WINDOWS\Temp\win770.tmp - Deleted
C:\WINDOWS\Temp\win771.tmp - Deleted
C:\WINDOWS\Temp\win772.tmp - Deleted
C:\WINDOWS\Temp\win773.tmp - Deleted
C:\WINDOWS\Temp\win774.tmp - Deleted
C:\WINDOWS\Temp\win775.tmp - Deleted
C:\WINDOWS\Temp\win776.tmp - Deleted
C:\WINDOWS\Temp\win777.tmp - Deleted
C:\WINDOWS\Temp\win778.tmp - Deleted
C:\WINDOWS\Temp\win779.tmp - Deleted
C:\WINDOWS\Temp\win77A.tmp - Deleted
C:\WINDOWS\Temp\win77B.tmp - Deleted
C:\WINDOWS\Temp\win77C.tmp - Deleted
C:\WINDOWS\Temp\win77D.tmp - Deleted
C:\WINDOWS\Temp\win77E.tmp - Deleted
C:\WINDOWS\Temp\win77F.tmp - Deleted
C:\WINDOWS\Temp\win78.tmp - Deleted
C:\WINDOWS\Temp\win780.tmp - Deleted
C:\WINDOWS\Temp\win781.tmp - Deleted
C:\WINDOWS\Temp\win782.tmp - Deleted
C:\WINDOWS\Temp\win783.tmp - Deleted
C:\WINDOWS\Temp\win784.tmp - Deleted
C:\WINDOWS\Temp\win785.tmp - Deleted
C:\WINDOWS\Temp\win786.tmp - Deleted
C:\WINDOWS\Temp\win787.tmp - Deleted
C:\WINDOWS\Temp\win788.tmp - Deleted
C:\WINDOWS\Temp\win789.tmp - Deleted
C:\WINDOWS\Temp\win78A.tmp - Deleted
C:\WINDOWS\Temp\win78B.tmp - Deleted
C:\WINDOWS\Temp\win78C.tmp - Deleted
C:\WINDOWS\Temp\win78D.tmp - Deleted
C:\WINDOWS\Temp\win78E.tmp - Deleted
C:\WINDOWS\Temp\win78F.tmp - Deleted
C:\WINDOWS\Temp\win79.tmp - Deleted
C:\WINDOWS\Temp\win790.tmp - Deleted
C:\WINDOWS\Temp\win791.tmp - Deleted
C:\WINDOWS\Temp\win792.tmp - Deleted
C:\WINDOWS\Temp\win793.tmp - Deleted
C:\WINDOWS\Temp\win794.tmp - Deleted
C:\WINDOWS\Temp\win795.tmp - Deleted
C:\WINDOWS\Temp\win796.tmp - Deleted
C:\WINDOWS\Temp\win797.tmp - Deleted
C:\WINDOWS\Temp\win798.tmp - Deleted
C:\WINDOWS\Temp\win799.tmp - Deleted
C:\WINDOWS\Temp\win79A.tmp - Deleted
C:\WINDOWS\Temp\win79B.tmp - Deleted
C:\WINDOWS\Temp\win79C.tmp - Deleted
C:\WINDOWS\Temp\win79D.tmp - Deleted
C:\WINDOWS\Temp\win79E.tmp - Deleted
C:\WINDOWS\Temp\win79F.tmp - Deleted
C:\WINDOWS\Temp\win7A.tmp - Deleted
C:\WINDOWS\Temp\win7A0.tmp - Deleted
C:\WINDOWS\Temp\win7A1.tmp - Deleted
C:\WINDOWS\Temp\win7A2.tmp - Deleted
C:\WINDOWS\Temp\win7A3.tmp - Deleted
C:\WINDOWS\Temp\win7A4.tmp - Deleted
C:\WINDOWS\Temp\win7A5.tmp - Deleted
C:\WINDOWS\Temp\win7A6.tmp - Deleted
C:\WINDOWS\Temp\win7A7.tmp - Deleted
C:\WINDOWS\Temp\win7A8.tmp - Deleted
C:\WINDOWS\Temp\win7A9.tmp - Deleted
C:\WINDOWS\Temp\win7AA.tmp - Deleted
C:\WINDOWS\Temp\win7AB.tmp - Deleted
C:\WINDOWS\Temp\win7AC.tmp - Deleted
C:\WINDOWS\Temp\win7AD.tmp - Deleted
C:\WINDOWS\Temp\win7AE.tmp - Deleted
C:\WINDOWS\Temp\win7AF.tmp - Deleted
C:\WINDOWS\Temp\win7B.tmp - Deleted
C:\WINDOWS\Temp\win7B0.tmp - Deleted
C:\WINDOWS\Temp\win7B1.tmp - Deleted
C:\WINDOWS\Temp\win7B2.tmp - Deleted
C:\WINDOWS\Temp\win7B3.tmp - Deleted
C:\WINDOWS\Temp\win7B4.tmp - Deleted
C:\WINDOWS\Temp\win7B5.tmp - Deleted
C:\WINDOWS\Temp\win7B6.tmp - Deleted
C:\WINDOWS\Temp\win7B7.tmp - Deleted
C:\WINDOWS\Temp\win7B8.tmp - Deleted
C:\WINDOWS\Temp\win7B9.tmp - Deleted
C:\WINDOWS\Temp\win7BA.tmp - Deleted
C:\WINDOWS\Temp\win7BB.tmp - Deleted
C:\WINDOWS\Temp\win7BC.tmp - Deleted
C:\WINDOWS\Temp\win7BD.tmp - Deleted
C:\WINDOWS\Temp\win7BE.tmp - Deleted
C:\WINDOWS\Temp\win7BF.tmp - Deleted
C:\WINDOWS\Temp\win7C.tmp - Deleted
C:\WINDOWS\Temp\win7C0.tmp - Deleted
C:\WINDOWS\Temp\win7C1.tmp - Deleted
C:\WINDOWS\Temp\win7C2.tmp - Deleted
C:\WINDOWS\Temp\win7C3.tmp - Deleted
C:\WINDOWS\Temp\win7C4.tmp - Deleted
C:\WINDOWS\Temp\win7C5.tmp - Deleted
C:\WINDOWS\Temp\win7C6.tmp - Deleted
C:\WINDOWS\Temp\win7C7.tmp - Deleted
C:\WINDOWS\Temp\win7C8.tmp - Deleted
C:\WINDOWS\Temp\win7C9.tmp - Deleted
C:\WINDOWS\Temp\win7CA.tmp - Deleted
C:\WINDOWS\Temp\win7CB.tmp - Deleted
C:\WINDOWS\Temp\win7CC.tmp - Deleted
C:\WINDOWS\Temp\win7CD.tmp - Deleted
C:\WINDOWS\Temp\win7CE.tmp - Deleted
C:\WINDOWS\Temp\win7CF.tmp - Deleted
C:\WINDOWS\Temp\win7D.tmp - Deleted
C:\WINDOWS\Temp\win7D0.tmp - Deleted
C:\WINDOWS\Temp\win7D1.tmp - Deleted
C:\WINDOWS\Temp\win7D2.tmp - Deleted
C:\WINDOWS\Temp\win7D3.tmp - Deleted
C:\WINDOWS\Temp\win7D4.tmp - Deleted
C:\WINDOWS\Temp\win7D5.tmp - Deleted
C:\WINDOWS\Temp\win7D6.tmp - Deleted
C:\WINDOWS\Temp\win7D7.tmp - Deleted
C:\WINDOWS\Temp\win7D8.tmp - Deleted
C:\WINDOWS\Temp\win7D9.tmp - Deleted
C:\WINDOWS\Temp\win7DA.tmp - Deleted
C:\WINDOWS\Temp\win7DB.tmp - Deleted
C:\WINDOWS\Temp\win7DC.tmp - Deleted
C:\WINDOWS\Temp\win7DD.tmp - Deleted
C:\WINDOWS\Temp\win7DE.tmp - Deleted
C:\WINDOWS\Temp\win7DF.tmp - Deleted
C:\WINDOWS\Temp\win7E.tmp - Deleted
C:\WINDOWS\Temp\win7E0.tmp - Deleted
C:\WINDOWS\Temp\win7E1.tmp - Deleted
C:\WINDOWS\Temp\win7E2.tmp - Deleted
C:\WINDOWS\Temp\win7E3.tmp - Deleted
C:\WINDOWS\Temp\win7E4.tmp - Deleted
C:\WINDOWS\Temp\win7E5.tmp - Deleted
C:\WINDOWS\Temp\win7E6.tmp - Deleted
C:\WINDOWS\Temp\win7E7.tmp - Deleted
C:\WINDOWS\Temp\win7E8.tmp - Deleted
C:\WINDOWS\Temp\win7E9.tmp - Deleted
C:\WINDOWS\Temp\win7EA.tmp - Deleted
C:\WINDOWS\Temp\win7EB.tmp - Deleted
C:\WINDOWS\Temp\win7EC.tmp - Deleted
C:\WINDOWS\Temp\win7ED.tmp - Deleted
C:\WINDOWS\Temp\win7EE.tmp - Deleted
C:\WINDOWS\Temp\win7EF.tmp - Deleted
C:\WINDOWS\Temp\win7F.tmp - Deleted
C:\WINDOWS\Temp\win7F0.tmp - Deleted
C:\WINDOWS\Temp\win7F1.tmp - Deleted
C:\WINDOWS\Temp\win7F2.tmp - Deleted
C:\WINDOWS\Temp\win7F3.tmp - Deleted
C:\WINDOWS\Temp\win7F4.tmp - Deleted
C:\WINDOWS\Temp\win7F5.tmp - Deleted
C:\WINDOWS\Temp\win7F6.tmp - Deleted
C:\WINDOWS\Temp\win7F7.tmp - Deleted
C:\WINDOWS\Temp\win7F8.tmp - Deleted
C:\WINDOWS\Temp\win7F9.tmp - Deleted
C:\WINDOWS\Temp\win7FA.tmp - Deleted
C:\WINDOWS\Temp\win7FB.tmp - Deleted
C:\WINDOWS\Temp\win7FC.tmp - Deleted
C:\WINDOWS\Temp\win7FD.tmp - Deleted
C:\WINDOWS\Temp\win7FE.tmp - Deleted
C:\WINDOWS\Temp\win7FF.tmp - Deleted
C:\WINDOWS\Temp\win8.tmp - Deleted
C:\WINDOWS\Temp\win80.tmp - Deleted
C:\WINDOWS\Temp\win800.tmp - Deleted
C:\WINDOWS\Temp\win801.tmp - Deleted
C:\WINDOWS\Temp\win802.tmp - Deleted
C:\WINDOWS\Temp\win803.tmp - Deleted
C:\WINDOWS\Temp\win804.tmp - Deleted
C:\WINDOWS\Temp\win805.tmp - Deleted
C:\WINDOWS\Temp\win806.tmp - Deleted
C:\WINDOWS\Temp\win807.tmp - Deleted
C:\WINDOWS\Temp\win808.tmp - Deleted
C:\WINDOWS\Temp\win809.tmp - Deleted
C:\WINDOWS\Temp\win80A.tmp - Deleted
C:\WINDOWS\Temp\win80B.tmp - Deleted
C:\WINDOWS\Temp\win80C.tmp - Deleted
C:\WINDOWS\Temp\win80D.tmp - Deleted
C:\WINDOWS\Temp\win80E.tmp - Deleted
C:\WINDOWS\Temp\win80F.tmp - Deleted
C:\WINDOWS\Temp\win81.tmp - Deleted
C:\WINDOWS\Temp\win810.tmp - Deleted
C:\WINDOWS\Temp\win811.tmp - Deleted
C:\WINDOWS\Temp\win812.tmp - Deleted
C:\WINDOWS\Temp\win813.tmp - Deleted
C:\WINDOWS\Temp\win814.tmp - Deleted
C:\WINDOWS\Temp\win815.tmp - Deleted
C:\WINDOWS\Temp\win816.tmp - Deleted
C:\WINDOWS\Temp\win817.tmp - Deleted
C:\WINDOWS\Temp\win818.tmp - Deleted
C:\WINDOWS\Temp\win819.tmp - Deleted
C:\WINDOWS\Temp\win81A.tmp - Deleted
C:\WINDOWS\Temp\win81B.tmp - Deleted
C:\WINDOWS\Temp\win81C.tmp - Deleted
C:\WINDOWS\Temp\win81D.tmp - Deleted
C:\WINDOWS\Temp\win81E.tmp - Deleted
C:\WINDOWS\Temp\win81F.tmp - Deleted
C:\WINDOWS\Temp\win82.tmp - Deleted
C:\WINDOWS\Temp\win820.tmp - Deleted
C:\WINDOWS\Temp\win821.tmp - Deleted
C:\WINDOWS\Temp\win822.tmp - Deleted
C:\WINDOWS\Temp\win823.tmp - Deleted
C:\WINDOWS\Temp\win824.tmp - Deleted
C:\WINDOWS\Temp\win825.tmp - Deleted
C:\WINDOWS\Temp\win826.tmp - Deleted
C:\WINDOWS\Temp\win827.tmp - Deleted
C:\WINDOWS\Temp\win828.tmp - Deleted
C:\WINDOWS\Temp\win829.tmp - Deleted
C:\WINDOWS\Temp\win82A.tmp - Deleted
C:\WINDOWS\Temp\win82B.tmp - Deleted
C:\WINDOWS\Temp\win82C.tmp - Deleted
C:\WINDOWS\Temp\win82D.tmp - Deleted
C:\WINDOWS\Temp\win82E.tmp - Deleted
C:\WINDOWS\Temp\win82F.tmp - Deleted
C:\WINDOWS\Temp\win83.tmp - Deleted
C:\WINDOWS\Temp\win830.tmp - Deleted
C:\WINDOWS\Temp\win831.tmp - Deleted
C:\WINDOWS\Temp\win832.tmp - Deleted
C:\WINDOWS\Temp\win833.tmp - Deleted
C:\WINDOWS\Temp\win834.tmp - Deleted
C:\WINDOWS\Temp\win835.tmp - Deleted
C:\WINDOWS\Temp\win836.tmp - Deleted
C:\WINDOWS\Temp\win837.tmp - Deleted
C:\WINDOWS\Temp\win838.tmp - Deleted
C:\WINDOWS\Temp\win839.tmp - Deleted
C:\WINDOWS\Temp\win83A.tmp - Deleted
C:\WINDOWS\Temp\win83B.tmp - Deleted
C:\WINDOWS\Temp\win83C.tmp - Deleted
C:\WINDOWS\Temp\win83D.tmp - Deleted
C:\WINDOWS\Temp\win83E.tmp - Deleted
C:\WINDOWS\Temp\win83F.tmp - Deleted
C:\WINDOWS\Temp\win84.tmp - Deleted
C:\WINDOWS\Temp\win840.tmp - Deleted
C:\WINDOWS\Temp\win841.tmp - Deleted
C:\WINDOWS\Temp\win842.tmp - Deleted
C:\WINDOWS\Temp\win843.tmp - Deleted
C:\WINDOWS\Temp\win844.tmp - Deleted
C:\WINDOWS\Temp\win845.tmp - Deleted
C:\WINDOWS\Temp\win846.tmp - Deleted
C:\WINDOWS\Temp\win847.tmp - Deleted
C:\WINDOWS\Temp\win848.tmp - Deleted
C:\WINDOWS\Temp\win849.tmp - Deleted
C:\WINDOWS\Temp\win84A.tmp - Deleted
C:\WINDOWS\Temp\win84B.tmp - Deleted
C:\WINDOWS\Temp\win84C.tmp - Deleted
C:\WINDOWS\Temp\win84D.tmp - Deleted
C:\WINDOWS\Temp\win84E.tmp - Deleted
C:\WINDOWS\Temp\win84F.tmp - Deleted
C:\WINDOWS\Temp\win85.tmp - Deleted
C:\WINDOWS\Temp\win850.tmp - Deleted
C:\WINDOWS\Temp\win851.tmp - Deleted
C:\WINDOWS\Temp\win852.tmp - Deleted
C:\WINDOWS\Temp\win853.tmp - Deleted
C:\WINDOWS\Temp\win854.tmp - Deleted
C:\WINDOWS\Temp\win855.tmp - Deleted
C:\WINDOWS\Temp\win856.tmp - Deleted
C:\WINDOWS\Temp\win857.tmp - Deleted
C:\WINDOWS\Temp\win858.tmp - Deleted
C:\WINDOWS\Temp\win859.tmp - Deleted
C:\WINDOWS\Temp\win85A.tmp - Deleted
C:\WINDOWS\Temp\win85B.tmp - Deleted
C:\WINDOWS\Temp\win85C.tmp - Deleted
C:\WINDOWS\Temp\win85D.tmp - Deleted
C:\WINDOWS\Temp\win85E.tmp - Deleted
C:\WINDOWS\Temp\win85F.tmp - Deleted
C:\WINDOWS\Temp\win86.tmp - Deleted
C:\WINDOWS\Temp\win860.tmp - Deleted
C:\WINDOWS\Temp\win861.tmp - Deleted
C:\WINDOWS\Temp\win862.tmp - Deleted
C:\WINDOWS\Temp\win863.tmp - Deleted
C:\WINDOWS\Temp\win864.tmp - Deleted
C:\WINDOWS\Temp\win865.tmp - Deleted
C:\WINDOWS\Temp\win866.tmp - Deleted
C:\WINDOWS\Temp\win867.tmp - Deleted
C:\WINDOWS\Temp\win868.tmp - Deleted
C:\WINDOWS\Temp\win869.tmp - Deleted
C:\WINDOWS\Temp\win86A.tmp - Deleted
C:\WINDOWS\Temp\win86B.tmp - Deleted
C:\WINDOWS\Temp\win86C.tmp - Deleted
C:\WINDOWS\Temp\win86D.tmp - Deleted
C:\WINDOWS\Temp\win86E.tmp - Deleted
C:\WINDOWS\Temp\win86F.tmp - Deleted
C:\WINDOWS\Temp\win87.tmp - Deleted
C:\WINDOWS\Temp\win870.tmp - Deleted
C:\WINDOWS\Temp\win871.tmp - Deleted
C:\WINDOWS\Temp\win872.tmp - Deleted
C:\WINDOWS\Temp\win873.tmp - Deleted
C:\WINDOWS\Temp\win874.tmp - Deleted
C:\WINDOWS\Temp\win875.tmp - Deleted
C:\WINDOWS\Temp\win876.tmp - Deleted
C:\WINDOWS\Temp\win877.tmp - Deleted
C:\WINDOWS\Temp\win878.tmp - Deleted
C:\WINDOWS\Temp\win879.tmp - Deleted
C:\WINDOWS\Temp\win87A.tmp - Deleted
C:\WINDOWS\Temp\win87B.tmp - Deleted
C:\WINDOWS\Temp\win87C.tmp - Deleted
C:\WINDOWS\Temp\win87D.tmp - Deleted
C:\WINDOWS\Temp\win87E.tmp - Deleted
C:\WINDOWS\Temp\win87F.tmp - Deleted
C:\WINDOWS\Temp\win88.tmp - Deleted
C:\WINDOWS\Temp\win880.tmp - Deleted
C:\WINDOWS\Temp\win881.tmp - Deleted
C:\WINDOWS\Temp\win882.tmp - Deleted
C:\WINDOWS\Temp\win883.tmp - Deleted
C:\WINDOWS\Temp\win884.tmp - Deleted
C:\WINDOWS\Temp\win885.tmp - Deleted
C:\WINDOWS\Temp\win886.tmp - Deleted
C:\WINDOWS\Temp\win887.tmp - Deleted
C:\WINDOWS\Temp\win888.tmp - Deleted
C:\WINDOWS\Temp\win889.tmp - Deleted
C:\WINDOWS\Temp\win88A.tmp - Deleted
C:\WINDOWS\Temp\win88B.tmp - Deleted
C:\WINDOWS\Temp\win88C.tmp - Deleted
C:\WINDOWS\Temp\win88D.tmp - Deleted
C:\WINDOWS\Temp\win88E.tmp - Deleted
C:\WINDOWS\Temp\win88F.tmp - Deleted
C:\WINDOWS\Temp\win89.tmp - Deleted
C:\WINDOWS\Temp\win890.tmp - Deleted
C:\WINDOWS\Temp\win891.tmp - Deleted
C:\WINDOWS\Temp\win892.tmp - Deleted
C:\WINDOWS\Temp\win893.tmp - Deleted
C:\WINDOWS\Temp\win894.tmp - Deleted
C:\WINDOWS\Temp\win895.tmp - Deleted
C:\WINDOWS\Temp\win896.tmp - Deleted
C:\WINDOWS\Temp\win897.tmp - Deleted
C:\WINDOWS\Temp\win898.tmp - Deleted
C:\WINDOWS\Temp\win899.tmp - Deleted
C:\WINDOWS\Temp\win89A.tmp - Deleted
C:\WINDOWS\Temp\win89B.tmp - Deleted
C:\WINDOWS\Temp\win89C.tmp - Deleted
C:\WINDOWS\Temp\win89D.tmp - Deleted
C:\WINDOWS\Temp\win89E.tmp - Deleted
C:\WINDOWS\Temp\win89F.tmp - Deleted
C:\WINDOWS\Temp\win8A.tmp - Deleted
C:\WINDOWS\Temp\win8A0.tmp - Deleted


----------



## USMCBUCK10 (Jan 21, 2007)

C:\WINDOWS\Temp\win8A1.tmp - Deleted
C:\WINDOWS\Temp\win8A2.tmp - Deleted
C:\WINDOWS\Temp\win8A3.tmp - Deleted
C:\WINDOWS\Temp\win8A4.tmp - Deleted
C:\WINDOWS\Temp\win8A5.tmp - Deleted
C:\WINDOWS\Temp\win8A6.tmp - Deleted
C:\WINDOWS\Temp\win8A7.tmp - Deleted
C:\WINDOWS\Temp\win8A8.tmp - Deleted
C:\WINDOWS\Temp\win8A9.tmp - Deleted
C:\WINDOWS\Temp\win8AA.tmp - Deleted
C:\WINDOWS\Temp\win8AB.tmp - Deleted
C:\WINDOWS\Temp\win8AC.tmp - Deleted
C:\WINDOWS\Temp\win8AD.tmp - Deleted
C:\WINDOWS\Temp\win8AE.tmp - Deleted
C:\WINDOWS\Temp\win8AF.tmp - Deleted
C:\WINDOWS\Temp\win8B.tmp - Deleted
C:\WINDOWS\Temp\win8B0.tmp - Deleted
C:\WINDOWS\Temp\win8B1.tmp - Deleted
C:\WINDOWS\Temp\win8B2.tmp - Deleted
C:\WINDOWS\Temp\win8B3.tmp - Deleted
C:\WINDOWS\Temp\win8B4.tmp - Deleted
C:\WINDOWS\Temp\win8B5.tmp - Deleted
C:\WINDOWS\Temp\win8B6.tmp - Deleted
C:\WINDOWS\Temp\win8B7.tmp - Deleted
C:\WINDOWS\Temp\win8B8.tmp - Deleted
C:\WINDOWS\Temp\win8B9.tmp - Deleted
C:\WINDOWS\Temp\win8BA.tmp - Deleted
C:\WINDOWS\Temp\win8BB.tmp - Deleted
C:\WINDOWS\Temp\win8BC.tmp - Deleted
C:\WINDOWS\Temp\win8BD.tmp - Deleted
C:\WINDOWS\Temp\win8BE.tmp - Deleted
C:\WINDOWS\Temp\win8BF.tmp - Deleted
C:\WINDOWS\Temp\win8C.tmp - Deleted
C:\WINDOWS\Temp\win8C0.tmp - Deleted
C:\WINDOWS\Temp\win8C1.tmp - Deleted
C:\WINDOWS\Temp\win8C2.tmp - Deleted
C:\WINDOWS\Temp\win8C3.tmp - Deleted
C:\WINDOWS\Temp\win8C4.tmp - Deleted
C:\WINDOWS\Temp\win8C5.tmp - Deleted
C:\WINDOWS\Temp\win8C6.tmp - Deleted
C:\WINDOWS\Temp\win8C7.tmp - Deleted
C:\WINDOWS\Temp\win8C8.tmp - Deleted
C:\WINDOWS\Temp\win8C9.tmp - Deleted
C:\WINDOWS\Temp\win8CA.tmp - Deleted
C:\WINDOWS\Temp\win8CB.tmp - Deleted
C:\WINDOWS\Temp\win8CC.tmp - Deleted
C:\WINDOWS\Temp\win8CD.tmp - Deleted
C:\WINDOWS\Temp\win8CE.tmp - Deleted
C:\WINDOWS\Temp\win8CF.tmp - Deleted
C:\WINDOWS\Temp\win8D.tmp - Deleted
C:\WINDOWS\Temp\win8D0.tmp - Deleted
C:\WINDOWS\Temp\win8D1.tmp - Deleted
C:\WINDOWS\Temp\win8D2.tmp - Deleted
C:\WINDOWS\Temp\win8D3.tmp - Deleted
C:\WINDOWS\Temp\win8D4.tmp - Deleted
C:\WINDOWS\Temp\win8D5.tmp - Deleted
C:\WINDOWS\Temp\win8D6.tmp - Deleted
C:\WINDOWS\Temp\win8D7.tmp - Deleted
C:\WINDOWS\Temp\win8D8.tmp - Deleted
C:\WINDOWS\Temp\win8D9.tmp - Deleted
C:\WINDOWS\Temp\win8DA.tmp - Deleted
C:\WINDOWS\Temp\win8DB.tmp - Deleted
C:\WINDOWS\Temp\win8DC.tmp - Deleted
C:\WINDOWS\Temp\win8DD.tmp - Deleted
C:\WINDOWS\Temp\win8DE.tmp - Deleted
C:\WINDOWS\Temp\win8DF.tmp - Deleted
C:\WINDOWS\Temp\win8E.tmp - Deleted
C:\WINDOWS\Temp\win8E0.tmp - Deleted
C:\WINDOWS\Temp\win8E1.tmp - Deleted
C:\WINDOWS\Temp\win8E2.tmp - Deleted
C:\WINDOWS\Temp\win8E3.tmp - Deleted
C:\WINDOWS\Temp\win8E4.tmp - Deleted
C:\WINDOWS\Temp\win8E5.tmp - Deleted
C:\WINDOWS\Temp\win8E6.tmp - Deleted
C:\WINDOWS\Temp\win8E7.tmp - Deleted
C:\WINDOWS\Temp\win8E8.tmp - Deleted
C:\WINDOWS\Temp\win8E9.tmp - Deleted
C:\WINDOWS\Temp\win8EA.tmp - Deleted
C:\WINDOWS\Temp\win8EB.tmp - Deleted
C:\WINDOWS\Temp\win8EC.tmp - Deleted
C:\WINDOWS\Temp\win8ED.tmp - Deleted
C:\WINDOWS\Temp\win8EE.tmp - Deleted
C:\WINDOWS\Temp\win8EF.tmp - Deleted
C:\WINDOWS\Temp\win8F.tmp - Deleted
C:\WINDOWS\Temp\win8F0.tmp - Deleted
C:\WINDOWS\Temp\win8F1.tmp - Deleted
C:\WINDOWS\Temp\win8F2.tmp - Deleted
C:\WINDOWS\Temp\win8F3.tmp - Deleted
C:\WINDOWS\Temp\win8F4.tmp - Deleted
C:\WINDOWS\Temp\win8F5.tmp - Deleted
C:\WINDOWS\Temp\win8F6.tmp - Deleted
C:\WINDOWS\Temp\win8F7.tmp - Deleted
C:\WINDOWS\Temp\win8F8.tmp - Deleted
C:\WINDOWS\Temp\win8F9.tmp - Deleted
C:\WINDOWS\Temp\win8FA.tmp - Deleted
C:\WINDOWS\Temp\win8FB.tmp - Deleted
C:\WINDOWS\Temp\win8FC.tmp - Deleted
C:\WINDOWS\Temp\win8FD.tmp - Deleted
C:\WINDOWS\Temp\win8FE.tmp - Deleted
C:\WINDOWS\Temp\win8FF.tmp - Deleted
C:\WINDOWS\Temp\win9.tmp - Deleted
C:\WINDOWS\Temp\win90.tmp - Deleted
C:\WINDOWS\Temp\win900.tmp - Deleted
C:\WINDOWS\Temp\win901.tmp - Deleted
C:\WINDOWS\Temp\win902.tmp - Deleted
C:\WINDOWS\Temp\win903.tmp - Deleted
C:\WINDOWS\Temp\win904.tmp - Deleted
C:\WINDOWS\Temp\win905.tmp - Deleted
C:\WINDOWS\Temp\win906.tmp - Deleted
C:\WINDOWS\Temp\win907.tmp - Deleted
C:\WINDOWS\Temp\win908.tmp - Deleted
C:\WINDOWS\Temp\win909.tmp - Deleted
C:\WINDOWS\Temp\win90A.tmp - Deleted
C:\WINDOWS\Temp\win90B.tmp - Deleted
C:\WINDOWS\Temp\win90C.tmp - Deleted
C:\WINDOWS\Temp\win90D.tmp - Deleted
C:\WINDOWS\Temp\win90E.tmp - Deleted
C:\WINDOWS\Temp\win90F.tmp - Deleted
C:\WINDOWS\Temp\win91.tmp - Deleted
C:\WINDOWS\Temp\win910.tmp - Deleted
C:\WINDOWS\Temp\win911.tmp - Deleted
C:\WINDOWS\Temp\win912.tmp - Deleted
C:\WINDOWS\Temp\win913.tmp - Deleted
C:\WINDOWS\Temp\win914.tmp - Deleted
C:\WINDOWS\Temp\win915.tmp - Deleted
C:\WINDOWS\Temp\win916.tmp - Deleted
C:\WINDOWS\Temp\win917.tmp - Deleted
C:\WINDOWS\Temp\win918.tmp - Deleted
C:\WINDOWS\Temp\win919.tmp - Deleted
C:\WINDOWS\Temp\win91A.tmp - Deleted
C:\WINDOWS\Temp\win91B.tmp - Deleted
C:\WINDOWS\Temp\win91C.tmp - Deleted
C:\WINDOWS\Temp\win91D.tmp - Deleted
C:\WINDOWS\Temp\win91E.tmp - Deleted
C:\WINDOWS\Temp\win91F.tmp - Deleted
C:\WINDOWS\Temp\win92.tmp - Deleted
C:\WINDOWS\Temp\win920.tmp - Deleted
C:\WINDOWS\Temp\win921.tmp - Deleted
C:\WINDOWS\Temp\win922.tmp - Deleted
C:\WINDOWS\Temp\win923.tmp - Deleted
C:\WINDOWS\Temp\win924.tmp - Deleted
C:\WINDOWS\Temp\win925.tmp - Deleted
C:\WINDOWS\Temp\win926.tmp - Deleted
C:\WINDOWS\Temp\win927.tmp - Deleted
C:\WINDOWS\Temp\win928.tmp - Deleted
C:\WINDOWS\Temp\win929.tmp - Deleted
C:\WINDOWS\Temp\win92A.tmp - Deleted
C:\WINDOWS\Temp\win92B.tmp - Deleted
C:\WINDOWS\Temp\win92C.tmp - Deleted
C:\WINDOWS\Temp\win92D.tmp - Deleted
C:\WINDOWS\Temp\win92E.tmp - Deleted
C:\WINDOWS\Temp\win92F.tmp - Deleted
C:\WINDOWS\Temp\win93.tmp - Deleted
C:\WINDOWS\Temp\win930.tmp - Deleted
C:\WINDOWS\Temp\win931.tmp - Deleted
C:\WINDOWS\Temp\win932.tmp - Deleted
C:\WINDOWS\Temp\win933.tmp - Deleted
C:\WINDOWS\Temp\win934.tmp - Deleted
C:\WINDOWS\Temp\win935.tmp - Deleted
C:\WINDOWS\Temp\win936.tmp - Deleted
C:\WINDOWS\Temp\win937.tmp - Deleted
C:\WINDOWS\Temp\win938.tmp - Deleted
C:\WINDOWS\Temp\win939.tmp - Deleted
C:\WINDOWS\Temp\win93A.tmp - Deleted
C:\WINDOWS\Temp\win93B.tmp - Deleted
C:\WINDOWS\Temp\win93C.tmp - Deleted
C:\WINDOWS\Temp\win93D.tmp - Deleted
C:\WINDOWS\Temp\win93E.tmp - Deleted
C:\WINDOWS\Temp\win93F.tmp - Deleted
C:\WINDOWS\Temp\win94.tmp - Deleted
C:\WINDOWS\Temp\win940.tmp - Deleted
C:\WINDOWS\Temp\win941.tmp - Deleted
C:\WINDOWS\Temp\win942.tmp - Deleted
C:\WINDOWS\Temp\win943.tmp - Deleted
C:\WINDOWS\Temp\win944.tmp - Deleted
C:\WINDOWS\Temp\win945.tmp - Deleted
C:\WINDOWS\Temp\win946.tmp - Deleted
C:\WINDOWS\Temp\win947.tmp - Deleted
C:\WINDOWS\Temp\win948.tmp - Deleted
C:\WINDOWS\Temp\win949.tmp - Deleted
C:\WINDOWS\Temp\win94A.tmp - Deleted
C:\WINDOWS\Temp\win94B.tmp - Deleted
C:\WINDOWS\Temp\win94C.tmp - Deleted
C:\WINDOWS\Temp\win94D.tmp - Deleted
C:\WINDOWS\Temp\win94E.tmp - Deleted
C:\WINDOWS\Temp\win94F.tmp - Deleted
C:\WINDOWS\Temp\win95.tmp - Deleted
C:\WINDOWS\Temp\win950.tmp - Deleted
C:\WINDOWS\Temp\win951.tmp - Deleted
C:\WINDOWS\Temp\win952.tmp - Deleted
C:\WINDOWS\Temp\win953.tmp - Deleted
C:\WINDOWS\Temp\win954.tmp - Deleted
C:\WINDOWS\Temp\win955.tmp - Deleted
C:\WINDOWS\Temp\win956.tmp - Deleted
C:\WINDOWS\Temp\win957.tmp - Deleted
C:\WINDOWS\Temp\win958.tmp - Deleted
C:\WINDOWS\Temp\win959.tmp - Deleted
C:\WINDOWS\Temp\win95A.tmp - Deleted
C:\WINDOWS\Temp\win95B.tmp - Deleted
C:\WINDOWS\Temp\win95C.tmp - Deleted
C:\WINDOWS\Temp\win95D.tmp - Deleted
C:\WINDOWS\Temp\win95E.tmp - Deleted
C:\WINDOWS\Temp\win95F.tmp - Deleted
C:\WINDOWS\Temp\win96.tmp - Deleted
C:\WINDOWS\Temp\win960.tmp - Deleted
C:\WINDOWS\Temp\win961.tmp - Deleted
C:\WINDOWS\Temp\win962.tmp - Deleted
C:\WINDOWS\Temp\win963.tmp - Deleted
C:\WINDOWS\Temp\win964.tmp - Deleted
C:\WINDOWS\Temp\win965.tmp - Deleted
C:\WINDOWS\Temp\win966.tmp - Deleted
C:\WINDOWS\Temp\win967.tmp - Deleted
C:\WINDOWS\Temp\win968.tmp - Deleted
C:\WINDOWS\Temp\win969.tmp - Deleted
C:\WINDOWS\Temp\win96A.tmp - Deleted
C:\WINDOWS\Temp\win96B.tmp - Deleted
C:\WINDOWS\Temp\win96C.tmp - Deleted
C:\WINDOWS\Temp\win96D.tmp - Deleted
C:\WINDOWS\Temp\win96E.tmp - Deleted
C:\WINDOWS\Temp\win96F.tmp - Deleted
C:\WINDOWS\Temp\win97.tmp - Deleted
C:\WINDOWS\Temp\win970.tmp - Deleted
C:\WINDOWS\Temp\win971.tmp - Deleted
C:\WINDOWS\Temp\win972.tmp - Deleted
C:\WINDOWS\Temp\win973.tmp - Deleted
C:\WINDOWS\Temp\win974.tmp - Deleted
C:\WINDOWS\Temp\win975.tmp - Deleted
C:\WINDOWS\Temp\win976.tmp - Deleted
C:\WINDOWS\Temp\win977.tmp - Deleted
C:\WINDOWS\Temp\win978.tmp - Deleted
C:\WINDOWS\Temp\win979.tmp - Deleted
C:\WINDOWS\Temp\win97A.tmp - Deleted
C:\WINDOWS\Temp\win97B.tmp - Deleted
C:\WINDOWS\Temp\win97C.tmp - Deleted
C:\WINDOWS\Temp\win97D.tmp - Deleted
C:\WINDOWS\Temp\win97E.tmp - Deleted
C:\WINDOWS\Temp\win97F.tmp - Deleted
C:\WINDOWS\Temp\win98.tmp - Deleted
C:\WINDOWS\Temp\win980.tmp - Deleted
C:\WINDOWS\Temp\win981.tmp - Deleted
C:\WINDOWS\Temp\win982.tmp - Deleted
C:\WINDOWS\Temp\win983.tmp - Deleted
C:\WINDOWS\Temp\win984.tmp - Deleted
C:\WINDOWS\Temp\win985.tmp - Deleted
C:\WINDOWS\Temp\win986.tmp - Deleted
C:\WINDOWS\Temp\win987.tmp - Deleted
C:\WINDOWS\Temp\win988.tmp - Deleted
C:\WINDOWS\Temp\win989.tmp - Deleted
C:\WINDOWS\Temp\win98A.tmp - Deleted
C:\WINDOWS\Temp\win98B.tmp - Deleted
C:\WINDOWS\Temp\win98C.tmp - Deleted
C:\WINDOWS\Temp\win98D.tmp - Deleted
C:\WINDOWS\Temp\win98E.tmp - Deleted
C:\WINDOWS\Temp\win98F.tmp - Deleted
C:\WINDOWS\Temp\win99.tmp - Deleted
C:\WINDOWS\Temp\win990.tmp - Deleted
C:\WINDOWS\Temp\win991.tmp - Deleted
C:\WINDOWS\Temp\win992.tmp - Deleted
C:\WINDOWS\Temp\win993.tmp - Deleted
C:\WINDOWS\Temp\win994.tmp - Deleted
C:\WINDOWS\Temp\win995.tmp - Deleted
C:\WINDOWS\Temp\win996.tmp - Deleted
C:\WINDOWS\Temp\win997.tmp - Deleted
C:\WINDOWS\Temp\win998.tmp - Deleted
C:\WINDOWS\Temp\win999.tmp - Deleted
C:\WINDOWS\Temp\win99A.tmp - Deleted
C:\WINDOWS\Temp\win99B.tmp - Deleted
C:\WINDOWS\Temp\win99C.tmp - Deleted
C:\WINDOWS\Temp\win99D.tmp - Deleted
C:\WINDOWS\Temp\win99E.tmp - Deleted
C:\WINDOWS\Temp\win99F.tmp - Deleted
C:\WINDOWS\Temp\win9A.tmp - Deleted
C:\WINDOWS\Temp\win9A0.tmp - Deleted
C:\WINDOWS\Temp\win9A1.tmp - Deleted
C:\WINDOWS\Temp\win9A2.tmp - Deleted
C:\WINDOWS\Temp\win9A3.tmp - Deleted
C:\WINDOWS\Temp\win9A4.tmp - Deleted
C:\WINDOWS\Temp\win9A5.tmp - Deleted
C:\WINDOWS\Temp\win9A6.tmp - Deleted
C:\WINDOWS\Temp\win9A7.tmp - Deleted
C:\WINDOWS\Temp\win9A8.tmp - Deleted
C:\WINDOWS\Temp\win9A9.tmp - Deleted
C:\WINDOWS\Temp\win9AA.tmp - Deleted
C:\WINDOWS\Temp\win9AB.tmp - Deleted
C:\WINDOWS\Temp\win9AC.tmp - Deleted
C:\WINDOWS\Temp\win9AD.tmp - Deleted
C:\WINDOWS\Temp\win9AE.tmp - Deleted
C:\WINDOWS\Temp\win9AF.tmp - Deleted
C:\WINDOWS\Temp\win9B.tmp - Deleted
C:\WINDOWS\Temp\win9B0.tmp - Deleted
C:\WINDOWS\Temp\win9B1.tmp - Deleted
C:\WINDOWS\Temp\win9B2.tmp - Deleted
C:\WINDOWS\Temp\win9B3.tmp - Deleted
C:\WINDOWS\Temp\win9B4.tmp - Deleted
C:\WINDOWS\Temp\win9B5.tmp - Deleted
C:\WINDOWS\Temp\win9B6.tmp - Deleted
C:\WINDOWS\Temp\win9B7.tmp - Deleted
C:\WINDOWS\Temp\win9B8.tmp - Deleted
C:\WINDOWS\Temp\win9B9.tmp - Deleted
C:\WINDOWS\Temp\win9BA.tmp - Deleted
C:\WINDOWS\Temp\win9BB.tmp - Deleted
C:\WINDOWS\Temp\win9BC.tmp - Deleted
C:\WINDOWS\Temp\win9BD.tmp - Deleted
C:\WINDOWS\Temp\win9BE.tmp - Deleted
C:\WINDOWS\Temp\win9BF.tmp - Deleted
C:\WINDOWS\Temp\win9C.tmp - Deleted
C:\WINDOWS\Temp\win9C0.tmp - Deleted
C:\WINDOWS\Temp\win9C1.tmp - Deleted
C:\WINDOWS\Temp\win9C2.tmp - Deleted
C:\WINDOWS\Temp\win9C3.tmp - Deleted
C:\WINDOWS\Temp\win9C4.tmp - Deleted
C:\WINDOWS\Temp\win9C5.tmp - Deleted
C:\WINDOWS\Temp\win9C6.tmp - Deleted
C:\WINDOWS\Temp\win9C7.tmp - Deleted
C:\WINDOWS\Temp\win9C8.tmp - Deleted
C:\WINDOWS\Temp\win9C9.tmp - Deleted
C:\WINDOWS\Temp\win9CA.tmp - Deleted
C:\WINDOWS\Temp\win9CB.tmp - Deleted
C:\WINDOWS\Temp\win9CC.tmp - Deleted
C:\WINDOWS\Temp\win9CD.tmp - Deleted
C:\WINDOWS\Temp\win9CE.tmp - Deleted
C:\WINDOWS\Temp\win9CF.tmp - Deleted
C:\WINDOWS\Temp\win9D.tmp - Deleted
C:\WINDOWS\Temp\win9D0.tmp - Deleted
C:\WINDOWS\Temp\win9D1.tmp - Deleted
C:\WINDOWS\Temp\win9D2.tmp - Deleted
C:\WINDOWS\Temp\win9D3.tmp - Deleted
C:\WINDOWS\Temp\win9D4.tmp - Deleted
C:\WINDOWS\Temp\win9D5.tmp - Deleted
C:\WINDOWS\Temp\win9D6.tmp - Deleted
C:\WINDOWS\Temp\win9D7.tmp - Deleted
C:\WINDOWS\Temp\win9D8.tmp - Deleted
C:\WINDOWS\Temp\win9D9.tmp - Deleted
C:\WINDOWS\Temp\win9DA.tmp - Deleted
C:\WINDOWS\Temp\win9DB.tmp - Deleted
C:\WINDOWS\Temp\win9DC.tmp - Deleted
C:\WINDOWS\Temp\win9DD.tmp - Deleted
C:\WINDOWS\Temp\win9DE.tmp - Deleted
C:\WINDOWS\Temp\win9DF.tmp - Deleted
C:\WINDOWS\Temp\win9E.tmp - Deleted
C:\WINDOWS\Temp\win9E0.tmp - Deleted
C:\WINDOWS\Temp\win9E1.tmp - Deleted
C:\WINDOWS\Temp\win9E2.tmp - Deleted
C:\WINDOWS\Temp\win9E3.tmp - Deleted
C:\WINDOWS\Temp\win9E4.tmp - Deleted
C:\WINDOWS\Temp\win9E5.tmp - Deleted
C:\WINDOWS\Temp\win9E6.tmp - Deleted
C:\WINDOWS\Temp\win9E7.tmp - Deleted
C:\WINDOWS\Temp\win9E8.tmp - Deleted
C:\WINDOWS\Temp\win9E9.tmp - Deleted
C:\WINDOWS\Temp\win9EA.tmp - Deleted
C:\WINDOWS\Temp\win9EB.tmp - Deleted
C:\WINDOWS\Temp\win9EC.tmp - Deleted
C:\WINDOWS\Temp\win9ED.tmp - Deleted
C:\WINDOWS\Temp\win9EE.tmp - Deleted
C:\WINDOWS\Temp\win9EF.tmp - Deleted
C:\WINDOWS\Temp\win9F.tmp - Deleted
C:\WINDOWS\Temp\win9F0.tmp - Deleted
C:\WINDOWS\Temp\win9F1.tmp - Deleted
C:\WINDOWS\Temp\win9F2.tmp - Deleted
C:\WINDOWS\Temp\win9F3.tmp - Deleted
C:\WINDOWS\Temp\win9F4.tmp - Deleted
C:\WINDOWS\Temp\win9F5.tmp - Deleted
C:\WINDOWS\Temp\win9F6.tmp - Deleted
C:\WINDOWS\Temp\win9F7.tmp - Deleted
C:\WINDOWS\Temp\win9F8.tmp - Deleted
C:\WINDOWS\Temp\win9F9.tmp - Deleted
C:\WINDOWS\Temp\win9FA.tmp - Deleted
C:\WINDOWS\Temp\win9FB.tmp - Deleted
C:\WINDOWS\Temp\win9FC.tmp - Deleted
C:\WINDOWS\Temp\win9FD.tmp - Deleted
C:\WINDOWS\Temp\win9FE.tmp - Deleted
C:\WINDOWS\Temp\win9FF.tmp - Deleted
C:\WINDOWS\Temp\winA.tmp - Deleted
C:\WINDOWS\Temp\winA0.tmp - Deleted
C:\WINDOWS\Temp\winA00.tmp - Deleted
C:\WINDOWS\Temp\winA01.tmp - Deleted
C:\WINDOWS\Temp\winA02.tmp - Deleted
C:\WINDOWS\Temp\winA03.tmp - Deleted
C:\WINDOWS\Temp\winA04.tmp - Deleted
C:\WINDOWS\Temp\winA05.tmp - Deleted
C:\WINDOWS\Temp\winA06.tmp - Deleted
C:\WINDOWS\Temp\winA07.tmp - Deleted
C:\WINDOWS\Temp\winA08.tmp - Deleted
C:\WINDOWS\Temp\winA09.tmp - Deleted
C:\WINDOWS\Temp\winA0A.tmp - Deleted
C:\WINDOWS\Temp\winA0B.tmp - Deleted
C:\WINDOWS\Temp\winA0C.tmp - Deleted
C:\WINDOWS\Temp\winA0D.tmp - Deleted
C:\WINDOWS\Temp\winA0E.tmp - Deleted
C:\WINDOWS\Temp\winA0F.tmp - Deleted
C:\WINDOWS\Temp\winA1.tmp - Deleted
C:\WINDOWS\Temp\winA10.tmp - Deleted
C:\WINDOWS\Temp\winA11.tmp - Deleted
C:\WINDOWS\Temp\winA12.tmp - Deleted
C:\WINDOWS\Temp\winA13.tmp - Deleted
C:\WINDOWS\Temp\winA14.tmp - Deleted
C:\WINDOWS\Temp\winA15.tmp - Deleted
C:\WINDOWS\Temp\winA16.tmp - Deleted
C:\WINDOWS\Temp\winA17.tmp - Deleted
C:\WINDOWS\Temp\winA18.tmp - Deleted
C:\WINDOWS\Temp\winA19.tmp - Deleted
C:\WINDOWS\Temp\winA1A.tmp - Deleted
C:\WINDOWS\Temp\winA1B.tmp - Deleted
C:\WINDOWS\Temp\winA1C.tmp - Deleted
C:\WINDOWS\Temp\winA1D.tmp - Deleted
C:\WINDOWS\Temp\winA1E.tmp - Deleted
C:\WINDOWS\Temp\winA1F.tmp - Deleted
C:\WINDOWS\Temp\winA2.tmp - Deleted
C:\WINDOWS\Temp\winA20.tmp - Deleted
C:\WINDOWS\Temp\winA21.tmp - Deleted
C:\WINDOWS\Temp\winA22.tmp - Deleted
C:\WINDOWS\Temp\winA23.tmp - Deleted
C:\WINDOWS\Temp\winA24.tmp - Deleted
C:\WINDOWS\Temp\winA25.tmp - Deleted
C:\WINDOWS\Temp\winA26.tmp - Deleted
C:\WINDOWS\Temp\winA27.tmp - Deleted
C:\WINDOWS\Temp\winA28.tmp - Deleted
C:\WINDOWS\Temp\winA29.tmp - Deleted
C:\WINDOWS\Temp\winA2A.tmp - Deleted
C:\WINDOWS\Temp\winA2B.tmp - Deleted
C:\WINDOWS\Temp\winA2C.tmp - Deleted
C:\WINDOWS\Temp\winA2D.tmp - Deleted
C:\WINDOWS\Temp\winA2E.tmp - Deleted
C:\WINDOWS\Temp\winA2F.tmp - Deleted
C:\WINDOWS\Temp\winA3.tmp - Deleted
C:\WINDOWS\Temp\winA30.tmp - Deleted
C:\WINDOWS\Temp\winA31.tmp - Deleted
C:\WINDOWS\Temp\winA32.tmp - Deleted
C:\WINDOWS\Temp\winA33.tmp - Deleted
C:\WINDOWS\Temp\winA34.tmp - Deleted
C:\WINDOWS\Temp\winA35.tmp - Deleted
C:\WINDOWS\Temp\winA36.tmp - Deleted
C:\WINDOWS\Temp\winA37.tmp - Deleted
C:\WINDOWS\Temp\winA38.tmp - Deleted
C:\WINDOWS\Temp\winA39.tmp - Deleted
C:\WINDOWS\Temp\winA3A.tmp - Deleted
C:\WINDOWS\Temp\winA3B.tmp - Deleted
C:\WINDOWS\Temp\winA3C.tmp - Deleted
C:\WINDOWS\Temp\winA3D.tmp - Deleted
C:\WINDOWS\Temp\winA3E.tmp - Deleted
C:\WINDOWS\Temp\winA3F.tmp - Deleted
C:\WINDOWS\Temp\winA4.tmp - Deleted
C:\WINDOWS\Temp\winA40.tmp - Deleted
C:\WINDOWS\Temp\winA41.tmp - Deleted
C:\WINDOWS\Temp\winA42.tmp - Deleted
C:\WINDOWS\Temp\winA43.tmp - Deleted
C:\WINDOWS\Temp\winA44.tmp - Deleted
C:\WINDOWS\Temp\winA45.tmp - Deleted
C:\WINDOWS\Temp\winA46.tmp - Deleted
C:\WINDOWS\Temp\winA47.tmp - Deleted
C:\WINDOWS\Temp\winA48.tmp - Deleted
C:\WINDOWS\Temp\winA49.tmp - Deleted
C:\WINDOWS\Temp\winA4A.tmp - Deleted
C:\WINDOWS\Temp\winA4B.tmp - Deleted
C:\WINDOWS\Temp\winA4C.tmp - Deleted
C:\WINDOWS\Temp\winA4D.tmp - Deleted
C:\WINDOWS\Temp\winA4E.tmp - Deleted
C:\WINDOWS\Temp\winA4F.tmp - Deleted
C:\WINDOWS\Temp\winA5.tmp - Deleted
C:\WINDOWS\Temp\winA50.tmp - Deleted
C:\WINDOWS\Temp\winA51.tmp - Deleted
C:\WINDOWS\Temp\winA52.tmp - Deleted
C:\WINDOWS\Temp\winA53.tmp - Deleted
C:\WINDOWS\Temp\winA54.tmp - Deleted
C:\WINDOWS\Temp\winA55.tmp - Deleted
C:\WINDOWS\Temp\winA56.tmp - Deleted
C:\WINDOWS\Temp\winA57.tmp - Deleted
C:\WINDOWS\Temp\winA58.tmp - Deleted
C:\WINDOWS\Temp\winA59.tmp - Deleted
C:\WINDOWS\Temp\winA5A.tmp - Deleted
C:\WINDOWS\Temp\winA5B.tmp - Deleted
C:\WINDOWS\Temp\winA5C.tmp - Deleted
C:\WINDOWS\Temp\winA5D.tmp - Deleted
C:\WINDOWS\Temp\winA5E.tmp - Deleted
C:\WINDOWS\Temp\winA5F.tmp - Deleted
C:\WINDOWS\Temp\winA6.tmp - Deleted
C:\WINDOWS\Temp\winA60.tmp - Deleted
C:\WINDOWS\Temp\winA61.tmp - Deleted
C:\WINDOWS\Temp\winA62.tmp - Deleted
C:\WINDOWS\Temp\winA63.tmp - Deleted
C:\WINDOWS\Temp\winA64.tmp - Deleted
C:\WINDOWS\Temp\winA65.tmp - Deleted
C:\WINDOWS\Temp\winA66.tmp - Deleted
C:\WINDOWS\Temp\winA67.tmp - Deleted
C:\WINDOWS\Temp\winA68.tmp - Deleted
C:\WINDOWS\Temp\winA69.tmp - Deleted
C:\WINDOWS\Temp\winA6A.tmp - Deleted
C:\WINDOWS\Temp\winA6B.tmp - Deleted
C:\WINDOWS\Temp\winA6C.tmp - Deleted
C:\WINDOWS\Temp\winA6D.tmp - Deleted
C:\WINDOWS\Temp\winA6E.tmp - Deleted
C:\WINDOWS\Temp\winA6F.tmp - Deleted
C:\WINDOWS\Temp\winA7.tmp - Deleted
C:\WINDOWS\Temp\winA70.tmp - Deleted
C:\WINDOWS\Temp\winA71.tmp - Deleted
C:\WINDOWS\Temp\winA72.tmp - Deleted
C:\WINDOWS\Temp\winA73.tmp - Deleted
C:\WINDOWS\Temp\winA74.tmp - Deleted
C:\WINDOWS\Temp\winA75.tmp - Deleted
C:\WINDOWS\Temp\winA76.tmp - Deleted
C:\WINDOWS\Temp\winA77.tmp - Deleted
C:\WINDOWS\Temp\winA78.tmp - Deleted
C:\WINDOWS\Temp\winA79.tmp - Deleted
C:\WINDOWS\Temp\winA7A.tmp - Deleted
C:\WINDOWS\Temp\winA7B.tmp - Deleted
C:\WINDOWS\Temp\winA7C.tmp - Deleted
C:\WINDOWS\Temp\winA7D.tmp - Deleted
C:\WINDOWS\Temp\winA7E.tmp - Deleted
C:\WINDOWS\Temp\winA7F.tmp - Deleted
C:\WINDOWS\Temp\winA8.tmp - Deleted
C:\WINDOWS\Temp\winA80.tmp - Deleted
C:\WINDOWS\Temp\winA81.tmp - Deleted
C:\WINDOWS\Temp\winA82.tmp - Deleted
C:\WINDOWS\Temp\winA83.tmp - Deleted
C:\WINDOWS\Temp\winA84.tmp - Deleted
C:\WINDOWS\Temp\winA85.tmp - Deleted
C:\WINDOWS\Temp\winA86.tmp - Deleted
C:\WINDOWS\Temp\winA87.tmp - Deleted
C:\WINDOWS\Temp\winA88.tmp - Deleted
C:\WINDOWS\Temp\winA89.tmp - Deleted
C:\WINDOWS\Temp\winA8A.tmp - Deleted
C:\WINDOWS\Temp\winA8B.tmp - Deleted
C:\WINDOWS\Temp\winA8C.tmp - Deleted
C:\WINDOWS\Temp\winA8D.tmp - Deleted
C:\WINDOWS\Temp\winA8E.tmp - Deleted
C:\WINDOWS\Temp\winA8F.tmp - Deleted
C:\WINDOWS\Temp\winA9.tmp - Deleted
C:\WINDOWS\Temp\winA90.tmp - Deleted
C:\WINDOWS\Temp\winA91.tmp - Deleted
C:\WINDOWS\Temp\winA92.tmp - Deleted
C:\WINDOWS\Temp\winA93.tmp - Deleted
C:\WINDOWS\Temp\winA94.tmp - Deleted
C:\WINDOWS\Temp\winA95.tmp - Deleted
C:\WINDOWS\Temp\winA96.tmp - Deleted
C:\WINDOWS\Temp\winA97.tmp - Deleted
C:\WINDOWS\Temp\winA98.tmp - Deleted
C:\WINDOWS\Temp\winA99.tmp - Deleted
C:\WINDOWS\Temp\winA9A.tmp - Deleted
C:\WINDOWS\Temp\winA9B.tmp - Deleted
C:\WINDOWS\Temp\winA9C.tmp - Deleted
C:\WINDOWS\Temp\winA9D.tmp - Deleted
C:\WINDOWS\Temp\winA9E.tmp - Deleted
C:\WINDOWS\Temp\winA9F.tmp - Deleted
C:\WINDOWS\Temp\winAA.tmp - Deleted
C:\WINDOWS\Temp\winAA0.tmp - Deleted
C:\WINDOWS\Temp\winAA1.tmp - Deleted
C:\WINDOWS\Temp\winAA2.tmp - Deleted
C:\WINDOWS\Temp\winAA3.tmp - Deleted
C:\WINDOWS\Temp\winAA4.tmp - Deleted
C:\WINDOWS\Temp\winAA5.tmp - Deleted
C:\WINDOWS\Temp\winAA6.tmp - Deleted
C:\WINDOWS\Temp\winAA7.tmp - Deleted
C:\WINDOWS\Temp\winAA8.tmp - Deleted
C:\WINDOWS\Temp\winAA9.tmp - Deleted
C:\WINDOWS\Temp\winAAA.tmp - Deleted
C:\WINDOWS\Temp\winAAB.tmp - Deleted
C:\WINDOWS\Temp\winAAC.tmp - Deleted
C:\WINDOWS\Temp\winAAD.tmp - Deleted
C:\WINDOWS\Temp\winAAE.tmp - Deleted
C:\WINDOWS\Temp\winAAF.tmp - Deleted
C:\WINDOWS\Temp\winAB.tmp - Deleted
C:\WINDOWS\Temp\winAB0.tmp - Deleted
C:\WINDOWS\Temp\winAB1.tmp - Deleted
C:\WINDOWS\Temp\winAB2.tmp - Deleted
C:\WINDOWS\Temp\winAB3.tmp - Deleted
C:\WINDOWS\Temp\winAB4.tmp - Deleted
C:\WINDOWS\Temp\winAB5.tmp - Deleted
C:\WINDOWS\Temp\winAB6.tmp - Deleted
C:\WINDOWS\Temp\winAB7.tmp - Deleted
C:\WINDOWS\Temp\winAB8.tmp - Deleted
C:\WINDOWS\Temp\winAB9.tmp - Deleted
C:\WINDOWS\Temp\winABA.tmp - Deleted
C:\WINDOWS\Temp\winABB.tmp - Deleted
C:\WINDOWS\Temp\winABC.tmp - Deleted
C:\WINDOWS\Temp\winABD.tmp - Deleted
C:\WINDOWS\Temp\winABE.tmp - Deleted
C:\WINDOWS\Temp\winABF.tmp - Deleted
C:\WINDOWS\Temp\winAC.tmp - Deleted
C:\WINDOWS\Temp\winAC0.tmp - Deleted
C:\WINDOWS\Temp\winAC1.tmp - Deleted
C:\WINDOWS\Temp\winAC2.tmp - Deleted
C:\WINDOWS\Temp\winAC3.tmp - Deleted
C:\WINDOWS\Temp\winAC4.tmp - Deleted
C:\WINDOWS\Temp\winAC5.tmp - Deleted
C:\WINDOWS\Temp\winAC6.tmp - Deleted
C:\WINDOWS\Temp\winAC7.tmp - Deleted
C:\WINDOWS\Temp\winAC8.tmp - Deleted
C:\WINDOWS\Temp\winAC9.tmp - Deleted
C:\WINDOWS\Temp\winACA.tmp - Deleted
C:\WINDOWS\Temp\winACB.tmp - Deleted
C:\WINDOWS\Temp\winACC.tmp - Deleted
C:\WINDOWS\Temp\winACD.tmp - Deleted
C:\WINDOWS\Temp\winACE.tmp - Deleted
C:\WINDOWS\Temp\winACF.tmp - Deleted
C:\WINDOWS\Temp\winAD.tmp - Deleted
C:\WINDOWS\Temp\winAD0.tmp - Deleted
C:\WINDOWS\Temp\winAD1.tmp - Deleted
C:\WINDOWS\Temp\winAD2.tmp - Deleted
C:\WINDOWS\Temp\winAD3.tmp - Deleted
C:\WINDOWS\Temp\winAD4.tmp - Deleted
C:\WINDOWS\Temp\winAD5.tmp - Deleted
C:\WINDOWS\Temp\winAD6.tmp - Deleted
C:\WINDOWS\Temp\winAD7.tmp - Deleted
C:\WINDOWS\Temp\winAD8.tmp - Deleted
C:\WINDOWS\Temp\winAD9.tmp - Deleted
C:\WINDOWS\Temp\winADA.tmp - Deleted
C:\WINDOWS\Temp\winADB.tmp - Deleted
C:\WINDOWS\Temp\winADC.tmp - Deleted
C:\WINDOWS\Temp\winADD.tmp - Deleted
C:\WINDOWS\Temp\winADE.tmp - Deleted
C:\WINDOWS\Temp\winADF.tmp - Deleted
C:\WINDOWS\Temp\winAE.tmp - Deleted
C:\WINDOWS\Temp\winAE0.tmp - Deleted
C:\WINDOWS\Temp\winAE1.tmp - Deleted
C:\WINDOWS\Temp\winAE2.tmp - Deleted
C:\WINDOWS\Temp\winAE3.tmp - Deleted
C:\WINDOWS\Temp\winAE4.tmp - Deleted
C:\WINDOWS\Temp\winAE5.tmp - Deleted
C:\WINDOWS\Temp\winAE6.tmp - Deleted
C:\WINDOWS\Temp\winAE7.tmp - Deleted
C:\WINDOWS\Temp\winAE8.tmp - Deleted
C:\WINDOWS\Temp\winAE9.tmp - Deleted
C:\WINDOWS\Temp\winAEA.tmp - Deleted
C:\WINDOWS\Temp\winAEB.tmp - Deleted
C:\WINDOWS\Temp\winAEC.tmp - Deleted
C:\WINDOWS\Temp\winAED.tmp - Deleted
C:\WINDOWS\Temp\winAEE.tmp - Deleted
C:\WINDOWS\Temp\winAEF.tmp - Deleted
C:\WINDOWS\Temp\winAF.tmp - Deleted
C:\WINDOWS\Temp\winAF0.tmp - Deleted
C:\WINDOWS\Temp\winAF1.tmp - Deleted
C:\WINDOWS\Temp\winAF2.tmp - Deleted
C:\WINDOWS\Temp\winAF3.tmp - Deleted
C:\WINDOWS\Temp\winAF4.tmp - Deleted
C:\WINDOWS\Temp\winAF5.tmp - Deleted
C:\WINDOWS\Temp\winAF6.tmp - Deleted


----------



## USMCBUCK10 (Jan 21, 2007)

C:\WINDOWS\Temp\winAF7.tmp - Deleted
C:\WINDOWS\Temp\winAF8.tmp - Deleted
C:\WINDOWS\Temp\winAF9.tmp - Deleted
C:\WINDOWS\Temp\winAFA.tmp - Deleted
C:\WINDOWS\Temp\winAFB.tmp - Deleted
C:\WINDOWS\Temp\winAFC.tmp - Deleted
C:\WINDOWS\Temp\winAFD.tmp - Deleted
C:\WINDOWS\Temp\winAFE.tmp - Deleted
C:\WINDOWS\Temp\winAFF.tmp - Deleted
C:\WINDOWS\Temp\winB.tmp - Deleted
C:\WINDOWS\Temp\winB0.tmp - Deleted
C:\WINDOWS\Temp\winB00.tmp - Deleted
C:\WINDOWS\Temp\winB01.tmp - Deleted
C:\WINDOWS\Temp\winB02.tmp - Deleted
C:\WINDOWS\Temp\winB03.tmp - Deleted
C:\WINDOWS\Temp\winB04.tmp - Deleted
C:\WINDOWS\Temp\winB05.tmp - Deleted
C:\WINDOWS\Temp\winB06.tmp - Deleted
C:\WINDOWS\Temp\winB07.tmp - Deleted
C:\WINDOWS\Temp\winB08.tmp - Deleted
C:\WINDOWS\Temp\winB09.tmp - Deleted
C:\WINDOWS\Temp\winB0A.tmp - Deleted
C:\WINDOWS\Temp\winB0B.tmp - Deleted
C:\WINDOWS\Temp\winB0C.tmp - Deleted
C:\WINDOWS\Temp\winB0D.tmp - Deleted
C:\WINDOWS\Temp\winB0E.tmp - Deleted
C:\WINDOWS\Temp\winB0F.tmp - Deleted
C:\WINDOWS\Temp\winB1.tmp - Deleted
C:\WINDOWS\Temp\winB10.tmp - Deleted
C:\WINDOWS\Temp\winB11.tmp - Deleted
C:\WINDOWS\Temp\winB12.tmp - Deleted
C:\WINDOWS\Temp\winB13.tmp - Deleted
C:\WINDOWS\Temp\winB14.tmp - Deleted
C:\WINDOWS\Temp\winB15.tmp - Deleted
C:\WINDOWS\Temp\winB16.tmp - Deleted
C:\WINDOWS\Temp\winB17.tmp - Deleted
C:\WINDOWS\Temp\winB18.tmp - Deleted
C:\WINDOWS\Temp\winB19.tmp - Deleted
C:\WINDOWS\Temp\winB1A.tmp - Deleted
C:\WINDOWS\Temp\winB1B.tmp - Deleted
C:\WINDOWS\Temp\winB1C.tmp - Deleted
C:\WINDOWS\Temp\winB1D.tmp - Deleted
C:\WINDOWS\Temp\winB1E.tmp - Deleted
C:\WINDOWS\Temp\winB1F.tmp - Deleted
C:\WINDOWS\Temp\winB2.tmp - Deleted
C:\WINDOWS\Temp\winB20.tmp - Deleted
C:\WINDOWS\Temp\winB21.tmp - Deleted
C:\WINDOWS\Temp\winB22.tmp - Deleted
C:\WINDOWS\Temp\winB23.tmp - Deleted
C:\WINDOWS\Temp\winB24.tmp - Deleted
C:\WINDOWS\Temp\winB25.tmp - Deleted
C:\WINDOWS\Temp\winB26.tmp - Deleted
C:\WINDOWS\Temp\winB27.tmp - Deleted
C:\WINDOWS\Temp\winB28.tmp - Deleted
C:\WINDOWS\Temp\winB29.tmp - Deleted
C:\WINDOWS\Temp\winB2A.tmp - Deleted
C:\WINDOWS\Temp\winB2B.tmp - Deleted
C:\WINDOWS\Temp\winB2C.tmp - Deleted
C:\WINDOWS\Temp\winB2D.tmp - Deleted
C:\WINDOWS\Temp\winB2E.tmp - Deleted
C:\WINDOWS\Temp\winB2F.tmp - Deleted
C:\WINDOWS\Temp\winB3.tmp - Deleted
C:\WINDOWS\Temp\winB30.tmp - Deleted
C:\WINDOWS\Temp\winB31.tmp - Deleted
C:\WINDOWS\Temp\winB32.tmp - Deleted
C:\WINDOWS\Temp\winB33.tmp - Deleted
C:\WINDOWS\Temp\winB34.tmp - Deleted
C:\WINDOWS\Temp\winB35.tmp - Deleted
C:\WINDOWS\Temp\winB36.tmp - Deleted
C:\WINDOWS\Temp\winB37.tmp - Deleted
C:\WINDOWS\Temp\winB38.tmp - Deleted
C:\WINDOWS\Temp\winB39.tmp - Deleted
C:\WINDOWS\Temp\winB3A.tmp - Deleted
C:\WINDOWS\Temp\winB3B.tmp - Deleted
C:\WINDOWS\Temp\winB3C.tmp - Deleted
C:\WINDOWS\Temp\winB3D.tmp - Deleted
C:\WINDOWS\Temp\winB3E.tmp - Deleted
C:\WINDOWS\Temp\winB3F.tmp - Deleted
C:\WINDOWS\Temp\winB4.tmp - Deleted
C:\WINDOWS\Temp\winB40.tmp - Deleted
C:\WINDOWS\Temp\winB41.tmp - Deleted
C:\WINDOWS\Temp\winB42.tmp - Deleted
C:\WINDOWS\Temp\winB43.tmp - Deleted
C:\WINDOWS\Temp\winB44.tmp - Deleted
C:\WINDOWS\Temp\winB45.tmp - Deleted
C:\WINDOWS\Temp\winB46.tmp - Deleted
C:\WINDOWS\Temp\winB47.tmp - Deleted
C:\WINDOWS\Temp\winB48.tmp - Deleted
C:\WINDOWS\Temp\winB49.tmp - Deleted
C:\WINDOWS\Temp\winB4A.tmp - Deleted
C:\WINDOWS\Temp\winB4B.tmp - Deleted
C:\WINDOWS\Temp\winB4C.tmp - Deleted
C:\WINDOWS\Temp\winB4D.tmp - Deleted
C:\WINDOWS\Temp\winB4E.tmp - Deleted
C:\WINDOWS\Temp\winB4F.tmp - Deleted
C:\WINDOWS\Temp\winB5.tmp - Deleted
C:\WINDOWS\Temp\winB50.tmp - Deleted
C:\WINDOWS\Temp\winB51.tmp - Deleted
C:\WINDOWS\Temp\winB52.tmp - Deleted
C:\WINDOWS\Temp\winB53.tmp - Deleted
C:\WINDOWS\Temp\winB54.tmp - Deleted
C:\WINDOWS\Temp\winB55.tmp - Deleted
C:\WINDOWS\Temp\winB56.tmp - Deleted
C:\WINDOWS\Temp\winB57.tmp - Deleted
C:\WINDOWS\Temp\winB58.tmp - Deleted
C:\WINDOWS\Temp\winB59.tmp - Deleted
C:\WINDOWS\Temp\winB5A.tmp - Deleted
C:\WINDOWS\Temp\winB5B.tmp - Deleted
C:\WINDOWS\Temp\winB5C.tmp - Deleted
C:\WINDOWS\Temp\winB5D.tmp - Deleted
C:\WINDOWS\Temp\winB5E.tmp - Deleted
C:\WINDOWS\Temp\winB5F.tmp - Deleted
C:\WINDOWS\Temp\winB6.tmp - Deleted
C:\WINDOWS\Temp\winB60.tmp - Deleted
C:\WINDOWS\Temp\winB61.tmp - Deleted
C:\WINDOWS\Temp\winB62.tmp - Deleted
C:\WINDOWS\Temp\winB63.tmp - Deleted
C:\WINDOWS\Temp\winB64.tmp - Deleted
C:\WINDOWS\Temp\winB65.tmp - Deleted
C:\WINDOWS\Temp\winB66.tmp - Deleted
C:\WINDOWS\Temp\winB67.tmp - Deleted
C:\WINDOWS\Temp\winB68.tmp - Deleted
C:\WINDOWS\Temp\winB69.tmp - Deleted
C:\WINDOWS\Temp\winB6A.tmp - Deleted
C:\WINDOWS\Temp\winB6B.tmp - Deleted
C:\WINDOWS\Temp\winB6C.tmp - Deleted
C:\WINDOWS\Temp\winB6D.tmp - Deleted
C:\WINDOWS\Temp\winB6E.tmp - Deleted
C:\WINDOWS\Temp\winB6F.tmp - Deleted
C:\WINDOWS\Temp\winB7.tmp - Deleted
C:\WINDOWS\Temp\winB70.tmp - Deleted
C:\WINDOWS\Temp\winB71.tmp - Deleted
C:\WINDOWS\Temp\winB72.tmp - Deleted
C:\WINDOWS\Temp\winB73.tmp - Deleted
C:\WINDOWS\Temp\winB74.tmp - Deleted
C:\WINDOWS\Temp\winB75.tmp - Deleted
C:\WINDOWS\Temp\winB76.tmp - Deleted
C:\WINDOWS\Temp\winB77.tmp - Deleted
C:\WINDOWS\Temp\winB78.tmp - Deleted
C:\WINDOWS\Temp\winB79.tmp - Deleted
C:\WINDOWS\Temp\winB7A.tmp - Deleted
C:\WINDOWS\Temp\winB7B.tmp - Deleted
C:\WINDOWS\Temp\winB7C.tmp - Deleted
C:\WINDOWS\Temp\winB7D.tmp - Deleted
C:\WINDOWS\Temp\winB7E.tmp - Deleted
C:\WINDOWS\Temp\winB7F.tmp - Deleted
C:\WINDOWS\Temp\winB8.tmp - Deleted
C:\WINDOWS\Temp\winB80.tmp - Deleted
C:\WINDOWS\Temp\winB81.tmp - Deleted
C:\WINDOWS\Temp\winB82.tmp - Deleted
C:\WINDOWS\Temp\winB83.tmp - Deleted
C:\WINDOWS\Temp\winB84.tmp - Deleted
C:\WINDOWS\Temp\winB85.tmp - Deleted
C:\WINDOWS\Temp\winB86.tmp - Deleted
C:\WINDOWS\Temp\winB87.tmp - Deleted
C:\WINDOWS\Temp\winB88.tmp - Deleted
C:\WINDOWS\Temp\winB89.tmp - Deleted
C:\WINDOWS\Temp\winB8A.tmp - Deleted
C:\WINDOWS\Temp\winB8B.tmp - Deleted
C:\WINDOWS\Temp\winB8C.tmp - Deleted
C:\WINDOWS\Temp\winB8D.tmp - Deleted
C:\WINDOWS\Temp\winB8E.tmp - Deleted
C:\WINDOWS\Temp\winB8F.tmp - Deleted
C:\WINDOWS\Temp\winB9.tmp - Deleted
C:\WINDOWS\Temp\winB90.tmp - Deleted
C:\WINDOWS\Temp\winB91.tmp - Deleted
C:\WINDOWS\Temp\winB92.tmp - Deleted
C:\WINDOWS\Temp\winB93.tmp - Deleted
C:\WINDOWS\Temp\winB94.tmp - Deleted
C:\WINDOWS\Temp\winB95.tmp - Deleted
C:\WINDOWS\Temp\winB96.tmp - Deleted
C:\WINDOWS\Temp\winB97.tmp - Deleted
C:\WINDOWS\Temp\winB98.tmp - Deleted
C:\WINDOWS\Temp\winB99.tmp - Deleted
C:\WINDOWS\Temp\winB9A.tmp - Deleted
C:\WINDOWS\Temp\winB9B.tmp - Deleted
C:\WINDOWS\Temp\winB9C.tmp - Deleted
C:\WINDOWS\Temp\winB9D.tmp - Deleted
C:\WINDOWS\Temp\winB9E.tmp - Deleted
C:\WINDOWS\Temp\winB9F.tmp - Deleted
C:\WINDOWS\Temp\winBA.tmp - Deleted
C:\WINDOWS\Temp\winBA0.tmp - Deleted
C:\WINDOWS\Temp\winBA1.tmp - Deleted
C:\WINDOWS\Temp\winBA2.tmp - Deleted
C:\WINDOWS\Temp\winBA3.tmp - Deleted
C:\WINDOWS\Temp\winBA4.tmp - Deleted
C:\WINDOWS\Temp\winBA5.tmp - Deleted
C:\WINDOWS\Temp\winBA6.tmp - Deleted
C:\WINDOWS\Temp\winBA7.tmp - Deleted
C:\WINDOWS\Temp\winBA8.tmp - Deleted
C:\WINDOWS\Temp\winBA9.tmp - Deleted
C:\WINDOWS\Temp\winBAA.tmp - Deleted
C:\WINDOWS\Temp\winBAB.tmp - Deleted
C:\WINDOWS\Temp\winBAC.tmp - Deleted
C:\WINDOWS\Temp\winBAD.tmp - Deleted
C:\WINDOWS\Temp\winBAE.tmp - Deleted
C:\WINDOWS\Temp\winBAF.tmp - Deleted
C:\WINDOWS\Temp\winBB.tmp - Deleted
C:\WINDOWS\Temp\winBB0.tmp - Deleted
C:\WINDOWS\Temp\winBB1.tmp - Deleted
C:\WINDOWS\Temp\winBB2.tmp - Deleted
C:\WINDOWS\Temp\winBB3.tmp - Deleted
C:\WINDOWS\Temp\winBB4.tmp - Deleted
C:\WINDOWS\Temp\winBB5.tmp - Deleted
C:\WINDOWS\Temp\winBB6.tmp - Deleted
C:\WINDOWS\Temp\winBB7.tmp - Deleted
C:\WINDOWS\Temp\winBB8.tmp - Deleted
C:\WINDOWS\Temp\winBB9.tmp - Deleted
C:\WINDOWS\Temp\winBBA.tmp - Deleted
C:\WINDOWS\Temp\winBBB.tmp - Deleted
C:\WINDOWS\Temp\winBBC.tmp - Deleted
C:\WINDOWS\Temp\winBBD.tmp - Deleted
C:\WINDOWS\Temp\winBBE.tmp - Deleted
C:\WINDOWS\Temp\winBBF.tmp - Deleted
C:\WINDOWS\Temp\winBC.tmp - Deleted
C:\WINDOWS\Temp\winBC0.tmp - Deleted
C:\WINDOWS\Temp\winBC1.tmp - Deleted
C:\WINDOWS\Temp\winBC2.tmp - Deleted
C:\WINDOWS\Temp\winBC3.tmp - Deleted
C:\WINDOWS\Temp\winBC4.tmp - Deleted
C:\WINDOWS\Temp\winBC5.tmp - Deleted
C:\WINDOWS\Temp\winBC6.tmp - Deleted
C:\WINDOWS\Temp\winBC7.tmp - Deleted
C:\WINDOWS\Temp\winBC8.tmp - Deleted
C:\WINDOWS\Temp\winBC9.tmp - Deleted
C:\WINDOWS\Temp\winBCA.tmp - Deleted
C:\WINDOWS\Temp\winBCB.tmp - Deleted
C:\WINDOWS\Temp\winBCC.tmp - Deleted
C:\WINDOWS\Temp\winBCD.tmp - Deleted
C:\WINDOWS\Temp\winBCE.tmp - Deleted
C:\WINDOWS\Temp\winBCF.tmp - Deleted
C:\WINDOWS\Temp\winBD.tmp - Deleted
C:\WINDOWS\Temp\winBD0.tmp - Deleted
C:\WINDOWS\Temp\winBD1.tmp - Deleted
C:\WINDOWS\Temp\winBD2.tmp - Deleted
C:\WINDOWS\Temp\winBD3.tmp - Deleted
C:\WINDOWS\Temp\winBD4.tmp - Deleted
C:\WINDOWS\Temp\winBD5.tmp - Deleted
C:\WINDOWS\Temp\winBD6.tmp - Deleted
C:\WINDOWS\Temp\winBD7.tmp - Deleted
C:\WINDOWS\Temp\winBD8.tmp - Deleted
C:\WINDOWS\Temp\winBD9.tmp - Deleted
C:\WINDOWS\Temp\winBDA.tmp - Deleted
C:\WINDOWS\Temp\winBDB.tmp - Deleted
C:\WINDOWS\Temp\winBDC.tmp - Deleted
C:\WINDOWS\Temp\winBDD.tmp - Deleted
C:\WINDOWS\Temp\winBDE.tmp - Deleted
C:\WINDOWS\Temp\winBDF.tmp - Deleted
C:\WINDOWS\Temp\winBE.tmp - Deleted
C:\WINDOWS\Temp\winBE0.tmp - Deleted
C:\WINDOWS\Temp\winBE1.tmp - Deleted
C:\WINDOWS\Temp\winBE2.tmp - Deleted
C:\WINDOWS\Temp\winBE3.tmp - Deleted
C:\WINDOWS\Temp\winBE4.tmp - Deleted
C:\WINDOWS\Temp\winBE5.tmp - Deleted
C:\WINDOWS\Temp\winBE6.tmp - Deleted
C:\WINDOWS\Temp\winBE7.tmp - Deleted
C:\WINDOWS\Temp\winBE8.tmp - Deleted
C:\WINDOWS\Temp\winBE9.tmp - Deleted
C:\WINDOWS\Temp\winBEA.tmp - Deleted
C:\WINDOWS\Temp\winBEB.tmp - Deleted
C:\WINDOWS\Temp\winBEC.tmp - Deleted
C:\WINDOWS\Temp\winBED.tmp - Deleted
C:\WINDOWS\Temp\winBEE.tmp - Deleted
C:\WINDOWS\Temp\winBEF.tmp - Deleted
C:\WINDOWS\Temp\winBF.tmp - Deleted
C:\WINDOWS\Temp\winBF0.tmp - Deleted
C:\WINDOWS\Temp\winBF1.tmp - Deleted
C:\WINDOWS\Temp\winBF2.tmp - Deleted
C:\WINDOWS\Temp\winBF3.tmp - Deleted
C:\WINDOWS\Temp\winBF4.tmp - Deleted
C:\WINDOWS\Temp\winBF5.tmp - Deleted
C:\WINDOWS\Temp\winBF6.tmp - Deleted
C:\WINDOWS\Temp\winBF7.tmp - Deleted
C:\WINDOWS\Temp\winBF8.tmp - Deleted
C:\WINDOWS\Temp\winBF9.tmp - Deleted
C:\WINDOWS\Temp\winBFA.tmp - Deleted
C:\WINDOWS\Temp\winBFB.tmp - Deleted
C:\WINDOWS\Temp\winBFC.tmp - Deleted
C:\WINDOWS\Temp\winBFD.tmp - Deleted
C:\WINDOWS\Temp\winBFE.tmp - Deleted
C:\WINDOWS\Temp\winBFF.tmp - Deleted
C:\WINDOWS\Temp\winC.tmp - Deleted
C:\WINDOWS\Temp\winC0.tmp - Deleted
C:\WINDOWS\Temp\winC00.tmp - Deleted
C:\WINDOWS\Temp\winC01.tmp - Deleted
C:\WINDOWS\Temp\winC02.tmp - Deleted
C:\WINDOWS\Temp\winC03.tmp - Deleted
C:\WINDOWS\Temp\winC04.tmp - Deleted
C:\WINDOWS\Temp\winC05.tmp - Deleted
C:\WINDOWS\Temp\winC06.tmp - Deleted
C:\WINDOWS\Temp\winC07.tmp - Deleted
C:\WINDOWS\Temp\winC08.tmp - Deleted
C:\WINDOWS\Temp\winC09.tmp - Deleted
C:\WINDOWS\Temp\winC0A.tmp - Deleted
C:\WINDOWS\Temp\winC0B.tmp - Deleted
C:\WINDOWS\Temp\winC0C.tmp - Deleted
C:\WINDOWS\Temp\winC0D.tmp - Deleted
C:\WINDOWS\Temp\winC0E.tmp - Deleted
C:\WINDOWS\Temp\winC0F.tmp - Deleted
C:\WINDOWS\Temp\winC1.tmp - Deleted
C:\WINDOWS\Temp\winC10.tmp - Deleted
C:\WINDOWS\Temp\winC11.tmp - Deleted
C:\WINDOWS\Temp\winC12.tmp - Deleted
C:\WINDOWS\Temp\winC13.tmp - Deleted
C:\WINDOWS\Temp\winC14.tmp - Deleted
C:\WINDOWS\Temp\winC15.tmp - Deleted
C:\WINDOWS\Temp\winC16.tmp - Deleted
C:\WINDOWS\Temp\winC17.tmp - Deleted
C:\WINDOWS\Temp\winC18.tmp - Deleted
C:\WINDOWS\Temp\winC19.tmp - Deleted
C:\WINDOWS\Temp\winC1A.tmp - Deleted
C:\WINDOWS\Temp\winC1B.tmp - Deleted
C:\WINDOWS\Temp\winC1C.tmp - Deleted
C:\WINDOWS\Temp\winC1D.tmp - Deleted
C:\WINDOWS\Temp\winC1E.tmp - Deleted
C:\WINDOWS\Temp\winC1F.tmp - Deleted
C:\WINDOWS\Temp\winC2.tmp - Deleted
C:\WINDOWS\Temp\winC20.tmp - Deleted
C:\WINDOWS\Temp\winC21.tmp - Deleted
C:\WINDOWS\Temp\winC22.tmp - Deleted
C:\WINDOWS\Temp\winC23.tmp - Deleted
C:\WINDOWS\Temp\winC24.tmp - Deleted
C:\WINDOWS\Temp\winC25.tmp - Deleted
C:\WINDOWS\Temp\winC26.tmp - Deleted
C:\WINDOWS\Temp\winC27.tmp - Deleted
C:\WINDOWS\Temp\winC28.tmp - Deleted
C:\WINDOWS\Temp\winC29.tmp - Deleted
C:\WINDOWS\Temp\winC2A.tmp - Deleted
C:\WINDOWS\Temp\winC2B.tmp - Deleted
C:\WINDOWS\Temp\winC2C.tmp - Deleted
C:\WINDOWS\Temp\winC2D.tmp - Deleted
C:\WINDOWS\Temp\winC2E.tmp - Deleted
C:\WINDOWS\Temp\winC2F.tmp - Deleted
C:\WINDOWS\Temp\winC3.tmp - Deleted
C:\WINDOWS\Temp\winC30.tmp - Deleted
C:\WINDOWS\Temp\winC31.tmp - Deleted
C:\WINDOWS\Temp\winC32.tmp - Deleted
C:\WINDOWS\Temp\winC33.tmp - Deleted
C:\WINDOWS\Temp\winC34.tmp - Deleted
C:\WINDOWS\Temp\winC35.tmp - Deleted
C:\WINDOWS\Temp\winC36.tmp - Deleted
C:\WINDOWS\Temp\winC37.tmp - Deleted
C:\WINDOWS\Temp\winC38.tmp - Deleted
C:\WINDOWS\Temp\winC39.tmp - Deleted
C:\WINDOWS\Temp\winC3A.tmp - Deleted
C:\WINDOWS\Temp\winC3B.tmp - Deleted
C:\WINDOWS\Temp\winC3C.tmp - Deleted
C:\WINDOWS\Temp\winC3D.tmp - Deleted
C:\WINDOWS\Temp\winC3E.tmp - Deleted
C:\WINDOWS\Temp\winC3F.tmp - Deleted
C:\WINDOWS\Temp\winC4.tmp - Deleted
C:\WINDOWS\Temp\winC40.tmp - Deleted
C:\WINDOWS\Temp\winC41.tmp - Deleted
C:\WINDOWS\Temp\winC42.tmp - Deleted
C:\WINDOWS\Temp\winC43.tmp - Deleted
C:\WINDOWS\Temp\winC44.tmp - Deleted
C:\WINDOWS\Temp\winC45.tmp - Deleted
C:\WINDOWS\Temp\winC46.tmp - Deleted
C:\WINDOWS\Temp\winC47.tmp - Deleted
C:\WINDOWS\Temp\winC48.tmp - Deleted
C:\WINDOWS\Temp\winC49.tmp - Deleted
C:\WINDOWS\Temp\winC4A.tmp - Deleted
C:\WINDOWS\Temp\winC4B.tmp - Deleted
C:\WINDOWS\Temp\winC4C.tmp - Deleted
C:\WINDOWS\Temp\winC4D.tmp - Deleted
C:\WINDOWS\Temp\winC4E.tmp - Deleted
C:\WINDOWS\Temp\winC4F.tmp - Deleted
C:\WINDOWS\Temp\winC5.tmp - Deleted
C:\WINDOWS\Temp\winC50.tmp - Deleted
C:\WINDOWS\Temp\winC51.tmp - Deleted
C:\WINDOWS\Temp\winC52.tmp - Deleted
C:\WINDOWS\Temp\winC53.tmp - Deleted
C:\WINDOWS\Temp\winC54.tmp - Deleted
C:\WINDOWS\Temp\winC55.tmp - Deleted
C:\WINDOWS\Temp\winC56.tmp - Deleted
C:\WINDOWS\Temp\winC57.tmp - Deleted
C:\WINDOWS\Temp\winC58.tmp - Deleted
C:\WINDOWS\Temp\winC59.tmp - Deleted
C:\WINDOWS\Temp\winC5A.tmp - Deleted
C:\WINDOWS\Temp\winC5B.tmp - Deleted
C:\WINDOWS\Temp\winC5C.tmp - Deleted
C:\WINDOWS\Temp\winC5D.tmp - Deleted
C:\WINDOWS\Temp\winC5E.tmp - Deleted
C:\WINDOWS\Temp\winC5F.tmp - Deleted
C:\WINDOWS\Temp\winC6.tmp - Deleted
C:\WINDOWS\Temp\winC60.tmp - Deleted
C:\WINDOWS\Temp\winC61.tmp - Deleted
C:\WINDOWS\Temp\winC62.tmp - Deleted
C:\WINDOWS\Temp\winC63.tmp - Deleted
C:\WINDOWS\Temp\winC64.tmp - Deleted
C:\WINDOWS\Temp\winC65.tmp - Deleted
C:\WINDOWS\Temp\winC66.tmp - Deleted
C:\WINDOWS\Temp\winC67.tmp - Deleted
C:\WINDOWS\Temp\winC68.tmp - Deleted
C:\WINDOWS\Temp\winC69.tmp - Deleted
C:\WINDOWS\Temp\winC6A.tmp - Deleted
C:\WINDOWS\Temp\winC6B.tmp - Deleted
C:\WINDOWS\Temp\winC6C.tmp - Deleted
C:\WINDOWS\Temp\winC6D.tmp - Deleted
C:\WINDOWS\Temp\winC6E.tmp - Deleted
C:\WINDOWS\Temp\winC6F.tmp - Deleted
C:\WINDOWS\Temp\winC7.tmp - Deleted
C:\WINDOWS\Temp\winC70.tmp - Deleted
C:\WINDOWS\Temp\winC71.tmp - Deleted
C:\WINDOWS\Temp\winC72.tmp - Deleted
C:\WINDOWS\Temp\winC73.tmp - Deleted
C:\WINDOWS\Temp\winC74.tmp - Deleted
C:\WINDOWS\Temp\winC75.tmp - Deleted
C:\WINDOWS\Temp\winC76.tmp - Deleted
C:\WINDOWS\Temp\winC77.tmp - Deleted
C:\WINDOWS\Temp\winC78.tmp - Deleted
C:\WINDOWS\Temp\winC79.tmp - Deleted
C:\WINDOWS\Temp\winC7A.tmp - Deleted
C:\WINDOWS\Temp\winC7B.tmp - Deleted
C:\WINDOWS\Temp\winC7C.tmp - Deleted
C:\WINDOWS\Temp\winC7D.tmp - Deleted
C:\WINDOWS\Temp\winC7E.tmp - Deleted
C:\WINDOWS\Temp\winC7F.tmp - Deleted
C:\WINDOWS\Temp\winC8.tmp - Deleted
C:\WINDOWS\Temp\winC80.tmp - Deleted
C:\WINDOWS\Temp\winC81.tmp - Deleted
C:\WINDOWS\Temp\winC82.tmp - Deleted
C:\WINDOWS\Temp\winC83.tmp - Deleted
C:\WINDOWS\Temp\winC84.tmp - Deleted
C:\WINDOWS\Temp\winC85.tmp - Deleted
C:\WINDOWS\Temp\winC86.tmp - Deleted
C:\WINDOWS\Temp\winC87.tmp - Deleted
C:\WINDOWS\Temp\winC88.tmp - Deleted
C:\WINDOWS\Temp\winC89.tmp - Deleted
C:\WINDOWS\Temp\winC8A.tmp - Deleted
C:\WINDOWS\Temp\winC8B.tmp - Deleted
C:\WINDOWS\Temp\winC8C.tmp - Deleted
C:\WINDOWS\Temp\winC8D.tmp - Deleted
C:\WINDOWS\Temp\winC8E.tmp - Deleted
C:\WINDOWS\Temp\winC8F.tmp - Deleted
C:\WINDOWS\Temp\winC9.tmp - Deleted
C:\WINDOWS\Temp\winC90.tmp - Deleted
C:\WINDOWS\Temp\winC91.tmp - Deleted
C:\WINDOWS\Temp\winC92.tmp - Deleted
C:\WINDOWS\Temp\winC93.tmp - Deleted
C:\WINDOWS\Temp\winC94.tmp - Deleted
C:\WINDOWS\Temp\winC95.tmp - Deleted
C:\WINDOWS\Temp\winC96.tmp - Deleted
C:\WINDOWS\Temp\winC97.tmp - Deleted
C:\WINDOWS\Temp\winC98.tmp - Deleted
C:\WINDOWS\Temp\winC99.tmp - Deleted
C:\WINDOWS\Temp\winC9A.tmp - Deleted
C:\WINDOWS\Temp\winC9B.tmp - Deleted
C:\WINDOWS\Temp\winC9C.tmp - Deleted
C:\WINDOWS\Temp\winC9D.tmp - Deleted
C:\WINDOWS\Temp\winC9E.tmp - Deleted
C:\WINDOWS\Temp\winC9F.tmp - Deleted
C:\WINDOWS\Temp\winCA.tmp - Deleted
C:\WINDOWS\Temp\winCA0.tmp - Deleted
C:\WINDOWS\Temp\winCA1.tmp - Deleted
C:\WINDOWS\Temp\winCA2.tmp - Deleted
C:\WINDOWS\Temp\winCA3.tmp - Deleted
C:\WINDOWS\Temp\winCA4.tmp - Deleted
C:\WINDOWS\Temp\winCA5.tmp - Deleted
C:\WINDOWS\Temp\winCA6.tmp - Deleted
C:\WINDOWS\Temp\winCA7.tmp - Deleted
C:\WINDOWS\Temp\winCA8.tmp - Deleted
C:\WINDOWS\Temp\winCA9.tmp - Deleted
C:\WINDOWS\Temp\winCAA.tmp - Deleted
C:\WINDOWS\Temp\winCAB.tmp - Deleted
C:\WINDOWS\Temp\winCAC.tmp - Deleted
C:\WINDOWS\Temp\winCAD.tmp - Deleted
C:\WINDOWS\Temp\winCAE.tmp - Deleted
C:\WINDOWS\Temp\winCAF.tmp - Deleted
C:\WINDOWS\Temp\winCB.tmp - Deleted
C:\WINDOWS\Temp\winCB0.tmp - Deleted
C:\WINDOWS\Temp\winCB1.tmp - Deleted
C:\WINDOWS\Temp\winCB2.tmp - Deleted
C:\WINDOWS\Temp\winCB3.tmp - Deleted
C:\WINDOWS\Temp\winCB4.tmp - Deleted
C:\WINDOWS\Temp\winCB5.tmp - Deleted
C:\WINDOWS\Temp\winCB6.tmp - Deleted
C:\WINDOWS\Temp\winCB7.tmp - Deleted
C:\WINDOWS\Temp\winCB8.tmp - Deleted
C:\WINDOWS\Temp\winCB9.tmp - Deleted
C:\WINDOWS\Temp\winCBA.tmp - Deleted
C:\WINDOWS\Temp\winCBB.tmp - Deleted
C:\WINDOWS\Temp\winCBC.tmp - Deleted
C:\WINDOWS\Temp\winCBD.tmp - Deleted
C:\WINDOWS\Temp\winCBE.tmp - Deleted
C:\WINDOWS\Temp\winCBF.tmp - Deleted
C:\WINDOWS\Temp\winCC.tmp - Deleted
C:\WINDOWS\Temp\winCC0.tmp - Deleted
C:\WINDOWS\Temp\winCC1.tmp - Deleted
C:\WINDOWS\Temp\winCC2.tmp - Deleted
C:\WINDOWS\Temp\winCC3.tmp - Deleted
C:\WINDOWS\Temp\winCC4.tmp - Deleted
C:\WINDOWS\Temp\winCC5.tmp - Deleted
C:\WINDOWS\Temp\winCC6.tmp - Deleted
C:\WINDOWS\Temp\winCC7.tmp - Deleted
C:\WINDOWS\Temp\winCC8.tmp - Deleted
C:\WINDOWS\Temp\winCC9.tmp - Deleted
C:\WINDOWS\Temp\winCCA.tmp - Deleted
C:\WINDOWS\Temp\winCCB.tmp - Deleted
C:\WINDOWS\Temp\winCCC.tmp - Deleted
C:\WINDOWS\Temp\winCCD.tmp - Deleted
C:\WINDOWS\Temp\winCCE.tmp - Deleted
C:\WINDOWS\Temp\winCCF.tmp - Deleted
C:\WINDOWS\Temp\winCD.tmp - Deleted
C:\WINDOWS\Temp\winCD0.tmp - Deleted
C:\WINDOWS\Temp\winCD1.tmp - Deleted
C:\WINDOWS\Temp\winCD2.tmp - Deleted
C:\WINDOWS\Temp\winCD3.tmp - Deleted
C:\WINDOWS\Temp\winCD4.tmp - Deleted
C:\WINDOWS\Temp\winCD5.tmp - Deleted
C:\WINDOWS\Temp\winCD6.tmp - Deleted
C:\WINDOWS\Temp\winCD7.tmp - Deleted
C:\WINDOWS\Temp\winCD8.tmp - Deleted
C:\WINDOWS\Temp\winCD9.tmp - Deleted
C:\WINDOWS\Temp\winCDA.tmp - Deleted
C:\WINDOWS\Temp\winCDB.tmp - Deleted
C:\WINDOWS\Temp\winCDC.tmp - Deleted
C:\WINDOWS\Temp\winCDD.tmp - Deleted
C:\WINDOWS\Temp\winCDE.tmp - Deleted
C:\WINDOWS\Temp\winCDF.tmp - Deleted
C:\WINDOWS\Temp\winCE.tmp - Deleted
C:\WINDOWS\Temp\winCE0.tmp - Deleted
C:\WINDOWS\Temp\winCE1.tmp - Deleted
C:\WINDOWS\Temp\winCE2.tmp - Deleted
C:\WINDOWS\Temp\winCE3.tmp - Deleted
C:\WINDOWS\Temp\winCE4.tmp - Deleted
C:\WINDOWS\Temp\winCE5.tmp - Deleted
C:\WINDOWS\Temp\winCE6.tmp - Deleted
C:\WINDOWS\Temp\winCE7.tmp - Deleted
C:\WINDOWS\Temp\winCE8.tmp - Deleted
C:\WINDOWS\Temp\winCE9.tmp - Deleted
C:\WINDOWS\Temp\winCEA.tmp - Deleted
C:\WINDOWS\Temp\winCEB.tmp - Deleted
C:\WINDOWS\Temp\winCEC.tmp - Deleted
C:\WINDOWS\Temp\winCED.tmp - Deleted
C:\WINDOWS\Temp\winCEE.tmp - Deleted
C:\WINDOWS\Temp\winCEF.tmp - Deleted
C:\WINDOWS\Temp\winCF.tmp - Deleted
C:\WINDOWS\Temp\winCF0.tmp - Deleted
C:\WINDOWS\Temp\winCF1.tmp - Deleted
C:\WINDOWS\Temp\winCF2.tmp - Deleted
C:\WINDOWS\Temp\winCF3.tmp - Deleted
C:\WINDOWS\Temp\winCF4.tmp - Deleted
C:\WINDOWS\Temp\winCF5.tmp - Deleted
C:\WINDOWS\Temp\winCF6.tmp - Deleted
C:\WINDOWS\Temp\winCF7.tmp - Deleted
C:\WINDOWS\Temp\winCF8.tmp - Deleted
C:\WINDOWS\Temp\winCF9.tmp - Deleted
C:\WINDOWS\Temp\winCFA.tmp - Deleted
C:\WINDOWS\Temp\winCFB.tmp - Deleted
C:\WINDOWS\Temp\winCFC.tmp - Deleted
C:\WINDOWS\Temp\winCFD.tmp - Deleted
C:\WINDOWS\Temp\winCFE.tmp - Deleted
C:\WINDOWS\Temp\winCFF.tmp - Deleted
C:\WINDOWS\Temp\winD.tmp - Deleted
C:\WINDOWS\Temp\winD0.tmp - Deleted
C:\WINDOWS\Temp\winD00.tmp - Deleted
C:\WINDOWS\Temp\winD01.tmp - Deleted
C:\WINDOWS\Temp\winD02.tmp - Deleted
C:\WINDOWS\Temp\winD03.tmp - Deleted
C:\WINDOWS\Temp\winD04.tmp - Deleted
C:\WINDOWS\Temp\winD05.tmp - Deleted
C:\WINDOWS\Temp\winD06.tmp - Deleted
C:\WINDOWS\Temp\winD07.tmp - Deleted
C:\WINDOWS\Temp\winD08.tmp - Deleted
C:\WINDOWS\Temp\winD09.tmp - Deleted
C:\WINDOWS\Temp\winD0A.tmp - Deleted
C:\WINDOWS\Temp\winD0B.tmp - Deleted
C:\WINDOWS\Temp\winD0C.tmp - Deleted
C:\WINDOWS\Temp\winD0D.tmp - Deleted
C:\WINDOWS\Temp\winD0E.tmp - Deleted
C:\WINDOWS\Temp\winD0F.tmp - Deleted
C:\WINDOWS\Temp\winD1.tmp - Deleted
C:\WINDOWS\Temp\winD10.tmp - Deleted
C:\WINDOWS\Temp\winD11.tmp - Deleted
C:\WINDOWS\Temp\winD12.tmp - Deleted
C:\WINDOWS\Temp\winD13.tmp - Deleted
C:\WINDOWS\Temp\winD14.tmp - Deleted
C:\WINDOWS\Temp\winD15.tmp - Deleted
C:\WINDOWS\Temp\winD16.tmp - Deleted
C:\WINDOWS\Temp\winD17.tmp - Deleted
C:\WINDOWS\Temp\winD18.tmp - Deleted
C:\WINDOWS\Temp\winD19.tmp - Deleted
C:\WINDOWS\Temp\winD1A.tmp - Deleted
C:\WINDOWS\Temp\winD1B.tmp - Deleted
C:\WINDOWS\Temp\winD1C.tmp - Deleted
C:\WINDOWS\Temp\winD1D.tmp - Deleted
C:\WINDOWS\Temp\winD1E.tmp - Deleted
C:\WINDOWS\Temp\winD1F.tmp - Deleted
C:\WINDOWS\Temp\winD2.tmp - Deleted


----------



## USMCBUCK10 (Jan 21, 2007)

C:\WINDOWS\Temp\winD20.tmp - Deleted
C:\WINDOWS\Temp\winD21.tmp - Deleted
C:\WINDOWS\Temp\winD22.tmp - Deleted
C:\WINDOWS\Temp\winD23.tmp - Deleted
C:\WINDOWS\Temp\winD24.tmp - Deleted
C:\WINDOWS\Temp\winD25.tmp - Deleted
C:\WINDOWS\Temp\winD26.tmp - Deleted
C:\WINDOWS\Temp\winD27.tmp - Deleted
C:\WINDOWS\Temp\winD28.tmp - Deleted
C:\WINDOWS\Temp\winD29.tmp - Deleted
C:\WINDOWS\Temp\winD2A.tmp - Deleted
C:\WINDOWS\Temp\winD2B.tmp - Deleted
C:\WINDOWS\Temp\winD2C.tmp - Deleted
C:\WINDOWS\Temp\winD2D.tmp - Deleted
C:\WINDOWS\Temp\winD2E.tmp - Deleted
C:\WINDOWS\Temp\winD2F.tmp - Deleted
C:\WINDOWS\Temp\winD3.tmp - Deleted
C:\WINDOWS\Temp\winD30.tmp - Deleted
C:\WINDOWS\Temp\winD31.tmp - Deleted
C:\WINDOWS\Temp\winD32.tmp - Deleted
C:\WINDOWS\Temp\winD33.tmp - Deleted
C:\WINDOWS\Temp\winD34.tmp - Deleted
C:\WINDOWS\Temp\winD35.tmp - Deleted
C:\WINDOWS\Temp\winD36.tmp - Deleted
C:\WINDOWS\Temp\winD37.tmp - Deleted
C:\WINDOWS\Temp\winD38.tmp - Deleted
C:\WINDOWS\Temp\winD39.tmp - Deleted
C:\WINDOWS\Temp\winD3A.tmp - Deleted
C:\WINDOWS\Temp\winD3B.tmp - Deleted
C:\WINDOWS\Temp\winD3C.tmp - Deleted
C:\WINDOWS\Temp\winD3D.tmp - Deleted
C:\WINDOWS\Temp\winD3E.tmp - Deleted
C:\WINDOWS\Temp\winD3F.tmp - Deleted
C:\WINDOWS\Temp\winD4.tmp - Deleted
C:\WINDOWS\Temp\winD40.tmp - Deleted
C:\WINDOWS\Temp\winD41.tmp - Deleted
C:\WINDOWS\Temp\winD42.tmp - Deleted
C:\WINDOWS\Temp\winD43.tmp - Deleted
C:\WINDOWS\Temp\winD44.tmp - Deleted
C:\WINDOWS\Temp\winD45.tmp - Deleted
C:\WINDOWS\Temp\winD46.tmp - Deleted
C:\WINDOWS\Temp\winD47.tmp - Deleted
C:\WINDOWS\Temp\winD48.tmp - Deleted
C:\WINDOWS\Temp\winD49.tmp - Deleted
C:\WINDOWS\Temp\winD4A.tmp - Deleted
C:\WINDOWS\Temp\winD4B.tmp - Deleted
C:\WINDOWS\Temp\winD4C.tmp - Deleted
C:\WINDOWS\Temp\winD4D.tmp - Deleted
C:\WINDOWS\Temp\winD4E.tmp - Deleted
C:\WINDOWS\Temp\winD4F.tmp - Deleted
C:\WINDOWS\Temp\winD5.tmp - Deleted
C:\WINDOWS\Temp\winD50.tmp - Deleted
C:\WINDOWS\Temp\winD51.tmp - Deleted
C:\WINDOWS\Temp\winD52.tmp - Deleted
C:\WINDOWS\Temp\winD53.tmp - Deleted
C:\WINDOWS\Temp\winD54.tmp - Deleted
C:\WINDOWS\Temp\winD55.tmp - Deleted
C:\WINDOWS\Temp\winD56.tmp - Deleted
C:\WINDOWS\Temp\winD57.tmp - Deleted
C:\WINDOWS\Temp\winD58.tmp - Deleted
C:\WINDOWS\Temp\winD59.tmp - Deleted
C:\WINDOWS\Temp\winD5A.tmp - Deleted
C:\WINDOWS\Temp\winD5B.tmp - Deleted
C:\WINDOWS\Temp\winD5C.tmp - Deleted
C:\WINDOWS\Temp\winD5D.tmp - Deleted
C:\WINDOWS\Temp\winD5E.tmp - Deleted
C:\WINDOWS\Temp\winD5F.tmp - Deleted
C:\WINDOWS\Temp\winD6.tmp - Deleted
C:\WINDOWS\Temp\winD60.tmp - Deleted
C:\WINDOWS\Temp\winD61.tmp - Deleted
C:\WINDOWS\Temp\winD62.tmp - Deleted
C:\WINDOWS\Temp\winD63.tmp - Deleted
C:\WINDOWS\Temp\winD64.tmp - Deleted
C:\WINDOWS\Temp\winD65.tmp - Deleted
C:\WINDOWS\Temp\winD66.tmp - Deleted
C:\WINDOWS\Temp\winD67.tmp - Deleted
C:\WINDOWS\Temp\winD68.tmp - Deleted
C:\WINDOWS\Temp\winD69.tmp - Deleted
C:\WINDOWS\Temp\winD6A.tmp - Deleted
C:\WINDOWS\Temp\winD6B.tmp - Deleted
C:\WINDOWS\Temp\winD6C.tmp - Deleted
C:\WINDOWS\Temp\winD6D.tmp - Deleted
C:\WINDOWS\Temp\winD6E.tmp - Deleted
C:\WINDOWS\Temp\winD6F.tmp - Deleted
C:\WINDOWS\Temp\winD7.tmp - Deleted
C:\WINDOWS\Temp\winD70.tmp - Deleted
C:\WINDOWS\Temp\winD71.tmp - Deleted
C:\WINDOWS\Temp\winD72.tmp - Deleted
C:\WINDOWS\Temp\winD73.tmp - Deleted
C:\WINDOWS\Temp\winD74.tmp - Deleted
C:\WINDOWS\Temp\winD75.tmp - Deleted
C:\WINDOWS\Temp\winD76.tmp - Deleted
C:\WINDOWS\Temp\winD77.tmp - Deleted
C:\WINDOWS\Temp\winD78.tmp - Deleted
C:\WINDOWS\Temp\winD79.tmp - Deleted
C:\WINDOWS\Temp\winD7A.tmp - Deleted
C:\WINDOWS\Temp\winD7B.tmp - Deleted
C:\WINDOWS\Temp\winD7C.tmp - Deleted
C:\WINDOWS\Temp\winD7D.tmp - Deleted
C:\WINDOWS\Temp\winD7E.tmp - Deleted
C:\WINDOWS\Temp\winD7F.tmp - Deleted
C:\WINDOWS\Temp\winD8.tmp - Deleted
C:\WINDOWS\Temp\winD80.tmp - Deleted
C:\WINDOWS\Temp\winD81.tmp - Deleted
C:\WINDOWS\Temp\winD82.tmp - Deleted
C:\WINDOWS\Temp\winD83.tmp - Deleted
C:\WINDOWS\Temp\winD84.tmp - Deleted
C:\WINDOWS\Temp\winD85.tmp - Deleted
C:\WINDOWS\Temp\winD86.tmp - Deleted
C:\WINDOWS\Temp\winD87.tmp - Deleted
C:\WINDOWS\Temp\winD88.tmp - Deleted
C:\WINDOWS\Temp\winD89.tmp - Deleted
C:\WINDOWS\Temp\winD8A.tmp - Deleted
C:\WINDOWS\Temp\winD8B.tmp - Deleted
C:\WINDOWS\Temp\winD8C.tmp - Deleted
C:\WINDOWS\Temp\winD8D.tmp - Deleted
C:\WINDOWS\Temp\winD8E.tmp - Deleted
C:\WINDOWS\Temp\winD8F.tmp - Deleted
C:\WINDOWS\Temp\winD9.tmp - Deleted
C:\WINDOWS\Temp\winD90.tmp - Deleted
C:\WINDOWS\Temp\winD91.tmp - Deleted
C:\WINDOWS\Temp\winD92.tmp - Deleted
C:\WINDOWS\Temp\winD93.tmp - Deleted
C:\WINDOWS\Temp\winD94.tmp - Deleted
C:\WINDOWS\Temp\winD95.tmp - Deleted
C:\WINDOWS\Temp\winD96.tmp - Deleted
C:\WINDOWS\Temp\winD97.tmp - Deleted
C:\WINDOWS\Temp\winD98.tmp - Deleted
C:\WINDOWS\Temp\winD99.tmp - Deleted
C:\WINDOWS\Temp\winD9A.tmp - Deleted
C:\WINDOWS\Temp\winD9B.tmp - Deleted
C:\WINDOWS\Temp\winD9C.tmp - Deleted
C:\WINDOWS\Temp\winD9D.tmp - Deleted
C:\WINDOWS\Temp\winD9E.tmp - Deleted
C:\WINDOWS\Temp\winD9F.tmp - Deleted
C:\WINDOWS\Temp\winDA.tmp - Deleted
C:\WINDOWS\Temp\winDA0.tmp - Deleted
C:\WINDOWS\Temp\winDA1.tmp - Deleted
C:\WINDOWS\Temp\winDA2.tmp - Deleted
C:\WINDOWS\Temp\winDA3.tmp - Deleted
C:\WINDOWS\Temp\winDA4.tmp - Deleted
C:\WINDOWS\Temp\winDA5.tmp - Deleted
C:\WINDOWS\Temp\winDA6.tmp - Deleted
C:\WINDOWS\Temp\winDA7.tmp - Deleted
C:\WINDOWS\Temp\winDA8.tmp - Deleted
C:\WINDOWS\Temp\winDA9.tmp - Deleted
C:\WINDOWS\Temp\winDAA.tmp - Deleted
C:\WINDOWS\Temp\winDAB.tmp - Deleted
C:\WINDOWS\Temp\winDAC.tmp - Deleted
C:\WINDOWS\Temp\winDAD.tmp - Deleted
C:\WINDOWS\Temp\winDAE.tmp - Deleted
C:\WINDOWS\Temp\winDAF.tmp - Deleted
C:\WINDOWS\Temp\winDB.tmp - Deleted
C:\WINDOWS\Temp\winDB0.tmp - Deleted
C:\WINDOWS\Temp\winDB1.tmp - Deleted
C:\WINDOWS\Temp\winDB2.tmp - Deleted
C:\WINDOWS\Temp\winDB3.tmp - Deleted
C:\WINDOWS\Temp\winDB4.tmp - Deleted
C:\WINDOWS\Temp\winDB5.tmp - Deleted
C:\WINDOWS\Temp\winDB6.tmp - Deleted
C:\WINDOWS\Temp\winDB7.tmp - Deleted
C:\WINDOWS\Temp\winDB8.tmp - Deleted
C:\WINDOWS\Temp\winDB9.tmp - Deleted
C:\WINDOWS\Temp\winDBA.tmp - Deleted
C:\WINDOWS\Temp\winDBB.tmp - Deleted
C:\WINDOWS\Temp\winDBC.tmp - Deleted
C:\WINDOWS\Temp\winDBD.tmp - Deleted
C:\WINDOWS\Temp\winDBE.tmp - Deleted
C:\WINDOWS\Temp\winDBF.tmp - Deleted
C:\WINDOWS\Temp\winDC.tmp - Deleted
C:\WINDOWS\Temp\winDC0.tmp - Deleted
C:\WINDOWS\Temp\winDC1.tmp - Deleted
C:\WINDOWS\Temp\winDC2.tmp - Deleted
C:\WINDOWS\Temp\winDC3.tmp - Deleted
C:\WINDOWS\Temp\winDC4.tmp - Deleted
C:\WINDOWS\Temp\winDC5.tmp - Deleted
C:\WINDOWS\Temp\winDC6.tmp - Deleted
C:\WINDOWS\Temp\winDC7.tmp - Deleted
C:\WINDOWS\Temp\winDC8.tmp - Deleted
C:\WINDOWS\Temp\winDC9.tmp - Deleted
C:\WINDOWS\Temp\winDCA.tmp - Deleted
C:\WINDOWS\Temp\winDCB.tmp - Deleted
C:\WINDOWS\Temp\winDCC.tmp - Deleted
C:\WINDOWS\Temp\winDCD.tmp - Deleted
C:\WINDOWS\Temp\winDCE.tmp - Deleted
C:\WINDOWS\Temp\winDCF.tmp - Deleted
C:\WINDOWS\Temp\winDD.tmp - Deleted
C:\WINDOWS\Temp\winDD0.tmp - Deleted
C:\WINDOWS\Temp\winDD1.tmp - Deleted
C:\WINDOWS\Temp\winDD2.tmp - Deleted
C:\WINDOWS\Temp\winDD3.tmp - Deleted
C:\WINDOWS\Temp\winDD4.tmp - Deleted
C:\WINDOWS\Temp\winDD5.tmp - Deleted
C:\WINDOWS\Temp\winDD6.tmp - Deleted
C:\WINDOWS\Temp\winDD7.tmp - Deleted
C:\WINDOWS\Temp\winDD8.tmp - Deleted
C:\WINDOWS\Temp\winDD9.tmp - Deleted
C:\WINDOWS\Temp\winDDA.tmp - Deleted
C:\WINDOWS\Temp\winDDB.tmp - Deleted
C:\WINDOWS\Temp\winDDC.tmp - Deleted
C:\WINDOWS\Temp\winDDD.tmp - Deleted
C:\WINDOWS\Temp\winDDE.tmp - Deleted
C:\WINDOWS\Temp\winDDF.tmp - Deleted
C:\WINDOWS\Temp\winDE.tmp - Deleted
C:\WINDOWS\Temp\winDE0.tmp - Deleted
C:\WINDOWS\Temp\winDE1.tmp - Deleted
C:\WINDOWS\Temp\winDE2.tmp - Deleted
C:\WINDOWS\Temp\winDE3.tmp - Deleted
C:\WINDOWS\Temp\winDE4.tmp - Deleted
C:\WINDOWS\Temp\winDE5.tmp - Deleted
C:\WINDOWS\Temp\winDE6.tmp - Deleted
C:\WINDOWS\Temp\winDE7.tmp - Deleted
C:\WINDOWS\Temp\winDE8.tmp - Deleted
C:\WINDOWS\Temp\winDE9.tmp - Deleted
C:\WINDOWS\Temp\winDEA.tmp - Deleted
C:\WINDOWS\Temp\winDEB.tmp - Deleted
C:\WINDOWS\Temp\winDEC.tmp - Deleted
C:\WINDOWS\Temp\winDED.tmp - Deleted
C:\WINDOWS\Temp\winDEE.tmp - Deleted
C:\WINDOWS\Temp\winDEF.tmp - Deleted
C:\WINDOWS\Temp\winDF.tmp - Deleted
C:\WINDOWS\Temp\winDF0.tmp - Deleted
C:\WINDOWS\Temp\winDF1.tmp - Deleted
C:\WINDOWS\Temp\winDF2.tmp - Deleted
C:\WINDOWS\Temp\winDF3.tmp - Deleted
C:\WINDOWS\Temp\winDF4.tmp - Deleted
C:\WINDOWS\Temp\winDF5.tmp - Deleted
C:\WINDOWS\Temp\winDF6.tmp - Deleted
C:\WINDOWS\Temp\winDF7.tmp - Deleted
C:\WINDOWS\Temp\winDF8.tmp - Deleted
C:\WINDOWS\Temp\winDF9.tmp - Deleted
C:\WINDOWS\Temp\winDFA.tmp - Deleted
C:\WINDOWS\Temp\winDFB.tmp - Deleted
C:\WINDOWS\Temp\winDFC.tmp - Deleted
C:\WINDOWS\Temp\winDFD.tmp - Deleted
C:\WINDOWS\Temp\winDFE.tmp - Deleted
C:\WINDOWS\Temp\winDFF.tmp - Deleted
C:\WINDOWS\Temp\winE.tmp - Deleted
C:\WINDOWS\Temp\winE0.tmp - Deleted
C:\WINDOWS\Temp\winE00.tmp - Deleted
C:\WINDOWS\Temp\winE01.tmp - Deleted
C:\WINDOWS\Temp\winE02.tmp - Deleted
C:\WINDOWS\Temp\winE03.tmp - Deleted
C:\WINDOWS\Temp\winE04.tmp - Deleted
C:\WINDOWS\Temp\winE05.tmp - Deleted
C:\WINDOWS\Temp\winE06.tmp - Deleted
C:\WINDOWS\Temp\winE07.tmp - Deleted
C:\WINDOWS\Temp\winE08.tmp - Deleted
C:\WINDOWS\Temp\winE09.tmp - Deleted
C:\WINDOWS\Temp\winE0A.tmp - Deleted
C:\WINDOWS\Temp\winE0B.tmp - Deleted
C:\WINDOWS\Temp\winE0C.tmp - Deleted
C:\WINDOWS\Temp\winE0D.tmp - Deleted
C:\WINDOWS\Temp\winE0E.tmp - Deleted
C:\WINDOWS\Temp\winE0F.tmp - Deleted
C:\WINDOWS\Temp\winE1.tmp - Deleted
C:\WINDOWS\Temp\winE10.tmp - Deleted
C:\WINDOWS\Temp\winE11.tmp - Deleted
C:\WINDOWS\Temp\winE12.tmp - Deleted
C:\WINDOWS\Temp\winE13.tmp - Deleted
C:\WINDOWS\Temp\winE14.tmp - Deleted
C:\WINDOWS\Temp\winE15.tmp - Deleted
C:\WINDOWS\Temp\winE16.tmp - Deleted
C:\WINDOWS\Temp\winE17.tmp - Deleted
C:\WINDOWS\Temp\winE18.tmp - Deleted
C:\WINDOWS\Temp\winE19.tmp - Deleted
C:\WINDOWS\Temp\winE1A.tmp - Deleted
C:\WINDOWS\Temp\winE1B.tmp - Deleted
C:\WINDOWS\Temp\winE1C.tmp - Deleted
C:\WINDOWS\Temp\winE1D.tmp - Deleted
C:\WINDOWS\Temp\winE1E.tmp - Deleted
C:\WINDOWS\Temp\winE1F.tmp - Deleted
C:\WINDOWS\Temp\winE2.tmp - Deleted
C:\WINDOWS\Temp\winE20.tmp - Deleted
C:\WINDOWS\Temp\winE21.tmp - Deleted
C:\WINDOWS\Temp\winE22.tmp - Deleted
C:\WINDOWS\Temp\winE23.tmp - Deleted
C:\WINDOWS\Temp\winE24.tmp - Deleted
C:\WINDOWS\Temp\winE25.tmp - Deleted
C:\WINDOWS\Temp\winE26.tmp - Deleted
C:\WINDOWS\Temp\winE27.tmp - Deleted
C:\WINDOWS\Temp\winE28.tmp - Deleted
C:\WINDOWS\Temp\winE29.tmp - Deleted
C:\WINDOWS\Temp\winE2A.tmp - Deleted
C:\WINDOWS\Temp\winE2B.tmp - Deleted
C:\WINDOWS\Temp\winE2C.tmp - Deleted
C:\WINDOWS\Temp\winE2D.tmp - Deleted
C:\WINDOWS\Temp\winE2E.tmp - Deleted
C:\WINDOWS\Temp\winE2F.tmp - Deleted
C:\WINDOWS\Temp\winE3.tmp - Deleted
C:\WINDOWS\Temp\winE30.tmp - Deleted
C:\WINDOWS\Temp\winE31.tmp - Deleted
C:\WINDOWS\Temp\winE32.tmp - Deleted
C:\WINDOWS\Temp\winE33.tmp - Deleted
C:\WINDOWS\Temp\winE34.tmp - Deleted
C:\WINDOWS\Temp\winE35.tmp - Deleted
C:\WINDOWS\Temp\winE36.tmp - Deleted
C:\WINDOWS\Temp\winE37.tmp - Deleted
C:\WINDOWS\Temp\winE38.tmp - Deleted
C:\WINDOWS\Temp\winE39.tmp - Deleted
C:\WINDOWS\Temp\winE3A.tmp - Deleted
C:\WINDOWS\Temp\winE3B.tmp - Deleted
C:\WINDOWS\Temp\winE3C.tmp - Deleted
C:\WINDOWS\Temp\winE3D.tmp - Deleted
C:\WINDOWS\Temp\winE3E.tmp - Deleted
C:\WINDOWS\Temp\winE3F.tmp - Deleted
C:\WINDOWS\Temp\winE4.tmp - Deleted
C:\WINDOWS\Temp\winE40.tmp - Deleted
C:\WINDOWS\Temp\winE41.tmp - Deleted
C:\WINDOWS\Temp\winE42.tmp - Deleted
C:\WINDOWS\Temp\winE43.tmp - Deleted
C:\WINDOWS\Temp\winE44.tmp - Deleted
C:\WINDOWS\Temp\winE45.tmp - Deleted
C:\WINDOWS\Temp\winE46.tmp - Deleted
C:\WINDOWS\Temp\winE47.tmp - Deleted
C:\WINDOWS\Temp\winE48.tmp - Deleted
C:\WINDOWS\Temp\winE49.tmp - Deleted
C:\WINDOWS\Temp\winE4A.tmp - Deleted
C:\WINDOWS\Temp\winE4B.tmp - Deleted
C:\WINDOWS\Temp\winE4C.tmp - Deleted
C:\WINDOWS\Temp\winE4D.tmp - Deleted
C:\WINDOWS\Temp\winE4E.tmp - Deleted
C:\WINDOWS\Temp\winE4F.tmp - Deleted
C:\WINDOWS\Temp\winE5.tmp - Deleted
C:\WINDOWS\Temp\winE50.tmp - Deleted
C:\WINDOWS\Temp\winE51.tmp - Deleted
C:\WINDOWS\Temp\winE52.tmp - Deleted
C:\WINDOWS\Temp\winE53.tmp - Deleted
C:\WINDOWS\Temp\winE54.tmp - Deleted
C:\WINDOWS\Temp\winE55.tmp - Deleted
C:\WINDOWS\Temp\winE56.tmp - Deleted
C:\WINDOWS\Temp\winE57.tmp - Deleted
C:\WINDOWS\Temp\winE58.tmp - Deleted
C:\WINDOWS\Temp\winE59.tmp - Deleted
C:\WINDOWS\Temp\winE5A.tmp - Deleted
C:\WINDOWS\Temp\winE5B.tmp - Deleted
C:\WINDOWS\Temp\winE5C.tmp - Deleted
C:\WINDOWS\Temp\winE5D.tmp - Deleted
C:\WINDOWS\Temp\winE5E.tmp - Deleted
C:\WINDOWS\Temp\winE5F.tmp - Deleted
C:\WINDOWS\Temp\winE6.tmp - Deleted
C:\WINDOWS\Temp\winE60.tmp - Deleted
C:\WINDOWS\Temp\winE61.tmp - Deleted
C:\WINDOWS\Temp\winE62.tmp - Deleted
C:\WINDOWS\Temp\winE63.tmp - Deleted
C:\WINDOWS\Temp\winE64.tmp - Deleted
C:\WINDOWS\Temp\winE65.tmp - Deleted
C:\WINDOWS\Temp\winE66.tmp - Deleted
C:\WINDOWS\Temp\winE67.tmp - Deleted
C:\WINDOWS\Temp\winE68.tmp - Deleted
C:\WINDOWS\Temp\winE69.tmp - Deleted
C:\WINDOWS\Temp\winE6A.tmp - Deleted
C:\WINDOWS\Temp\winE6B.tmp - Deleted
C:\WINDOWS\Temp\winE6C.tmp - Deleted
C:\WINDOWS\Temp\winE6D.tmp - Deleted
C:\WINDOWS\Temp\winE6E.tmp - Deleted
C:\WINDOWS\Temp\winE6F.tmp - Deleted
C:\WINDOWS\Temp\winE70.tmp - Deleted
C:\WINDOWS\Temp\winE71.tmp - Deleted
C:\WINDOWS\Temp\winE72.tmp - Deleted
C:\WINDOWS\Temp\winE73.tmp - Deleted
C:\WINDOWS\Temp\winE74.tmp - Deleted
C:\WINDOWS\Temp\winE75.tmp - Deleted
C:\WINDOWS\Temp\winE76.tmp - Deleted
C:\WINDOWS\Temp\winE77.tmp - Deleted
C:\WINDOWS\Temp\winE78.tmp - Deleted
C:\WINDOWS\Temp\winE79.tmp - Deleted
C:\WINDOWS\Temp\winE7A.tmp - Deleted
C:\WINDOWS\Temp\winE7B.tmp - Deleted
C:\WINDOWS\Temp\winE7C.tmp - Deleted
C:\WINDOWS\Temp\winE7D.tmp - Deleted
C:\WINDOWS\Temp\winE7E.tmp - Deleted
C:\WINDOWS\Temp\winE7F.tmp - Deleted
C:\WINDOWS\Temp\winE8.tmp - Deleted
C:\WINDOWS\Temp\winE80.tmp - Deleted
C:\WINDOWS\Temp\winE81.tmp - Deleted
C:\WINDOWS\Temp\winE82.tmp - Deleted
C:\WINDOWS\Temp\winE83.tmp - Deleted
C:\WINDOWS\Temp\winE84.tmp - Deleted
C:\WINDOWS\Temp\winE85.tmp - Deleted
C:\WINDOWS\Temp\winE86.tmp - Deleted
C:\WINDOWS\Temp\winE87.tmp - Deleted
C:\WINDOWS\Temp\winE88.tmp - Deleted
C:\WINDOWS\Temp\winE89.tmp - Deleted
C:\WINDOWS\Temp\winE8A.tmp - Deleted
C:\WINDOWS\Temp\winE8B.tmp - Deleted
C:\WINDOWS\Temp\winE8C.tmp - Deleted
C:\WINDOWS\Temp\winE8D.tmp - Deleted
C:\WINDOWS\Temp\winE8E.tmp - Deleted
C:\WINDOWS\Temp\winE8F.tmp - Deleted
C:\WINDOWS\Temp\winE9.tmp - Deleted
C:\WINDOWS\Temp\winE90.tmp - Deleted
C:\WINDOWS\Temp\winE91.tmp - Deleted
C:\WINDOWS\Temp\winE92.tmp - Deleted
C:\WINDOWS\Temp\winE93.tmp - Deleted
C:\WINDOWS\Temp\winE94.tmp - Deleted
C:\WINDOWS\Temp\winE95.tmp - Deleted
C:\WINDOWS\Temp\winE96.tmp - Deleted
C:\WINDOWS\Temp\winE97.tmp - Deleted
C:\WINDOWS\Temp\winE98.tmp - Deleted
C:\WINDOWS\Temp\winE99.tmp - Deleted
C:\WINDOWS\Temp\winE9A.tmp - Deleted
C:\WINDOWS\Temp\winE9B.tmp - Deleted
C:\WINDOWS\Temp\winE9C.tmp - Deleted
C:\WINDOWS\Temp\winE9D.tmp - Deleted
C:\WINDOWS\Temp\winE9E.tmp - Deleted
C:\WINDOWS\Temp\winE9F.tmp - Deleted
C:\WINDOWS\Temp\winEA.tmp - Deleted
C:\WINDOWS\Temp\winEA0.tmp - Deleted
C:\WINDOWS\Temp\winEA1.tmp - Deleted
C:\WINDOWS\Temp\winEA2.tmp - Deleted
C:\WINDOWS\Temp\winEA3.tmp - Deleted
C:\WINDOWS\Temp\winEA4.tmp - Deleted
C:\WINDOWS\Temp\winEA5.tmp - Deleted
C:\WINDOWS\Temp\winEA6.tmp - Deleted
C:\WINDOWS\Temp\winEA7.tmp - Deleted
C:\WINDOWS\Temp\winEA8.tmp - Deleted
C:\WINDOWS\Temp\winEA9.tmp - Deleted
C:\WINDOWS\Temp\winEAA.tmp - Deleted
C:\WINDOWS\Temp\winEAB.tmp - Deleted
C:\WINDOWS\Temp\winEAC.tmp - Deleted
C:\WINDOWS\Temp\winEAD.tmp - Deleted
C:\WINDOWS\Temp\winEAE.tmp - Deleted
C:\WINDOWS\Temp\winEAF.tmp - Deleted
C:\WINDOWS\Temp\winEB.tmp - Deleted
C:\WINDOWS\Temp\winEB0.tmp - Deleted
C:\WINDOWS\Temp\winEB1.tmp - Deleted
C:\WINDOWS\Temp\winEB2.tmp - Deleted
C:\WINDOWS\Temp\winEB3.tmp - Deleted
C:\WINDOWS\Temp\winEB4.tmp - Deleted
C:\WINDOWS\Temp\winEB5.tmp - Deleted
C:\WINDOWS\Temp\winEB6.tmp - Deleted
C:\WINDOWS\Temp\winEB7.tmp - Deleted
C:\WINDOWS\Temp\winEB8.tmp - Deleted
C:\WINDOWS\Temp\winEB9.tmp - Deleted
C:\WINDOWS\Temp\winEBA.tmp - Deleted
C:\WINDOWS\Temp\winEBB.tmp - Deleted
C:\WINDOWS\Temp\winEBC.tmp - Deleted
C:\WINDOWS\Temp\winEBD.tmp - Deleted
C:\WINDOWS\Temp\winEBE.tmp - Deleted
C:\WINDOWS\Temp\winEBF.tmp - Deleted
C:\WINDOWS\Temp\winEC.tmp - Deleted
C:\WINDOWS\Temp\winEC0.tmp - Deleted
C:\WINDOWS\Temp\winEC1.tmp - Deleted
C:\WINDOWS\Temp\winEC2.tmp - Deleted
C:\WINDOWS\Temp\winEC3.tmp - Deleted
C:\WINDOWS\Temp\winEC4.tmp - Deleted
C:\WINDOWS\Temp\winEC5.tmp - Deleted
C:\WINDOWS\Temp\winEC6.tmp - Deleted
C:\WINDOWS\Temp\winEC7.tmp - Deleted
C:\WINDOWS\Temp\winEC8.tmp - Deleted
C:\WINDOWS\Temp\winEC9.tmp - Deleted
C:\WINDOWS\Temp\winECA.tmp - Deleted
C:\WINDOWS\Temp\winECB.tmp - Deleted
C:\WINDOWS\Temp\winECC.tmp - Deleted
C:\WINDOWS\Temp\winECD.tmp - Deleted
C:\WINDOWS\Temp\winECE.tmp - Deleted
C:\WINDOWS\Temp\winECF.tmp - Deleted
C:\WINDOWS\Temp\winED.tmp - Deleted
C:\WINDOWS\Temp\winED0.tmp - Deleted
C:\WINDOWS\Temp\winED1.tmp - Deleted
C:\WINDOWS\Temp\winED2.tmp - Deleted
C:\WINDOWS\Temp\winED3.tmp - Deleted
C:\WINDOWS\Temp\winED4.tmp - Deleted
C:\WINDOWS\Temp\winED5.tmp - Deleted
C:\WINDOWS\Temp\winED6.tmp - Deleted
C:\WINDOWS\Temp\winED7.tmp - Deleted
C:\WINDOWS\Temp\winED8.tmp - Deleted
C:\WINDOWS\Temp\winED9.tmp - Deleted
C:\WINDOWS\Temp\winEDA.tmp - Deleted
C:\WINDOWS\Temp\winEDB.tmp - Deleted
C:\WINDOWS\Temp\winEDC.tmp - Deleted
C:\WINDOWS\Temp\winEDD.tmp - Deleted
C:\WINDOWS\Temp\winEDE.tmp - Deleted
C:\WINDOWS\Temp\winEDF.tmp - Deleted
C:\WINDOWS\Temp\winEE.tmp - Deleted
C:\WINDOWS\Temp\winEE0.tmp - Deleted
C:\WINDOWS\Temp\winEE1.tmp - Deleted
C:\WINDOWS\Temp\winEE2.tmp - Deleted
C:\WINDOWS\Temp\winEE3.tmp - Deleted
C:\WINDOWS\Temp\winEE4.tmp - Deleted
C:\WINDOWS\Temp\winEE5.tmp - Deleted
C:\WINDOWS\Temp\winEE6.tmp - Deleted
C:\WINDOWS\Temp\winEE7.tmp - Deleted
C:\WINDOWS\Temp\winEE8.tmp - Deleted
C:\WINDOWS\Temp\winEE9.tmp - Deleted
C:\WINDOWS\Temp\winEEA.tmp - Deleted
C:\WINDOWS\Temp\winEEB.tmp - Deleted
C:\WINDOWS\Temp\winEEC.tmp - Deleted
C:\WINDOWS\Temp\winEED.tmp - Deleted
C:\WINDOWS\Temp\winEEE.tmp - Deleted
C:\WINDOWS\Temp\winEEF.tmp - Deleted
C:\WINDOWS\Temp\winEF.tmp - Deleted
C:\WINDOWS\Temp\winEF0.tmp - Deleted
C:\WINDOWS\Temp\winEF1.tmp - Deleted
C:\WINDOWS\Temp\winEF2.tmp - Deleted
C:\WINDOWS\Temp\winEF3.tmp - Deleted
C:\WINDOWS\Temp\winEF4.tmp - Deleted
C:\WINDOWS\Temp\winEF5.tmp - Deleted
C:\WINDOWS\Temp\winEF6.tmp - Deleted
C:\WINDOWS\Temp\winEF7.tmp - Deleted
C:\WINDOWS\Temp\winEF8.tmp - Deleted
C:\WINDOWS\Temp\winEF9.tmp - Deleted
C:\WINDOWS\Temp\winEFA.tmp - Deleted
C:\WINDOWS\Temp\winEFB.tmp - Deleted
C:\WINDOWS\Temp\winEFC.tmp - Deleted
C:\WINDOWS\Temp\winEFD.tmp - Deleted
C:\WINDOWS\Temp\winEFE.tmp - Deleted
C:\WINDOWS\Temp\winEFF.tmp - Deleted
C:\WINDOWS\Temp\winF.tmp - Deleted
C:\WINDOWS\Temp\winF0.tmp - Deleted
C:\WINDOWS\Temp\winF00.tmp - Deleted
C:\WINDOWS\Temp\winF01.tmp - Deleted
C:\WINDOWS\Temp\winF02.tmp - Deleted
C:\WINDOWS\Temp\winF03.tmp - Deleted
C:\WINDOWS\Temp\winF04.tmp - Deleted
C:\WINDOWS\Temp\winF05.tmp - Deleted
C:\WINDOWS\Temp\winF06.tmp - Deleted
C:\WINDOWS\Temp\winF07.tmp - Deleted
C:\WINDOWS\Temp\winF08.tmp - Deleted
C:\WINDOWS\Temp\winF09.tmp - Deleted
C:\WINDOWS\Temp\winF0A.tmp - Deleted
C:\WINDOWS\Temp\winF0B.tmp - Deleted
C:\WINDOWS\Temp\winF0C.tmp - Deleted
C:\WINDOWS\Temp\winF0D.tmp - Deleted
C:\WINDOWS\Temp\winF0E.tmp - Deleted
C:\WINDOWS\Temp\winF0F.tmp - Deleted
C:\WINDOWS\Temp\winF1.tmp - Deleted
C:\WINDOWS\Temp\winF10.tmp - Deleted
C:\WINDOWS\Temp\winF11.tmp - Deleted
C:\WINDOWS\Temp\winF12.tmp - Deleted
C:\WINDOWS\Temp\winF13.tmp - Deleted
C:\WINDOWS\Temp\winF14.tmp - Deleted
C:\WINDOWS\Temp\winF15.tmp - Deleted
C:\WINDOWS\Temp\winF16.tmp - Deleted
C:\WINDOWS\Temp\winF17.tmp - Deleted
C:\WINDOWS\Temp\winF18.tmp - Deleted
C:\WINDOWS\Temp\winF19.tmp - Deleted
C:\WINDOWS\Temp\winF1A.tmp - Deleted
C:\WINDOWS\Temp\winF1B.tmp - Deleted
C:\WINDOWS\Temp\winF1C.tmp - Deleted
C:\WINDOWS\Temp\winF1D.tmp - Deleted
C:\WINDOWS\Temp\winF1E.tmp - Deleted
C:\WINDOWS\Temp\winF1F.tmp - Deleted
C:\WINDOWS\Temp\winF2.tmp - Deleted
C:\WINDOWS\Temp\winF20.tmp - Deleted
C:\WINDOWS\Temp\winF21.tmp - Deleted
C:\WINDOWS\Temp\winF22.tmp - Deleted
C:\WINDOWS\Temp\winF23.tmp - Deleted
C:\WINDOWS\Temp\winF24.tmp - Deleted
C:\WINDOWS\Temp\winF25.tmp - Deleted
C:\WINDOWS\Temp\winF26.tmp - Deleted
C:\WINDOWS\Temp\winF27.tmp - Deleted
C:\WINDOWS\Temp\winF28.tmp - Deleted
C:\WINDOWS\Temp\winF29.tmp - Deleted
C:\WINDOWS\Temp\winF2A.tmp - Deleted
C:\WINDOWS\Temp\winF2B.tmp - Deleted
C:\WINDOWS\Temp\winF2C.tmp - Deleted
C:\WINDOWS\Temp\winF2D.tmp - Deleted
C:\WINDOWS\Temp\winF2E.tmp - Deleted
C:\WINDOWS\Temp\winF2F.tmp - Deleted
C:\WINDOWS\Temp\winF3.tmp - Deleted
C:\WINDOWS\Temp\winF30.tmp - Deleted
C:\WINDOWS\Temp\winF31.tmp - Deleted
C:\WINDOWS\Temp\winF32.tmp - Deleted
C:\WINDOWS\Temp\winF33.tmp - Deleted
C:\WINDOWS\Temp\winF34.tmp - Deleted
C:\WINDOWS\Temp\winF35.tmp - Deleted
C:\WINDOWS\Temp\winF36.tmp - Deleted
C:\WINDOWS\Temp\winF37.tmp - Deleted
C:\WINDOWS\Temp\winF38.tmp - Deleted
C:\WINDOWS\Temp\winF39.tmp - Deleted
C:\WINDOWS\Temp\winF3A.tmp - Deleted
C:\WINDOWS\Temp\winF3B.tmp - Deleted
C:\WINDOWS\Temp\winF3C.tmp - Deleted
C:\WINDOWS\Temp\winF3D.tmp - Deleted
C:\WINDOWS\Temp\winF3E.tmp - Deleted
C:\WINDOWS\Temp\winF3F.tmp - Deleted
C:\WINDOWS\Temp\winF4.tmp - Deleted
C:\WINDOWS\Temp\winF40.tmp - Deleted
C:\WINDOWS\Temp\winF41.tmp - Deleted
C:\WINDOWS\Temp\winF42.tmp - Deleted
C:\WINDOWS\Temp\winF43.tmp - Deleted
C:\WINDOWS\Temp\winF44.tmp - Deleted
C:\WINDOWS\Temp\winF45.tmp - Deleted
C:\WINDOWS\Temp\winF46.tmp - Deleted
C:\WINDOWS\Temp\winF47.tmp - Deleted
C:\WINDOWS\Temp\winF48.tmp - Deleted
C:\WINDOWS\Temp\winF49.tmp - Deleted
C:\WINDOWS\Temp\winF4A.tmp - Deleted
C:\WINDOWS\Temp\winF4B.tmp - Deleted
C:\WINDOWS\Temp\winF4C.tmp - Deleted
C:\WINDOWS\Temp\winF4D.tmp - Deleted
C:\WINDOWS\Temp\winF4E.tmp - Deleted
C:\WINDOWS\Temp\winF4F.tmp - Deleted
C:\WINDOWS\Temp\winF5.tmp - Deleted
C:\WINDOWS\Temp\winF50.tmp - Deleted
C:\WINDOWS\Temp\winF51.tmp - Deleted
C:\WINDOWS\Temp\winF52.tmp - Deleted
C:\WINDOWS\Temp\winF53.tmp - Deleted
C:\WINDOWS\Temp\winF54.tmp - Deleted
C:\WINDOWS\Temp\winF55.tmp - Deleted
C:\WINDOWS\Temp\winF56.tmp - Deleted
C:\WINDOWS\Temp\winF57.tmp - Deleted
C:\WINDOWS\Temp\winF58.tmp - Deleted
C:\WINDOWS\Temp\winF59.tmp - Deleted
C:\WINDOWS\Temp\winF5A.tmp - Deleted
C:\WINDOWS\Temp\winF5B.tmp - Deleted
C:\WINDOWS\Temp\winF5C.tmp - Deleted
C:\WINDOWS\Temp\winF5D.tmp - Deleted
C:\WINDOWS\Temp\winF5E.tmp - Deleted
C:\WINDOWS\Temp\winF5F.tmp - Deleted
C:\WINDOWS\Temp\winF6.tmp - Deleted
C:\WINDOWS\Temp\winF60.tmp - Deleted
C:\WINDOWS\Temp\winF61.tmp - Deleted
C:\WINDOWS\Temp\winF62.tmp - Deleted
C:\WINDOWS\Temp\winF63.tmp - Deleted
C:\WINDOWS\Temp\winF64.tmp - Deleted
C:\WINDOWS\Temp\winF65.tmp - Deleted
C:\WINDOWS\Temp\winF66.tmp - Deleted
C:\WINDOWS\Temp\winF67.tmp - Deleted
C:\WINDOWS\Temp\winF68.tmp - Deleted
C:\WINDOWS\Temp\winF69.tmp - Deleted
C:\WINDOWS\Temp\winF6A.tmp - Deleted
C:\WINDOWS\Temp\winF6B.tmp - Deleted
C:\WINDOWS\Temp\winF6C.tmp - Deleted
C:\WINDOWS\Temp\winF6D.tmp - Deleted
C:\WINDOWS\Temp\winF6E.tmp - Deleted
C:\WINDOWS\Temp\winF6F.tmp - Deleted
C:\WINDOWS\Temp\winF7.tmp - Deleted
C:\WINDOWS\Temp\winF70.tmp - Deleted
C:\WINDOWS\Temp\winF71.tmp - Deleted
C:\WINDOWS\Temp\winF72.tmp - Deleted
C:\WINDOWS\Temp\winF73.tmp - Deleted
C:\WINDOWS\Temp\winF74.tmp - Deleted
C:\WINDOWS\Temp\winF75.tmp - Deleted
C:\WINDOWS\Temp\winF76.tmp - Deleted
C:\WINDOWS\Temp\winF77.tmp - Deleted
C:\WINDOWS\Temp\winF78.tmp - Deleted
C:\WINDOWS\Temp\winF79.tmp - Deleted
C:\WINDOWS\Temp\winF7A.tmp - Deleted
C:\WINDOWS\Temp\winF7B.tmp - Deleted
C:\WINDOWS\Temp\winF7C.tmp - Deleted
C:\WINDOWS\Temp\winF7D.tmp - Deleted
C:\WINDOWS\Temp\winF7E.tmp - Deleted
C:\WINDOWS\Temp\winF7F.tmp - Deleted
C:\WINDOWS\Temp\winF8.tmp - Deleted
C:\WINDOWS\Temp\winF80.tmp - Deleted
C:\WINDOWS\Temp\winF81.tmp - Deleted
C:\WINDOWS\Temp\winF82.tmp - Deleted
C:\WINDOWS\Temp\winF83.tmp - Deleted
C:\WINDOWS\Temp\winF84.tmp - Deleted
C:\WINDOWS\Temp\winF85.tmp - Deleted
C:\WINDOWS\Temp\winF86.tmp - Deleted
C:\WINDOWS\Temp\winF87.tmp - Deleted
C:\WINDOWS\Temp\winF88.tmp - Deleted
C:\WINDOWS\Temp\winF89.tmp - Deleted
C:\WINDOWS\Temp\winF8A.tmp - Deleted
C:\WINDOWS\Temp\winF8B.tmp - Deleted
C:\WINDOWS\Temp\winF8C.tmp - Deleted
C:\WINDOWS\Temp\winF8D.tmp - Deleted
C:\WINDOWS\Temp\winF8E.tmp - Deleted
C:\WINDOWS\Temp\winF8F.tmp - Deleted
C:\WINDOWS\Temp\winF9.tmp - Deleted
C:\WINDOWS\Temp\winF90.tmp - Deleted
C:\WINDOWS\Temp\winF91.tmp - Deleted
C:\WINDOWS\Temp\winF92.tmp - Deleted
C:\WINDOWS\Temp\winF93.tmp - Deleted
C:\WINDOWS\Temp\winF94.tmp - Deleted
C:\WINDOWS\Temp\winF95.tmp - Deleted
C:\WINDOWS\Temp\winF96.tmp - Deleted
C:\WINDOWS\Temp\winF97.tmp - Deleted
C:\WINDOWS\Temp\winF98.tmp - Deleted
C:\WINDOWS\Temp\winF99.tmp - Deleted
C:\WINDOWS\Temp\winF9A.tmp - Deleted
C:\WINDOWS\Temp\winF9B.tmp - Deleted
C:\WINDOWS\Temp\winF9C.tmp - Deleted
C:\WINDOWS\Temp\winF9D.tmp - Deleted
C:\WINDOWS\Temp\winF9E.tmp - Deleted
C:\WINDOWS\Temp\winF9F.tmp - Deleted
C:\WINDOWS\Temp\winFA.tmp - Deleted
C:\WINDOWS\Temp\winFA0.tmp - Deleted
C:\WINDOWS\Temp\winFA1.tmp - Deleted
C:\WINDOWS\Temp\winFA2.tmp - Deleted
C:\WINDOWS\Temp\winFA3.tmp - Deleted
C:\WINDOWS\Temp\winFA4.tmp - Deleted
C:\WINDOWS\Temp\winFA5.tmp - Deleted
C:\WINDOWS\Temp\winFA6.tmp - Deleted
C:\WINDOWS\Temp\winFA7.tmp - Deleted
C:\WINDOWS\Temp\winFA8.tmp - Deleted
C:\WINDOWS\Temp\winFA9.tmp - Deleted
C:\WINDOWS\Temp\winFAA.tmp - Deleted
C:\WINDOWS\Temp\winFAB.tmp - Deleted
C:\WINDOWS\Temp\winFAC.tmp - Deleted
C:\WINDOWS\Temp\winFAD.tmp - Deleted
C:\WINDOWS\Temp\winFAE.tmp - Deleted
C:\WINDOWS\Temp\winFAF.tmp - Deleted
C:\WINDOWS\Temp\winFB.tmp - Deleted
C:\WINDOWS\Temp\winFB0.tmp - Deleted
C:\WINDOWS\Temp\winFB1.tmp - Deleted
C:\WINDOWS\Temp\winFB2.tmp - Deleted
C:\WINDOWS\Temp\winFB3.tmp - Deleted
C:\WINDOWS\Temp\winFB4.tmp - Deleted
C:\WINDOWS\Temp\winFB5.tmp - Deleted
C:\WINDOWS\Temp\winFB6.tmp - Deleted
C:\WINDOWS\Temp\winFB7.tmp - Deleted
C:\WINDOWS\Temp\winFB8.tmp - Deleted
C:\WINDOWS\Temp\winFB9.tmp - Deleted
C:\WINDOWS\Temp\winFBA.tmp - Deleted
C:\WINDOWS\Temp\winFBB.tmp - Deleted
C:\WINDOWS\Temp\winFBC.tmp - Deleted
C:\WINDOWS\Temp\winFBD.tmp - Deleted
C:\WINDOWS\Temp\winFBE.tmp - Deleted
C:\WINDOWS\Temp\winFBF.tmp - Deleted
C:\WINDOWS\Temp\winFC.tmp - Deleted
C:\WINDOWS\Temp\winFC0.tmp - Deleted
C:\WINDOWS\Temp\winFC1.tmp - Deleted
C:\WINDOWS\Temp\winFC2.tmp - Deleted
C:\WINDOWS\Temp\winFC3.tmp - Deleted
C:\WINDOWS\Temp\winFC4.tmp - Deleted
C:\WINDOWS\Temp\winFC5.tmp - Deleted
C:\WINDOWS\Temp\winFC6.tmp - Deleted
C:\WINDOWS\Temp\winFC7.tmp - Deleted
C:\WINDOWS\Temp\winFC8.tmp - Deleted
C:\WINDOWS\Temp\winFC9.tmp - Deleted
C:\WINDOWS\Temp\winFCA.tmp - Deleted
C:\WINDOWS\Temp\winFCB.tmp - Deleted
C:\WINDOWS\Temp\winFCC.tmp - Deleted
C:\WINDOWS\Temp\winFCD.tmp - Deleted
C:\WINDOWS\Temp\winFCE.tmp - Deleted
C:\WINDOWS\Temp\winFCF.tmp - Deleted
C:\WINDOWS\Temp\winFD.tmp - Deleted
C:\WINDOWS\Temp\winFD0.tmp - Deleted
C:\WINDOWS\Temp\winFD1.tmp - Deleted
C:\WINDOWS\Temp\winFD2.tmp - Deleted
C:\WINDOWS\Temp\winFD3.tmp - Deleted
C:\WINDOWS\Temp\winFD4.tmp - Deleted
C:\WINDOWS\Temp\winFD5.tmp - Deleted
C:\WINDOWS\Temp\winFD6.tmp - Deleted
C:\WINDOWS\Temp\winFD7.tmp - Deleted
C:\WINDOWS\Temp\winFD8.tmp - Deleted
C:\WINDOWS\Temp\winFD9.tmp - Deleted
C:\WINDOWS\Temp\winFDA.tmp - Deleted
C:\WINDOWS\Temp\winFDB.tmp - Deleted
C:\WINDOWS\Temp\winFDC.tmp - Deleted
C:\WINDOWS\Temp\winFDD.tmp - Deleted
C:\WINDOWS\Temp\winFDE.tmp - Deleted
C:\WINDOWS\Temp\winFDF.tmp - Deleted
C:\WINDOWS\Temp\winFE.tmp - Deleted
C:\WINDOWS\Temp\winFE0.tmp - Deleted
C:\WINDOWS\Temp\winFE1.tmp - Deleted
C:\WINDOWS\Temp\winFE2.tmp - Deleted
C:\WINDOWS\Temp\winFE3.tmp - Deleted
C:\WINDOWS\Temp\winFE4.tmp - Deleted
C:\WINDOWS\Temp\winFE5.tmp - Deleted
C:\WINDOWS\Temp\winFE6.tmp - Deleted
C:\WINDOWS\Temp\winFE7.tmp - Deleted
C:\WINDOWS\Temp\winFE8.tmp - Deleted
C:\WINDOWS\Temp\winFE9.tmp - Deleted
C:\WINDOWS\Temp\winFEA.tmp - Deleted
C:\WINDOWS\Temp\winFEB.tmp - Deleted
C:\WINDOWS\Temp\winFEC.tmp - Deleted
C:\WINDOWS\Temp\winFED.tmp - Deleted
C:\WINDOWS\Temp\winFEE.tmp - Deleted
C:\WINDOWS\Temp\winFEF.tmp - Deleted
C:\WINDOWS\Temp\winFF.tmp - Deleted
C:\WINDOWS\Temp\winFF0.tmp - Deleted
C:\WINDOWS\Temp\winFF1.tmp - Deleted
C:\WINDOWS\Temp\winFF2.tmp - Deleted
C:\WINDOWS\Temp\winFF3.tmp - Deleted
C:\WINDOWS\Temp\winFF4.tmp - Deleted
C:\WINDOWS\Temp\winFF5.tmp - Deleted
C:\WINDOWS\Temp\winFF6.tmp - Deleted
C:\WINDOWS\Temp\winFF7.tmp - Deleted
C:\WINDOWS\Temp\winFF8.tmp - Deleted
C:\WINDOWS\Temp\winFF9.tmp - Deleted
C:\WINDOWS\Temp\winFFA.tmp - Deleted
C:\WINDOWS\Temp\winFFB.tmp - Deleted
C:\WINDOWS\Temp\winFFC.tmp - Deleted
C:\WINDOWS\Temp\winFFD.tmp - Deleted
C:\WINDOWS\Temp\winFFE.tmp - Deleted
C:\WINDOWS\Temp\winFFF.tmp - Deleted


----------



## USMCBUCK10 (Jan 21, 2007)

Alternate Streams Check:

C:\WINDOWS\system32
No streams found.

Final Check:

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe"="C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe:*:Enabled2P Networking"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\America Online 9.0k\\waol.exe"="C:\\Program Files\\America Online 9.0k\\waol.exe:*:Enabled:America Online 9.0k"
"C:\\Program Files\\America Online 9.0f\\waol.exe"="C:\\Program Files\\America Online 9.0f\\waol.exe:*:Enabled:America Online 9.0f"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0m\\waol.exe"="C:\\Program Files\\America Online 9.0m\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\1106303724\\EE\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1106303724\\EE\\AOLServiceHost.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0a\\waol.exe"="C:\\Program Files\\America Online 9.0a\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\WinMX\\WinMX.exe"="C:\\Program Files\\WinMX\\WinMX.exe:*:Enabled:WinMX Application"
"C:\\Program Files\\America Online 9.0b\\waol.exe"="C:\\Program Files\\America Online 9.0b\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa"
"C:\\Program Files\\Common Files\\AOL\\1106867256\\EE\\AOLHostManager.exe"="C:\\Program Files\\Common Files\\AOL\\1106867256\\EE\\AOLHostManager.exe:*isabled:AOLHostManager Service"
"C:\\Program Files\\America Online 9.0c\\waol.exe"="C:\\Program Files\\America Online 9.0c\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0d\\waol.exe"="C:\\Program Files\\America Online 9.0d\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\MusicNetOnAOL\\client\\bin\\AOLMN.exe"="C:\\Program Files\\MusicNetOnAOL\\client\\bin\\AOLMN.exe:*:Enabled:MusicNet on AOL"
"C:\\Program Files\\McAfee.com\\agent\\mcagent.exe"="C:\\Program Files\\McAfee.com\\agent\\mcagent.exe:*isabled:McAfee SecurityCenter Agent"
"C:\\Program Files\\America Online 9.0e\\waol.exe"="C:\\Program Files\\America Online 9.0e\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Java\\jre1.5.0_02\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_02\\bin\\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\\Documents and Settings\\TEMP\\Local Settings\\Temp\\~os275.tmp\\ossproxy.exe"="C:\\Documents and Settings\\TEMP\\Local Settings\\Temp\\~os275.tmp\\ossproxy.exe:*:Enabledssproxy.exe"
"C:\\Program Files\\Kiwi Alpha\\KiwiAlpha.exe"="C:\\Program Files\\Kiwi Alpha\\KiwiAlpha.exe:*:Enabled:KiwiAlpha"
"C:\\Documents and Settings\\TEMP\\Local Settings\\Temp\\~os4A.tmp\\ossproxy.exe"="C:\\Documents and Settings\\TEMP\\Local Settings\\Temp\\~os4A.tmp\\ossproxy.exe:*:Enabledssproxy.exe"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"c:\\windows\\system32\\rlvknlg.exe"="c:\\windows\\system32\\rlvknlg.exe:*:Enabled:rlvknlg.exe"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\Common Files\\AOL\\1106867256\\EE\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1106867256\\EE\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1106867256\\EE\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1106867256\\EE\\aim6.exe:*:Enabled:AIM"
"c:\\windows\\system32\\rk.exe"="c:\\windows\\system32\\rk.exe:*:Enabled:rk.exe"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1106867256\\ee\\aolservicehost.exe"="C:\\Program Files\\Common Files\\AOL\\1106867256\\ee\\aolservicehost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Common Files\\AOL\\1106867256\\EE\\AOLOpenRide.exe"="C:\\Program Files\\Common Files\\AOL\\1106867256\\EE\\AOLOpenRide.exe:*:Enabled:AOL OpenRide"
"C:\\DOCUME~1\\TEMP\\LOCALS~1\\Temp\\win1B63.tmp.exe"="C:\\DOCUME~1\\TEMP\\LOCALS~1\\Temp\\win1B63.tmp.exe:*:Enabled:win1B63.tmp"
"C:\\WINDOWS\\TEMP\\winF2.tmp.exe"="C:\\WINDOWS\\TEMP\\winF2.tmp.exe:*:Enabled:winF2.tmp"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\America Online 9.0b\\waol.exe"="C:\\Program Files\\America Online 9.0b\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0c\\waol.exe"="C:\\Program Files\\America Online 9.0c\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0e\\waol.exe"="C:\\Program Files\\America Online 9.0e\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1106867256\\EE\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1106867256\\EE\\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"

Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes :

C:\NTDETECT.COM
C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\da1rl.dll
C:\Documents and Settings\Owner\Local Settings\Temp\ejfb.dll
C:\WINDOWS\system32\cbxvtur.dll
C:\WINDOWS\system32\gebcayv.dll
C:\WINDOWS\system32\rdm.dll
C:\WINDOWS\system32\ssqpp.dll
C:\Program Files\America Online 9.0a\AOLphx.exe
C:\Program Files\America Online 9.0a\rbm.exe
C:\Program Files\Detto\DettoWeb.exe
C:\WINDOWS\system32\cdplayer.exe.manifest
C:\WINDOWS\system32\logonui.exe.manifest
C:\hiberfil.sys
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\WINDOWS\system32\B89AC51B07.sys
C:\WINDOWS\system32\E59A0AB93E.sys
C:\WINDOWS\system32\KGyGaAvL.sys
C:\WINDOWS\system32\edeeg.tmp
C:\WINDOWS\system32\edeeg.tmp2

Finished


----------



## USMCBUCK10 (Jan 21, 2007)

New HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 6:44:34 PM, on 1/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\AOL\1106867256\ee\AOLSoftware.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\AOL\1106867256\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Common Files\AOL\1106867256\ee\aolsoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCEvtHdlr.exe
c:\program files\common files\aol\1106867256\ee\aolssc.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\6.bin\MWSSRCAS.DLL
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: The College Toolbar - {50EC13F9-D1F6-4012-A076-F73088D8241C} - C:\Program Files\The College Toolbar\collegetoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Ejfb] C:\documents and settings\owner\local settings\temp\Ejfb.exe
O4 - HKLM\..\Run: [2P6WFAX43ZHE7C] C:\WINDOWS\System32\NjpM9X44.exe
O4 - HKLM\..\Run: [tF3P3pR] mcadss.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1106867256\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [rDM] C:\windows\system32\rDM.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1106867256\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe"
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
O4 - HKLM\..\Run: [{4858F78A-09DC-1033-1011-020409020001}] "C:\Program Files\Common Files\{4858F78A-09DC-1033-1011-020409020001}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvzox.dll,startup
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\skvjhtig.dll",setvm
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [cosFRfdFl] mdatoenr.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSYYYYYYYYUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - 
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://ezgreets.aavalue.com/EZG/Toolbar/EZG-toolbar.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://aolsvc.aol.com/onlinegames/trydinerdash2/DinerDash2.1.0.0.67.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://online.invokesolutions.com/events/bin/media/5.1.2.1427-3.0.0.7207/MILive.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.93.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/pcastropop/popcaploader_v7.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\ipxpromn1053p.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


----------



## USMCBUCK10 (Jan 21, 2007)

um.....anybody there?


----------



## Cookiegal (Aug 27, 2003)

Download *WinPFind.exe* to your desktop and double click on it open it and then select extract to extract the files. This will create a folder named *WinPFind* on your desktop.

*Start in Safe Mode Using the F8 method:*


Restart the computer.
As soon as the BIOS is loaded begin tapping the *F8* key until the boot menu appears.
Use the arrow keys to select the *Safe Mode* menu item.
Press the *Enter* key.

Double click on the WinPFind folder on your desktop to open it and then double click on the *WinPFind.exe* file to start the program.


Click Configure scan options
Under Run AdOns select the following:
Policies.def
Security.def

Click apply
Click "*Start Scan*"
*It will scan the entire System, so please be patient and let it complete.*

When the scan is complete reboot normally and post the *WinPFind.txt* file (located in the WinPFind folder) back here along with a new HijackThis log.


----------



## USMCBUCK10 (Jan 21, 2007)

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 1/24/2007 11:52:38 AM
WinPFind v1.5.0	Folder = C:\Documents and Settings\TEMP\Desktop\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
WSUD 9/20/2004 3:20:44 PM 16121856 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
UPX! 1/5/2007 7:00:22 PM HS 22541 C:\WINDOWS\SYSTEM32\cbxvtur.dll ()
aspack 3/18/2005 4:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll (Microsoft Corporation)
aspack 5/26/2005 2:34:52 PM 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll (Microsoft Corporation)
aspack 7/22/2005 6:59:04 PM 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll (Microsoft Corporation)
aspack 12/5/2005 5:09:18 PM 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll (Microsoft Corporation)
aspack 2/3/2006 7:43:16 AM 2332368 C:\WINDOWS\SYSTEM32\d3dx9_29.dll (Microsoft Corporation)
aspack 3/31/2006 11:40:58 AM 2388176 C:\WINDOWS\SYSTEM32\d3dx9_30.dll (Microsoft Corporation)
PEC2 8/18/2001 7:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
UPX! 9/13/2004 2:39:54 PM 69632 C:\WINDOWS\SYSTEM32\first.awp ()
UPX! 1/21/2007 1:26:28 PM 76412 C:\WINDOWS\SYSTEM32\fmhedcys.dll ()
UPX! 1/16/2007 5:22:00 PM 44060 C:\WINDOWS\SYSTEM32\fuiqvcdn.dll ()
UPX! 1/5/2007 7:06:26 PM 44060 C:\WINDOWS\SYSTEM32\gaopntlj.dll ()
PTech 6/10/2004 12:47:02 AM H 3279394 C:\WINDOWS\SYSTEM32\kyf.dat ()
UPX! 4/11/2000 8:44:56 PM 85504 C:\WINDOWS\SYSTEM32\lame_enc.dll ()
PTech 6/19/2006 3:19:42 PM 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll (Microsoft Corporation)
PECompact2 1/2/2007 6:19:44 PM 10980776 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 1/2/2007 6:19:44 PM 10980776 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 8/4/2004 2:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
WSUD 8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
aspack 3/26/2004 1:06:40 AM 2316336 C:\WINDOWS\SYSTEM32\NY Nights.scr (Axialis Software)
WSUD 6/12/2004 2:12:30 PM HS 2926 C:\WINDOWS\SYSTEM32\qyrwi.dat ()
Umonitor 8/4/2004 2:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
UPX! 1/5/2007 7:07:36 PM 88340 C:\WINDOWS\SYSTEM32\saxaxbdk.exe ()
UPX! 9/13/2004 2:39:56 PM 46080 C:\WINDOWS\SYSTEM32\second.awp ()
UPX! 1/15/2007 5:22:04 PM 118804 C:\WINDOWS\SYSTEM32\skvjhtig.dll ()
UPX! 4/27/2006 4:49:30 PM 288417 C:\WINDOWS\SYSTEM32\SrchSTS.exe (S!Ri)
UPX! 8/29/2006 6:43:54 PM 135168 C:\WINDOWS\SYSTEM32\swreg.exe (SteelWerX)
UPX! 1/9/2006 9:36:06 AM 40960 C:\WINDOWS\SYSTEM32\swsc.exe ()
UPX! 12/1/2006 5:20:34 AM 79360 C:\WINDOWS\SYSTEM32\swxcacls.exe (SteelWerX)
UPX! 10/22/2004 4:46:50 AM 33280 C:\WINDOWS\SYSTEM32\tasklist.exe (Microsoft Corporation)
UPX! 1/23/2007 9:08:54 PM 76412 C:\WINDOWS\SYSTEM32\vcunqjpt.dll ()
UPX! 1/18/2007 10:55:54 AM 76412 C:\WINDOWS\SYSTEM32\vypcsbqk.dll ()
winsync 8/18/2001 7:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
PTech 6/19/2006 3:19:26 PM 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe (Microsoft Corporation)
UPX! 1/15/2007 5:21:54 PM 44060 C:\WINDOWS\SYSTEM32\ynsyjfuf.dll ()

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 12:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys (Smart Link)

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\HOSTS

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
1/24/2007 11:47:40 AM S 2048 C:\WINDOWS\bootstat.dat ()
1/23/2007 7:02:30 PM H 54156 C:\WINDOWS\QTFont.qfn ()
1/21/2007 3:24:52 PM RHS 168 C:\WINDOWS\system32\B89AC51B07.sys ()
1/5/2007 7:00:22 PM HS 22541 C:\WINDOWS\system32\cbxvtur.dll ()
1/13/2007 3:26:22 PM HS 867022 C:\WINDOWS\system32\edeeg.bak1 ()
1/14/2007 1:30:50 PM HS 861617 C:\WINDOWS\system32\edeeg.bak2 ()
1/8/2007 3:59:04 AM HS 914072 C:\WINDOWS\system32\edeeg.ini ()
1/8/2007 3:59:36 AM HS 914072 C:\WINDOWS\system32\edeeg.tmp ()
1/15/2007 1:06:20 PM HS 916403 C:\WINDOWS\system32\edeeg.tmp2 ()
1/15/2007 5:16:16 PM HS 22029 C:\WINDOWS\system32\gebcayv.dll ()
1/24/2007 7:00:32 AM HS 886 C:\WINDOWS\system32\githjvks.ini ()
1/21/2007 5:47:28 PM HS 6320 C:\WINDOWS\system32\KGyGaAvL.sys ()
1/23/2007 9:10:06 PM HS 989586 C:\WINDOWS\system32\ppqss.bak1 ()
1/24/2007 12:11:20 PM HS 1043994 C:\WINDOWS\system32\ppqss.ini ()
12/7/2006 8:30:20 PM S 9057 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923689.cat ()
12/22/2006 11:53:02 AM S 7894 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB929969.cat ()
1/24/2007 11:47:56 AM H 16384 C:\WINDOWS\system32\config\default.LOG ()
1/24/2007 11:48:24 AM H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
1/24/2007 11:47:44 AM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG ()
1/24/2007 11:51:02 AM H 1024 C:\WINDOWS\system32\config\software.LOG ()
1/24/2007 11:48:30 AM H 1024 C:\WINDOWS\system32\config\system.LOG ()
1/10/2007 3:22:26 PM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG ()
1/7/2007 1:26:00 AM S 1039 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\CFC456E7E410D69E2C6F3E2DB75C7DB3 ()
1/7/2007 1:26:00 AM S 126 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\CFC456E7E410D69E2C6F3E2DB75C7DB3 ()
1/17/2007 7:04:18 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\1d577e61-58b0-4558-bbd6-d93be246bc3d ()
1/17/2007 7:04:18 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
1/23/2007 5:32:36 PM H 6 C:\WINDOWS\Tasks\SA.DAT ()

Checking for CPL files...
8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
9/20/2004 3:20:44 PM 16121856 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
4/26/2002 6:33:40 PM 183808 C:\WINDOWS\SYSTEM32\bdeadmin.cpl ()
8/4/2004 2:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM  80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
5/15/2002 5:24:56 AM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl (Intel Corporation)
8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
6/10/2005 10:43:18 AM 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl (InstallShield Software Corporation)
8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
11/9/2006 3:07:28 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
8/18/2001 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
8/18/2001 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
7/28/2003 1:19:00 PM 143360 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl (NVIDIA Corporation)
8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
3/3/1999 2:10:02 AM 49152 C:\WINDOWS\SYSTEM32\speech.cpl (Microsoft)
8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
8/18/2001 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
8/18/2001 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
8/18/2001 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
8/18/2001 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)
5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)
5/15/2002 5:24:56 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0004\DriverFiles\igfxcpl.cpl (Intel Corporation)
6/20/2002 1:58:44 AM 629248 C:\WINDOWS\SYSTEM32\ReinstallBackups\0011\DriverFiles\ALSNDMGR.CPL (Avance Logic, Inc.)

Checking for Downloaded Program Files...
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - QuickTime Object - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab
{11260943-421B-11D0-8EAC-0000C07D88CF} - iPIX ActiveX Control - CodeBase = http://www.ipix.com/viewers/ipixx.cab
{166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://active.macromedia.com/director/cabs/sw.cab
{17492023-C23A-453E-A040-C7C580BBF700} - Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204
{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - - CodeBase = http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
{1D6711C8-7154-40BB-8380-3DEA45B69CBF} - - CodeBase = 
{2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} - DownloadManager Control - CodeBase = http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll
{406B5949-7190-4245-91A9-30A17DE16AD0} - Snapfish Activia - CodeBase = http://www1.snapfish.com/SnapfishActivia.cab
{4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - - CodeBase = http://aolcc.aol.com/computercheckup/qdiagcc.cab
{4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - - CodeBase = http://ezgreets.aavalue.com/EZG/Toolbar/EZG-toolbar.cab
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - McAfee.com Operating System Class - CodeBase = http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
{639658F3-B141-4D6B-B936-226F75A5EAC3} - CPlayFirstDinerDash2Control Object - CodeBase = http://aolsvc.aol.com/onlinegames/trydinerdash2/DinerDash2.1.0.0.67.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab
{B9191F79-5613-4C76-AA2A-398534BB8999} - - CodeBase = http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - DwnldGroupMgr Class - CodeBase = http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - Java Plug-in 1.5.0_02 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - Java Plug-in 1.5.0_04 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
{D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} - Invoke Solutions Participant Control(MR) - CodeBase = http://online.invokesolutions.com/events/bin/media/5.1.2.1427-3.0.0.7207/MILive.cab
{DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - CPlayFirstDinerDashControl Object - CodeBase = http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.93.cab
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - PopCapLoader Object - CodeBase = http://aolsvc.aol.com/onlinegames/pcastropop/popcaploader_v7.cab
Microsoft XML Parser for Java - - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
7/24/2002 2:18:36 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
7/23/2002 7:10:30 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()
1/20/2007 1:39:46 AM 1132112 C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe ()
12/16/2006 5:22:22 PM 1353 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache ()

Checking files in %USERPROFILE%\Startup folder...
7/24/2002 2:18:36 AM HS 84 C:\Documents and Settings\TEMP\Start Menu\Programs\Startup\desktop.ini ()

Checking files in %USERPROFILE%\Application Data folder...
10/20/2004 5:59:30 PM 12358 C:\Documents and Settings\TEMP\Application Data\PFP100JCM.{PB ()
10/20/2004 5:59:30 PM 61678 C:\Documents and Settings\TEMP\Application Data\PFP100JPR.{PB ()

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

>>> Internet Explorer Settings <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.yahoo.com/
\\Search Bar - http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
\\Search Page - http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
\\Default_Page_URL - http://www.yahoo.com/
\\Default_Search_URL - http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
\\Local Page - %SystemRoot%\system32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.yahoo.com/
\\Search Bar - http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
\\Search Page - http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
\\Local Page - C:\WINDOWS\system32\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - 
\\SearchAssistant -

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - AOLTBSearch Class = C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
\\{00A6FAF6-072E-44cf-8957-5838F569A31D} - = C:\Program Files\MyWebSearch\SrchAstt\6.bin\MWSSRCAS.DLL (MyWebSearch.com)
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - = ()

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
\SOFTWARE - = ()
\{00A6FAF1-072E-44cf-8957-5838F569A31D} - MyWebSearch Search Assistant BHO = C:\Program Files\MyWebSearch\SrchAstt\6.bin\MWSSRCAS.DLL (MyWebSearch.com)
\{02478D38-C3F9-4EFB-9B51-7695ECA05670} - Yahoo! Toolbar Helper = C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
\{07B18EA1-A523-4961-B6BB-170DE4475CCA} - mwsBar BHO = C:\Program Files\MyWebSearch\bar\6.bin\MWSBAR.DLL (MyWebSearch.com)
\{3E15928A-26B2-40b2-A4CA-408720C444BA} - COLLEGETOOLBAR = C:\PROGRA~1\THECOL~1\COLLEG~1.DLL (College Toolbars)
\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - Yahoo! IE Services Button = C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
\{664A7BBA-92C4-4086-8B63-D029A149629E} - = C:\WINDOWS\system32\gebcayv.dll ()
\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)
\{7A3B3BC3-9D0F-46B6-97A7-54D097D43ACF} - = C:\WINDOWS\system32\ssqpp.dll ()
\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - AOL Toolbar Launcher = C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
\{7DA39570-5FD2-4f18-94B4-20730CB3F727} - = C:\WINDOWS\system32\fuiqvcdn.dll ()

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - = ()
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
\{8F4902B6-6C04-4ade-8052-AA58578A21BD} - hp toolkit = C:\WINDOWS\System32\Shdocvw.dll (Microsoft Corporation)
\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - Real.com = C:\WINDOWS\System32\Shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{30D02401-6A81-11D0-8274-00C04FD5AE38} - Search Band = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\{32683183-48a0-441b-a342-7c2a440a9478} - = ()
\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - = ()
\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} - History Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - hp toolkit = C:\HP\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
\\{BA52B914-B692-46c4-B683-905236F6F655} - = ()
\\{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar = C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
\\{50EC13F9-D1F6-4012-A076-F73088D8241C} - The College Toolbar = C:\Program Files\The College Toolbar\collegetoolbar.dll (College Toolbars)
\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - hp toolkit = C:\HP\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()
\ShellBrowser\\{50EC13F9-D1F6-4012-A076-F73088D8241C} - The College Toolbar = C:\Program Files\The College Toolbar\collegetoolbar.dll (College Toolbars)
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
\WebBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - hp toolkit = C:\HP\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()
\WebBrowser\\{40D41A8B-D79B-43D7-99A7-9EE0F344C385} - AIM Search = C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - = ()
\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar = C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
\WebBrowser\\{50EC13F9-D1F6-4012-A076-F73088D8241C} - The College Toolbar = C:\Program Files\The College Toolbar\collegetoolbar.dll (College Toolbars)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - 8192 = 
\\NEXTID - 8202
\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8193 = Sun Java Console
\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - 8195 = 
\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - 8196 = 
\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 8197 = 
\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - 8198 = 
\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8199 = Windows Messenger
\\{3369AF0D-62E9-4bda-8103-B4C75499B578} - 8200 = 
\\{e2e2dd38-d088-4134-82b7-f2ba38496583} - 8201 = @xpsp3res.dll,-20001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\CmdMapping - MenuText: = ()
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)(HKCU CLSID)
\{3369AF0D-62E9-4bda-8103-B4C75499B578} - ButtonText: AOL Toolbar = 
\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - ButtonText: Yahoo! Services = 
\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - ButtonText: AIM = C:\Program Files\AIM\aim.exe (America Online, Inc.)
\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - ButtonText: Real.com = 
\{e2e2dd38-d088-4134-82b7-f2ba38496583} - MenuText: @xpsp3res.dll,-20001 = ()
\{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
\\{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
\\{1CDB2949-8F65-4355-8456-263E7C208A5D} - Desktop Explorer = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
\\{1E9B04FB-F9E5-4718-997B-B8DA88302A47} - Desktop Explorer Menu = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
\\{5CA3D70E-1895-11CF-8E15-001234567890} - DriveLetterAccess = C:\WINDOWS\system32\dla\tfswshx.dll (VERITAS Software, Inc.)
\\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = ()
\\{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = C:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc.)
\\{5464D816-CF16-4784-B9F3-75C0DB52B499} - Yahoo! Mail = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll (Yahoo! Inc.)
\\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ()
\\{A70C977A-BF00-412C-90B7-034C51DA2439} - NvCpl DesktopContext Class = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)
\\{1E9B04FB-F9E5-4718-997B-B8DA88302A48} - nView Desktop Context Menu = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
\\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\Yahoo! Mail - {5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll (Yahoo! Inc.)

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]
\00nView - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
\igfxcui - {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} = C:\WINDOWS\System32\igfxpph.dll (Intel Corporation)
\NvCplDesktopContext - {A70C977A-BF00-412C-90B7-034C51DA2439} = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]


----------



## USMCBUCK10 (Jan 21, 2007)

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
hpsysdrv - c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
NvCplDaemon - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll ()
nwiz - C:\WINDOWS\SYSTEM32\nwiz.exe (NVIDIA Corporation)
CamMonitor - c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe ()
KBD - C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
StorageGuard - C:\Program Files\VERITAS Software\Update Manager\sgtray.exe (VERITAS Software, Inc.)
dla - C:\WINDOWS\system32\dla\tfswctrl.exe (VERITAS Software, Inc.)
Recguard - C:\WINDOWS\SMINST\RECGUARD.EXE ()
IgfxTray - C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
HotKeysCmds - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
PS2 - C:\WINDOWS\system32\ps2.exe ()
Ejfb - C:\documents and settings\owner\local settings\temp\Ejfb.exe ()
2P6WFAX43ZHE7C - C:\WINDOWS\System32\NjpM9X44.exe ()
tF3P3pR - mcadss.exe ()
AlcxMonitor - C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
MCAgentExe - c:\PROGRA~1\mcafee.com\agent\mcagent.exe (Networks Associates Technology, Inc)
MCUpdateExe - C:\PROGRA~1\mcafee.com\agent\mcupdate.exe (Networks Associates Technology, Inc)
HostManager - C:\Program Files\Common Files\AOL\1106867256\ee\AOLSoftware.exe (America Online, Inc.)
rDM - C:\windows\system32\rDM.exe ()
ISUSPM Startup - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
ISUSScheduler - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
AOLSPScheduler - C:\Program Files\Common Files\AOL\1106867256\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe (America Online)
sscRun - C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe (America Online)
OASClnt - C:\Program Files\mcafee.com\antivirus\oasclnt.exe (McAfee, Inc.)
EmailScan - C:\Program Files\mcafee.com\antivirus\mcvsescn.exe (McAfee, Inc.)
MPFExe - C:\Program Files\mcafee.com\personal firewall\MPfTray.exe (McAfee Security)
NvMediaCenter - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll ()
SsAAD.exe - C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe ()
ASM - C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe (AOL LLC)
WT GameChannel - C:\Program Files\WildTangent\Apps\GameChannel.exe (WildTangent)
TkBellExe - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
QuickTime Task - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
MyWebSearch Email Plugin - C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe (MyWebSearch.com)
{4858F78A-09DC-1033-1011-020409020001} - C:\Program Files\Common Files\{4858F78A-09DC-1033-1011-020409020001}\Update.exe ()
CTDrive - rundll32.exe C:\WINDOWS\system32\drvzox.dll ()
DllRunning - rundll32.exe "C:\WINDOWS\system32\skvjhtig.dll ()
!AVG Anti-Spyware - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (Anti-Malware Development a.s.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
cosFRfdFl - mdatoenr.exe ()
Weather - C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
Yahoo! Pager - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
AOL Fast Start - C:\Program Files\America Online 9.0a\AOL.EXE (America Online, Inc.)
ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
EA Core - C:\Program Files\Electronic Arts\EA Link\Core.exe (Electronic Arts)
Aim6 - Reg Data missing or invalid ()
MyWebSearch Email Plugin - C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe (MyWebSearch.com)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\TEMP\Start Menu\Programs\Startup\desktop.ini ()

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
\\SV1 - 
\\FunWebProducts -

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]
C:\WINDOWS\System32\ipxpromn1053p.dll = ()

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
\\{664A7BBA-92C4-4086-8B63-D029A149629E} - = C:\WINDOWS\system32\gebcayv.dll ()
\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.)

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\userinit.exe,
\\Shell = Explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\gebcayv - gebcayv.dll = ()
\igfxcui - igfxsrvc.dll = (Intel Corporation)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\ssqpp - C:\WINDOWS\system32\ssqpp.dll = ()
\termsrv - wlnotify.dll = (Microsoft Corporation)
\WgaLogon - WgaLogon.dll = (Microsoft Corporation)
\winips32 - winips32.dll = ()
\wlballoon - wlnotify.dll = (Microsoft Corporation)

>>> DNS Name Servers <<<
{070E907D-9EC7-419C-BCDB-6BB1F0656C4B} - ()
{2F84A874-8445-4F31-B901-FB97629E9204} - (Realtek RTL8139 Family PCI Fast Ethernet NIC)
{60382598-025F-419D-9D2B-1D0AB7AD2246} - (1394 Net Adapter)

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000017\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\ipp - ()
\msdaipp - ()

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

>>> Selected AddOn's <<<

>>>>Output for AddOn file Policies.def<<<<
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} - 1
policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} - 1073741857
policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - 32
policies\system\\dontdisplaylastusername - 0
policies\system\\legalnoticecaption - 
policies\system\\legalnoticetext - 
policies\system\\shutdownwithoutlogon - 1
policies\system\\undockwithoutlogon - 1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
policies\Explorer\\NoDriveTypeAutoRun - 145
policies\System\\DisableRegistryTools - 0

>>>>Output for AddOn file Security.def<<<<
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
Security Center\\AntiVirusDisableNotify - 0
Security Center\\FirewallDisableNotify - 0
Security Center\\UpdatesDisableNotify - 0
Security Center\\AntiVirusOverride - 0
Security Center\\FirewallOverride - 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS]
BITS\\Type - 32
BITS\\Start - 3
BITS\\ErrorControl - 1
BITS\\ImagePath - %SystemRoot%\System32\svchost.exe -k netsvcs
BITS\\DisplayName - Background Intelligent Transfer Service
BITS\\DependOnService - Rpcss;
BITS\\DependOnGroup - 
BITS\\ObjectName - LocalSystem
BITS\\Description - Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
BITS\\FailureActions - 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 68 E3 0C 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 
BITS\Parameters\\ServiceDll - C:\WINDOWS\System32\qmgr.dll
BITS\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 
BITS\Enum\\0 - Root\LEGACY_BITS\0000
BITS\Enum\\Count - 1
BITS\Enum\\NextInstance - 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
SharedAccess\\Type - 32
SharedAccess\\Start - 2
SharedAccess\\ErrorControl - 1
SharedAccess\\ImagePath - %SystemRoot%\System32\svchost.exe -k netsvcs
SharedAccess\\DisplayName - Windows Firewall/Internet Connection Sharing (ICS)
SharedAccess\\DependOnService - Netman;WinMgmt;
SharedAccess\\DependOnGroup - 
SharedAccess\\ObjectName - LocalSystem
SharedAccess\\Description - Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
SharedAccess\Epoch\\Epoch - 262580
SharedAccess\Parameters\\ServiceDll - %SystemRoot%\System32\ipnathlp.dll
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe - %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0b\waol.exe - C:\Program Files\America Online 9.0b\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0c\waol.exe - C:\Program Files\America Online 9.0c\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0e\waol.exe - C:\Program Files\America Online 9.0e\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe - C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe - C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106867256\EE\AOLServiceHost.exe - C:\Program Files\Common Files\AOL\1106867256\EE\AOLServiceHost.exe:*:Enabled:AOL Services
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\AIM\aim.exe - C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe - %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000
SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP - 139:TCP:*:Enabledxpsp2res.dll,-22004
SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP - 445:TCP:*:Enabledxpsp2res.dll,-22005
SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP - 137:UDP:*:Enabledxpsp2res.dll,-22001
SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP - 138:UDP:*:Enabledxpsp2res.dll,-22002
SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall - 0
SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions - 0
SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications - 0
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe - %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\P2P Networking\P2P Networking.exe - C:\WINDOWS\system32\P2P Networking\P2P Networking.exe:*:Enabled2P Networking
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YPager.exe - C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe - C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0k\waol.exe - C:\Program Files\America Online 9.0k\waol.exe:*:Enabled:America Online 9.0k
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0f\waol.exe - C:\Program Files\America Online 9.0f\waol.exe:*:Enabled:America Online 9.0f
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe - C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0m\waol.exe - C:\Program Files\America Online 9.0m\waol.exe:*:Enabled:AOL


----------



## USMCBUCK10 (Jan 21, 2007)

SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106303724\EE\AOLServiceHost.exe - C:\Program Files\Common Files\AOL\1106303724\EE\AOLServiceHost.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\System Information\sinf.exe - C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe - C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe - C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe - C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0a\waol.exe - C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\WinMX\WinMX.exe - C:\Program Files\WinMX\WinMX.exe:*:Enabled:WinMX Application
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0b\waol.exe - C:\Program Files\America Online 9.0b\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Kazaa\kazaa.exe - C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106867256\EE\AOLHostManager.exe - C:\Program Files\Common Files\AOL\1106867256\EE\AOLHostManager.exe:*isabled:AOLHostManager Service
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0c\waol.exe - C:\Program Files\America Online 9.0c\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0d\waol.exe - C:\Program Files\America Online 9.0d\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MusicNetOnAOL\client\bin\AOLMN.exe - C:\Program Files\MusicNetOnAOL\client\bin\AOLMN.exe:*:Enabled:MusicNet on AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\McAfee.com\agent\mcagent.exe - C:\Program Files\McAfee.com\agent\mcagent.exe:*isabled:McAfee SecurityCenter Agent
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0e\waol.exe - C:\Program Files\America Online 9.0e\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe - C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Java\jre1.5.0_02\bin\javaw.exe - C:\Program Files\Java\jre1.5.0_02\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\TEMP\Local Settings\Temp\~os275.tmp\ossproxy.exe - C:\Documents and Settings\TEMP\Local Settings\Temp\~os275.tmp\ossproxy.exe:*:Enabledssproxy.exe
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Kiwi Alpha\KiwiAlpha.exe - C:\Program Files\Kiwi Alpha\KiwiAlpha.exe:*:Enabled:KiwiAlpha
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\TEMP\Local Settings\Temp\~os4A.tmp\ossproxy.exe - C:\Documents and Settings\TEMP\Local Settings\Temp\~os4A.tmp\ossproxy.exe:*:Enabledssproxy.exe
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe - C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe - C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\c:\windows\system32\rlvknlg.exe - c:\windows\system32\rlvknlg.exe:*:Enabled:rlvknlg.exe
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\StubInstaller.exe - C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106867256\EE\aolsoftware.exe - C:\Program Files\Common Files\AOL\1106867256\EE\aolsoftware.exe:*:Enabled:AOL Services
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106867256\EE\aim6.exe - C:\Program Files\Common Files\AOL\1106867256\EE\aim6.exe:*:Enabled:AIM
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\c:\windows\system32\rk.exe - c:\windows\system32\rk.exe:*:Enabled:rk.exe
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe - C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106867256\ee\aolservicehost.exe - C:\Program Files\Common Files\AOL\1106867256\ee\aolservicehost.exe:*:Enabled:AOL Services
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe - C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM\aim.exe - C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe - %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe - C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106867256\EE\AOLOpenRide.exe - C:\Program Files\Common Files\AOL\1106867256\EE\AOLOpenRide.exe:*:Enabled:AOL OpenRide
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\TEMP\LOCALS~1\Temp\win1B63.tmp.exe - C:\DOCUME~1\TEMP\LOCALS~1\Temp\win1B63.tmp.exe:*:Enabled:win1B63.tmp
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\TEMP\winF2.tmp.exe - C:\WINDOWS\TEMP\winF2.tmp.exe:*:Enabled:winF2.tmp
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP - 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP - 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP - 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP - 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3389:TCP - 3389:TCP:*:Enabledxpsp2res.dll,-22009
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP - 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP - 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
SharedAccess\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 
SharedAccess\Setup\\ServiceUpgrade - 1
SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{86E02BD3-50CC-48B1-94C1-4CDAFCE1BBC7} - 1
SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{2F84A874-8445-4F31-B901-FB97629E9204} - 1
SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{60382598-025F-419D-9D2B-1D0AB7AD2246} - 1
SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{070E907D-9EC7-419C-BCDB-6BB1F0656C4B} - 1
SharedAccess\Enum\\0 - Root\LEGACY_SHAREDACCESS\0000
SharedAccess\Enum\\Count - 1
SharedAccess\Enum\\NextInstance - 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
wuauserv\\Type - 32
wuauserv\\Start - 2
wuauserv\\ErrorControl - 1
wuauserv\\ImagePath - %systemroot%\system32\svchost.exe -k netsvcs
wuauserv\\DisplayName - Automatic Updates
wuauserv\\ObjectName - LocalSystem
wuauserv\\Description - Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
wuauserv\Parameters\\ServiceDll - C:\WINDOWS\system32\wuauserv.dll
wuauserv\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 
wuauserv\Enum\\0 - Root\LEGACY_WUAUSERV\0000
wuauserv\Enum\\Count - 1
wuauserv\Enum\\NextInstance - 1

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


----------



## USMCBUCK10 (Jan 21, 2007)

Logfile of HijackThis v1.99.1
Scan saved at 1:25:50 PM, on 1/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\AOL\1106867256\ee\AOLSoftware.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\AOL\1106867256\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Common Files\AOL\1106867256\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCEvtHdlr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AOL\Active Security Monitor\ASMPatchManager.exe
c:\program files\common files\aol\1106867256\ee\aolssc.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\6.bin\MWSSRCAS.DLL
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: The College Toolbar - {50EC13F9-D1F6-4012-A076-F73088D8241C} - C:\Program Files\The College Toolbar\collegetoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Ejfb] C:\documents and settings\owner\local settings\temp\Ejfb.exe
O4 - HKLM\..\Run: [2P6WFAX43ZHE7C] C:\WINDOWS\System32\NjpM9X44.exe
O4 - HKLM\..\Run: [tF3P3pR] mcadss.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1106867256\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [rDM] C:\windows\system32\rDM.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1106867256\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe"
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
O4 - HKLM\..\Run: [{4858F78A-09DC-1033-1011-020409020001}] "C:\Program Files\Common Files\{4858F78A-09DC-1033-1011-020409020001}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvzox.dll,startup
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\skvjhtig.dll",setvm
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [cosFRfdFl] mdatoenr.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSYYYYYYYYUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - 
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://ezgreets.aavalue.com/EZG/Toolbar/EZG-toolbar.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://aolsvc.aol.com/onlinegames/trydinerdash2/DinerDash2.1.0.0.67.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://online.invokesolutions.com/events/bin/media/5.1.2.1427-3.0.0.7207/MILive.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.93.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/pcastropop/popcaploader_v7.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\ipxpromn1053p.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


----------



## Cookiegal (Aug 27, 2003)

Please download *VundoFix.exe* to your desktop.


Double-click *VundoFix.exe* to run it.
Click the *Scan for Vundo* button.
Once it's done scanning, click the *Remove Vundo* button.
You will receive a prompt asking if you want to remove the files, click *YES*
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click *OK*.
Please post the contents of C:\*vundofix.txt* and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the *Scan for Vundo* button" when VundoFix appears upon rebooting.


----------



## USMCBUCK10 (Jan 21, 2007)

VundoFix V6.3.2

Checking Java version...

Java version is 1.5.0.2

Java version is 1.5.0.4

Java version is 1.5.0.6

Scan started at 2:51:22 PM 1/24/2007

Listing files found while scanning....

C:\WINDOWS\system32\cbxvtur.dll
C:\WINDOWS\system32\fuiqvcdn.dll
C:\WINDOWS\system32\gebcayv.dll
C:\WINDOWS\system32\githjvks.ini
C:\WINDOWS\system32\saxaxbdk.exe
C:\WINDOWS\system32\skvjhtig.dll
C:\WINDOWS\system32\ssqpp.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\cbxvtur.dll
C:\WINDOWS\system32\cbxvtur.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fuiqvcdn.dll
C:\WINDOWS\system32\fuiqvcdn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebcayv.dll
C:\WINDOWS\system32\gebcayv.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\githjvks.ini
C:\WINDOWS\system32\githjvks.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\saxaxbdk.exe
C:\WINDOWS\system32\saxaxbdk.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\skvjhtig.dll
C:\WINDOWS\system32\skvjhtig.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqpp.dll
C:\WINDOWS\system32\ssqpp.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\gebcayv.dll
C:\WINDOWS\system32\gebcayv.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.2

Checking Java version...

Java version is 1.5.0.2

Java version is 1.5.0.4

Java version is 1.5.0.6

Scan started at 4:08:09 PM 1/24/2007

Listing files found while scanning....

C:\WINDOWS\system32\fuiqvcdn.dll

Beginning removal...

Performing Repairs to the registry.
Done!


----------



## USMCBUCK10 (Jan 21, 2007)

Logfile of HijackThis v1.99.1
Scan saved at 6:02:54 PM, on 1/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\wanmpsvc.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\AOL\1106867256\ee\AOLSoftware.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\AOL\1106867256\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCEvtHdlr.exe
C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Common Files\AOL\1106867256\ee\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\AOL\Active Security Monitor\ASMPatchManager.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\6.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\6.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\6.bin\MWSBAR.DLL
O2 - BHO: (no name) - {2ABD2D6E-8A13-4C72-841D-2B04CEC37131} - C:\WINDOWS\system32\ssqpp.dll (file missing)
O2 - BHO: COLLEGETOOLBAR - {3E15928A-26B2-40b2-A4CA-408720C444BA} - C:\PROGRA~1\THECOL~1\COLLEG~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {664A7BBA-92C4-4086-8B63-D029A149629E} - C:\WINDOWS\system32\gebcayv.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\fuiqvcdn.dll (file missing)
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: The College Toolbar - {50EC13F9-D1F6-4012-A076-F73088D8241C} - C:\Program Files\The College Toolbar\collegetoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Ejfb] C:\documents and settings\owner\local settings\temp\Ejfb.exe
O4 - HKLM\..\Run: [2P6WFAX43ZHE7C] C:\WINDOWS\System32\NjpM9X44.exe
O4 - HKLM\..\Run: [tF3P3pR] mcadss.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1106867256\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [rDM] C:\windows\system32\rDM.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1106867256\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe"
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
O4 - HKLM\..\Run: [{4858F78A-09DC-1033-1011-020409020001}] "C:\Program Files\Common Files\{4858F78A-09DC-1033-1011-020409020001}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvzox.dll,startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [cosFRfdFl] mdatoenr.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSYYYYYYYYUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - 
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://ezgreets.aavalue.com/EZG/Toolbar/EZG-toolbar.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://aolsvc.aol.com/onlinegames/trydinerdash2/DinerDash2.1.0.0.67.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://online.invokesolutions.com/events/bin/media/5.1.2.1427-3.0.0.7207/MILive.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.93.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/pcastropop/popcaploader_v7.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\ipxpromn1053p.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winips32 - winips32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


----------



## Cookiegal (Aug 27, 2003)

Please run Panda again and post the results along with a new log from WinpFind please.


----------



## USMCBUCK10 (Jan 21, 2007)

Potentially unwanted tool:Application/MyWebSearch Not disinfected c:\progra~1\mywebs~1\bar\6.bin\mwsoemon.exe 
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\SrchAstt\6.bin\MWSSRCAS.DLL 
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoestb.dll 
Potentially unwanted tool:application/mywebsearch Not disinfected c:\windows\system32\f3PSSavr.scr 
Spyware:spyware/whazit Not disinfected c:\windows\system32\fiz1 
Adware:adware/adlogix Not disinfected c:\windows\system32\retpdat32.xml 
Adware:adware/iedriver Not disinfected c:\windows\system32\sub.dll 
Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf  
Adware:adware/statblaster Not disinfected c:\windows\downloaded program files\WildApp.inf 
Adware:adware/comet Not disinfected c:\windows\inf\dm.inf 
Adware:adware/gator Not disinfected c:\windows\GatorHDPlugin.log-old.log 
Dialer:dialer.bny Not disinfected c:\windows\pcconfig.dat 
Adware:adware/ncase Not disinfected c:\temp\FLEOK 
Potentially unwanted tool:application/myway Not disinfected c:\program files\MyWay 
Adware:adware/quicksearch Not disinfected c:\program files\QuickSearch 
Adware:adware/transponder Not disinfected Windows Registry 
Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\AltnetDM 
Adware:adware/dyfuca Not disinfected Windows Registry 
Adware:adware/wupd Not disinfected Windows Registry  
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20050923215629.zip[WINDOWS/inf/Pynix.inf] 
Hacktool:Exploit/ObjectData Not disinfected C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\MB8C4Y9R\str8_pending[1].html[C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\MB8C4Y9R\str8_pending[1].html] 
Hacktool:Exploit/ObjectData Not disinfected C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\TMXN2UVD\str8_pending[1].html 
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\Kayla\Local Settings\Temp\bi.inf 
Adware:Adware/SideSearch Not disinfected C:\Documents and Settings\Kayla\Local Settings\Temp\ss_cdt_setup.exe[²	=.dll] 
Adware:Adware/SideSearch Not disinfected C:\Documents and Settings\Kayla\Local Settings\Temp\ss_cdt_setup.exe[offline.htm] 
Adware:Adware/eZula Not disinfected C:\Documents and Settings\Kayla\Local Settings\Temp\TopTextiLookup.htm 
Adware:Adware/KeenValue Not disinfected C:\Documents and Settings\Kayla\Local Settings\Temp\UpdatedUpdaterInstall.exe 
Spyware:Spyware/MarketScore Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\ab1.exe 
Adware:Adware/AdLogix Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\adlinstallwin32.exe[SWin32.dll] 
Adware:Adware/AdLogix Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\adlinstallwin32.exe[automove.exe]  
Adware:Adware/AdLogix Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\adlinstallwin32.exe[trans.exe] 
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\adlinstallwin32.exe[istinstall_adlogix.exe] 
Adware:Adware/SaveNow Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\all_files9.exe[SaveInstCsSm.exe] 
Adware:Adware/BrowserAid Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\all_files9.exe[dist1_1_00.exe] 
Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\all_files9.exe[Overpro323.exe] 
Virus:Trj/Downloader.OE Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\all_files9.exe[Overpro323.exe][dp-him.exe] 
Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\all_files9.exe[Overpro323.exe][IEHost.EXE] 
Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\all_files9.exe[Overpro323.exe][Searchx.htm] 
Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\all_files9.exe[Overpro323.exe][terrabyte.exe] 
Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\all_files9.exe[Overpro323.exe][ms.exe] 
Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\all_files9.exe[may17_loader.exe]  
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\all_files9.exe[bdl14185.exe] 
Spyware:Spyware/ClearSearch Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\all_files9.exe[ClrSchP072.exe] 
Adware:Adware/SideSearch Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\ss_cdt_setup.exe[²	=.dll] 
Adware:Adware/SideSearch Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\ss_cdt_setup.exe[offline.htm] 
Adware:Adware/StatBlaster Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\tracker9.exe 
Adware:Adware/zSearch Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\zsupdater.exe 
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Owner\Application Data\rawh\ctxad-204.0000[NDrv.dll] 
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\Owner\Local Settings\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20050923215629.zip[WINDOWS/inf/Pynix.inf] 
Virus:Trj/Bhotcher.A Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\all_files7.exe[iMeshInst.exe][WBCM_Installer.exe][BHOW.exe] 
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\ctxad.exe[NDrv.dll] 
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\ctxad.exe[NDrv.exe]  
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt[.atwola.com/] 
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt[.realmedia.com/] 
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt[.go.com/] 
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt[.drivecleaner.com/] 
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt[www.drivecleaner.com/] 
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt[stats.drivecleaner.com/] 
Spyware:Cookie/Winantivirus Not disinfected


----------



## USMCBUCK10 (Jan 21, 2007)

Incident Status Location 
C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt[.winantivirus.com/] 
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt[.errorsafe.com/] 
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt[.bravenet.com/] 
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt[.systemdoctor.com/] 
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][3].txt  
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt  
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt  
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\TEMP\Desktop\SDFix.exe[SDFix\apps\Process.exe] 
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\TEMP\Desktop\SmitfraudFix\Process.exe 
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\TEMP\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe]  
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\TEMP\Local Settings\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20050923215629.zip[WINDOWS/inf/Pynix.inf] 
Spyware:Spyware/CommonName Not disinfected C:\Documents and Settings\TEMP\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\94643832-10A2-4018-8728-EDD372\8AB9B36D-BF85-42E0-AD02-EB6BDC[inetsvc.exe] 
Spyware:Spyware/CommonName Not disinfected C:\Documents and Settings\TEMP\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\94643832-10A2-4018-8728-EDD372\8AB9B36D-BF85-42E0-AD02-EB6BDC[inetmgr.exe] 
Spyware:Spyware/CommonName Not disinfected C:\Documents and Settings\TEMP\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\94643832-10A2-4018-8728-EDD372\8AB9B36D-BF85-42E0-AD02-EB6BDC[²=] 
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\TEMP\Local Settings\Temp\Cookies\[email protected][2].txt 
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\TEMP\Local Settings\Temp\Cookies\[email protected][1].txt 
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\TEMP\Local Settings\Temp\Cookies\[email protected][2].txt 
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\tre.KAYLA\Local Settings\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20050923215629.zip[WINDOWS/inf/Pynix.inf] 
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe 
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{3858F78A-09DC-1033-1011-020409020001}\UnInstall.exe 
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Internet Explorer\msimg32.dll  
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.jar[contents.rdf] 
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.jar[menu.xul] 
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.jar[toolbarembed.html] 
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.manifest 
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\F3BROVLY.DLL 
Potentially unwanted tool:Application/MyWebSearch Not disinfected


----------



## USMCBUCK10 (Jan 21, 2007)

C:\Program Files\MyWebSearch\bar\6.bin\F3CJPEG.DLL  
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\F3DTACTL.DLL 
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\F3HISTSW.DLL 
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\F3HTTPCT.DLL 
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\F3IMSTUB.DLL 
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\F3POPSWT.DLL 
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\F3PSSAVR.SCR 
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\F3REPROX.DLL 
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\F3RESTUB.DLL 
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\F3SCHMON.EXE 
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\F3SCRCTR.DLL 
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\F3SHLLVW.DLL  
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\F3WPHOOK.DLL 
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\M3FFXTBR.JAR[contents.rdf] 
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\M3FFXTBR.JAR[menu.xul] 
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\M3FFXTBR.JAR[toolbarembed.html] 
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\M3FFXTBR.MANIFEST 
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\M3HTML.DLL 
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\M3IDLE.DLL 
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\M3MSG.DLL 
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\M3OUTLCN.DLL 
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\M3SKIN.DLL 
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\MWSOEMON.EXE  
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\MWSOEPLG.DLL 
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\MWSOESTB.DLL 
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S 
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S 
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S 
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe 
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\saxaxbdk.exe.bad 
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\skvjhtig.dll.bad 
Potentially unwanted tool:Application/Altnet Not disinfected C:\WildMedia.exe[IdmUP.dll] 
Adware:Adware Program Not disinfected C:\WildMedia.exe[Topicks.reg] 
Potentially unwanted tool:Application/Altnet Not disinfected C:\WildMedia.exe[TPReg.dll]  
Adware:Adware Program Not disinfected C:\WildMedia.exe[FileVersions.ini] 
Potentially unwanted tool:Application/Altnet Not disinfected C:\WildMedia.exe[HtCheck2.dll] 
Potentially unwanted tool:Application/Altnet Not disinfected C:\WildMedia.exe[Idhost.exe] 
Adware:Adware/EliteBar Not disinfected C:\WINDOWS\blocklist.reg 
Spyware:Cookie/Atwola Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt 
Hacktool:Exploit/ObjectData Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MB8C4Y9R\str8_pending[1].html[C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MB8C4Y9R\str8_pending[1].html] 
Hacktool:Exploit/ObjectData Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\TMXN2UVD\str8_pending[1].html 
Adware:Adware/WinAntivirus2006 Not disinfected C:\WINDOWS\system32\fmhedcys.dll 
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe 
Adware:Adware/InstDollars Not disinfected C:\WINDOWS\system32\second.awp 
Adware:Adware/WinAntivirus2006 Not disinfected C:\WINDOWS\system32\vcunqjpt.dll  
Adware:Adware/WinAntivirus2006 Not disinfected C:\WINDOWS\system32\vypcsbqk.dll 
Adware:Adware/ILookup Not disinfected C:\WINDOWS\system32\windec33.dll 
Adware:Adware/IEDriver Not disinfected C:\WINDOWS\Temp\setup4.exe


----------



## USMCBUCK10 (Jan 21, 2007)

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 1/24/2007 11:06:30 PM
WinPFind v1.5.0	Folder = C:\Documents and Settings\TEMP\Desktop\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
WSUD 9/20/2004 3:20:44 PM 16121856 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
aspack 3/18/2005 4:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll (Microsoft Corporation)
aspack 5/26/2005 2:34:52 PM 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll (Microsoft Corporation)
aspack 7/22/2005 6:59:04 PM 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll (Microsoft Corporation)
aspack 12/5/2005 5:09:18 PM 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll (Microsoft Corporation)
aspack 2/3/2006 7:43:16 AM 2332368 C:\WINDOWS\SYSTEM32\d3dx9_29.dll (Microsoft Corporation)
aspack 3/31/2006 11:40:58 AM 2388176 C:\WINDOWS\SYSTEM32\d3dx9_30.dll (Microsoft Corporation)
PEC2 8/18/2001 7:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
UPX! 9/13/2004 2:39:54 PM 69632 C:\WINDOWS\SYSTEM32\first.awp ()
UPX! 1/21/2007 1:26:28 PM 76412 C:\WINDOWS\SYSTEM32\fmhedcys.dll ()
UPX! 1/5/2007 7:06:26 PM 44060 C:\WINDOWS\SYSTEM32\gaopntlj.dll ()
UPX! 1/24/2007 3:11:00 PM HS 277104 C:\WINDOWS\SYSTEM32\jkkll.dll ()
PTech 6/10/2004 12:47:02 AM H 3279394 C:\WINDOWS\SYSTEM32\kyf.dat ()
UPX! 4/11/2000 8:44:56 PM 85504 C:\WINDOWS\SYSTEM32\lame_enc.dll ()
PTech 6/19/2006 3:19:42 PM 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll (Microsoft Corporation)
PECompact2 1/2/2007 6:19:44 PM 10980776 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 1/2/2007 6:19:44 PM 10980776 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 8/4/2004 2:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
WSUD 8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
aspack 3/26/2004 1:06:40 AM 2316336 C:\WINDOWS\SYSTEM32\NY Nights.scr (Axialis Software)
WSUD 6/12/2004 2:12:30 PM HS 2926 C:\WINDOWS\SYSTEM32\qyrwi.dat ()
Umonitor 8/4/2004 2:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
UPX! 9/13/2004 2:39:56 PM 46080 C:\WINDOWS\SYSTEM32\second.awp ()
UPX! 4/27/2006 4:49:30 PM 288417 C:\WINDOWS\SYSTEM32\SrchSTS.exe (S!Ri)
UPX! 8/29/2006 6:43:54 PM 135168 C:\WINDOWS\SYSTEM32\swreg.exe (SteelWerX)
UPX! 1/9/2006 9:36:06 AM 40960 C:\WINDOWS\SYSTEM32\swsc.exe ()
UPX! 12/1/2006 5:20:34 AM 79360 C:\WINDOWS\SYSTEM32\swxcacls.exe (SteelWerX)
UPX! 10/22/2004 4:46:50 AM 33280 C:\WINDOWS\SYSTEM32\tasklist.exe (Microsoft Corporation)
UPX! 1/23/2007 9:08:54 PM 76412 C:\WINDOWS\SYSTEM32\vcunqjpt.dll ()
UPX! 1/18/2007 10:55:54 AM 76412 C:\WINDOWS\SYSTEM32\vypcsbqk.dll ()
winsync 8/18/2001 7:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
PTech 6/19/2006 3:19:26 PM 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe (Microsoft Corporation)
UPX! 1/15/2007 5:21:54 PM 44060 C:\WINDOWS\SYSTEM32\ynsyjfuf.dll ()

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 12:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys (Smart Link)

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\HOSTS


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
1/24/2007 10:58:14 PM S 2048 C:\WINDOWS\bootstat.dat ()
1/24/2007 7:34:28 PM H 54156 C:\WINDOWS\QTFont.qfn ()
1/21/2007 3:24:52 PM RHS 168 C:\WINDOWS\system32\B89AC51B07.sys ()
1/13/2007 3:26:22 PM HS 867022 C:\WINDOWS\system32\edeeg.bak1 ()
1/14/2007 1:30:50 PM HS 861617 C:\WINDOWS\system32\edeeg.bak2 ()
1/8/2007 3:59:04 AM HS 914072 C:\WINDOWS\system32\edeeg.ini ()
1/8/2007 3:59:36 AM HS 914072 C:\WINDOWS\system32\edeeg.tmp ()
1/15/2007 1:06:20 PM HS 916403 C:\WINDOWS\system32\edeeg.tmp2 ()
1/24/2007 3:11:00 PM HS 277104 C:\WINDOWS\system32\jkkll.dll ()
1/21/2007 5:47:28 PM HS 6320 C:\WINDOWS\system32\KGyGaAvL.sys ()
1/23/2007 9:10:06 PM HS 989586 C:\WINDOWS\system32\ppqss.bak1 ()
1/24/2007 3:04:28 PM HS 1044435 C:\WINDOWS\system32\ppqss.ini ()
12/7/2006 8:30:20 PM S 9057 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923689.cat ()
12/22/2006 11:53:02 AM S 7894 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB929969.cat ()
1/24/2007 10:57:58 PM H 8192 C:\WINDOWS\system32\config\default.LOG ()
1/24/2007 10:58:50 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
1/24/2007 10:58:18 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG ()
1/24/2007 10:59:00 PM H 90112 C:\WINDOWS\system32\config\software.LOG ()
1/24/2007 10:58:26 PM H 1138688 C:\WINDOWS\system32\config\system.LOG ()
1/10/2007 3:22:26 PM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG ()
1/7/2007 1:26:00 AM S 1039 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\CFC456E7E410D69E2C6F3E2DB75C7DB3 ()
1/7/2007 1:26:00 AM S 126 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\CFC456E7E410D69E2C6F3E2DB75C7DB3 ()
1/17/2007 7:04:18 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\1d577e61-58b0-4558-bbd6-d93be246bc3d ()
1/17/2007 7:04:18 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
1/24/2007 5:55:08 PM H 6 C:\WINDOWS\Tasks\SA.DAT ()

Checking for CPL files...
8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
9/20/2004 3:20:44 PM 16121856 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
4/26/2002 6:33:40 PM 183808 C:\WINDOWS\SYSTEM32\bdeadmin.cpl ()
8/4/2004 2:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
5/15/2002 5:24:56 AM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl (Intel Corporation)
8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
6/10/2005 10:43:18 AM 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl (InstallShield Software Corporation)
8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
11/9/2006 3:07:28 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
8/18/2001 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
8/18/2001 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
7/28/2003 1:19:00 PM 143360 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl (NVIDIA Corporation)
8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
3/3/1999 2:10:02 AM 49152 C:\WINDOWS\SYSTEM32\speech.cpl (Microsoft)
8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
8/18/2001 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
8/18/2001 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
8/18/2001 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
8/18/2001 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)
5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)
5/15/2002 5:24:56 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0004\DriverFiles\igfxcpl.cpl (Intel Corporation)
6/20/2002 1:58:44 AM 629248 C:\WINDOWS\SYSTEM32\ReinstallBackups\0011\DriverFiles\ALSNDMGR.CPL (Avance Logic, Inc.)


----------



## USMCBUCK10 (Jan 21, 2007)

Checking for Downloaded Program Files...
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - QuickTime Object - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab
{11260943-421B-11D0-8EAC-0000C07D88CF} - iPIX ActiveX Control - CodeBase = http://www.ipix.com/viewers/ipixx.cab
{166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://active.macromedia.com/director/cabs/sw.cab
{17492023-C23A-453E-A040-C7C580BBF700} - Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204
{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - - CodeBase = http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
{1D6711C8-7154-40BB-8380-3DEA45B69CBF} - - CodeBase = 
{2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} - DownloadManager Control - CodeBase = http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll
{406B5949-7190-4245-91A9-30A17DE16AD0} - Snapfish Activia - CodeBase = http://www1.snapfish.com/SnapfishActivia.cab
{4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - - CodeBase = http://aolcc.aol.com/computercheckup/qdiagcc.cab
{4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - - CodeBase = http://ezgreets.aavalue.com/EZG/Toolbar/EZG-toolbar.cab
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - McAfee.com Operating System Class - CodeBase = http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
{639658F3-B141-4D6B-B936-226F75A5EAC3} - CPlayFirstDinerDash2Control Object - CodeBase = http://aolsvc.aol.com/onlinegames/trydinerdash2/DinerDash2.1.0.0.67.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab
{B9191F79-5613-4C76-AA2A-398534BB8999} - - CodeBase = http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - DwnldGroupMgr Class - CodeBase = http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - Java Plug-in 1.5.0_02 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - Java Plug-in 1.5.0_04 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
{D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} - Invoke Solutions Participant Control(MR) - CodeBase = http://online.invokesolutions.com/events/bin/media/5.1.2.1427-3.0.0.7207/MILive.cab
{DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - CPlayFirstDinerDashControl Object - CodeBase = http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.93.cab
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - PopCapLoader Object - CodeBase = http://aolsvc.aol.com/onlinegames/pcastropop/popcaploader_v7.cab
Microsoft XML Parser for Java - - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
7/24/2002 2:18:36 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
7/23/2002 7:10:30 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()
1/20/2007 1:39:46 AM 1132112 C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe ()
12/16/2006 5:22:22 PM  1353 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache ()

Checking files in %USERPROFILE%\Startup folder...
7/24/2002 2:18:36 AM HS 84 C:\Documents and Settings\TEMP\Start Menu\Programs\Startup\desktop.ini ()

Checking files in %USERPROFILE%\Application Data folder...
10/20/2004 5:59:30 PM 12358 C:\Documents and Settings\TEMP\Application Data\PFP100JCM.{PB ()
10/20/2004 5:59:30 PM 61678 C:\Documents and Settings\TEMP\Application Data\PFP100JPR.{PB ()

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

>>> Internet Explorer Settings <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.yahoo.com/
\\Search Bar - http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
\\Search Page - http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
\\Default_Page_URL - http://www.yahoo.com/
\\Default_Search_URL - http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
\\Local Page - %SystemRoot%\system32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.yahoo.com/
\\Search Bar - http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
\\Search Page - http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
\\Local Page - C:\WINDOWS\system32\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - 
\\SearchAssistant -

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - AOLTBSearch Class = C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
\\{00A6FAF6-072E-44cf-8957-5838F569A31D} - = C:\Program Files\MyWebSearch\SrchAstt\6.bin\MWSSRCAS.DLL (MyWebSearch.com)
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - = ()

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
\SOFTWARE - = ()
\{00A6FAF1-072E-44cf-8957-5838F569A31D} - MyWebSearch Search Assistant BHO = C:\Program Files\MyWebSearch\SrchAstt\6.bin\MWSSRCAS.DLL (MyWebSearch.com)
\{02478D38-C3F9-4EFB-9B51-7695ECA05670} - Yahoo! Toolbar Helper = C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
\{07B18EA1-A523-4961-B6BB-170DE4475CCA} - mwsBar BHO = C:\Program Files\MyWebSearch\bar\6.bin\MWSBAR.DLL (MyWebSearch.com)
\{2ABD2D6E-8A13-4C72-841D-2B04CEC37131} - = C:\WINDOWS\system32\ssqpp.dll ()
\{3E15928A-26B2-40b2-A4CA-408720C444BA} - COLLEGETOOLBAR = C:\PROGRA~1\THECOL~1\COLLEG~1.DLL (College Toolbars)
\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - Yahoo! IE Services Button = C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
\{664A7BBA-92C4-4086-8B63-D029A149629E} - = C:\WINDOWS\system32\gebcayv.dll ()
\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)
\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - AOL Toolbar Launcher = C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
\{7DA39570-5FD2-4f18-94B4-20730CB3F727} - = C:\WINDOWS\system32\fuiqvcdn.dll ()

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - = ()
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
\{8F4902B6-6C04-4ade-8052-AA58578A21BD} - hp toolkit = C:\WINDOWS\System32\Shdocvw.dll (Microsoft Corporation)
\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - Real.com = C:\WINDOWS\System32\Shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{30D02401-6A81-11D0-8274-00C04FD5AE38} - Search Band = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\{32683183-48a0-441b-a342-7c2a440a9478} - = ()
\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - = ()
\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} - History Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - hp toolkit = C:\HP\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
\\{BA52B914-B692-46c4-B683-905236F6F655} - = ()
\\{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar = C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
\\{50EC13F9-D1F6-4012-A076-F73088D8241C} - The College Toolbar = C:\Program Files\The College Toolbar\collegetoolbar.dll (College Toolbars)
\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - hp toolkit = C:\HP\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()
\ShellBrowser\\{50EC13F9-D1F6-4012-A076-F73088D8241C} - The College Toolbar = C:\Program Files\The College Toolbar\collegetoolbar.dll (College Toolbars)
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
\WebBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - hp toolkit = C:\HP\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()
\WebBrowser\\{40D41A8B-D79B-43D7-99A7-9EE0F344C385} - AIM Search = C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - = ()
\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar = C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
\WebBrowser\\{50EC13F9-D1F6-4012-A076-F73088D8241C} - The College Toolbar = C:\Program Files\The College Toolbar\collegetoolbar.dll (College Toolbars)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - 8192 = 
\\NEXTID - 8202
\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8193 = Sun Java Console
\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - 8195 = 
\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - 8196 = 
\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 8197 = 
\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - 8198 = 
\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8199 = Windows Messenger
\\{3369AF0D-62E9-4bda-8103-B4C75499B578} - 8200 = 
\\{e2e2dd38-d088-4134-82b7-f2ba38496583} - 8201 = @xpsp3res.dll,-20001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\CmdMapping - MenuText: = ()
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)(HKCU CLSID)
\{3369AF0D-62E9-4bda-8103-B4C75499B578} - ButtonText: AOL Toolbar = 
\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - ButtonText: Yahoo! Services = 
\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - ButtonText: AIM = C:\Program Files\AIM\aim.exe (America Online, Inc.)
\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - ButtonText: Real.com = 
\{e2e2dd38-d088-4134-82b7-f2ba38496583} - MenuText: @xpsp3res.dll,-20001 = ()
\{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
\\{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
\\{1CDB2949-8F65-4355-8456-263E7C208A5D} - Desktop Explorer = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
\\{1E9B04FB-F9E5-4718-997B-B8DA88302A47} - Desktop Explorer Menu = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
\\{5CA3D70E-1895-11CF-8E15-001234567890} - DriveLetterAccess = C:\WINDOWS\system32\dla\tfswshx.dll (VERITAS Software, Inc.)
\\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = ()
\\{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = C:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc.)
\\{5464D816-CF16-4784-B9F3-75C0DB52B499} - Yahoo! Mail = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll (Yahoo! Inc.)
\\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ()
\\{A70C977A-BF00-412C-90B7-034C51DA2439} - NvCpl DesktopContext Class = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)
\\{1E9B04FB-F9E5-4718-997B-B8DA88302A48} - nView Desktop Context Menu = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
\\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\Yahoo! Mail - {5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll (Yahoo! Inc.)

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]
\00nView - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
\igfxcui - {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} = C:\WINDOWS\System32\igfxpph.dll (Intel Corporation)
\NvCplDesktopContext - {A70C977A-BF00-412C-90B7-034C51DA2439} = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
hpsysdrv - c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
NvCplDaemon - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll ()
nwiz - C:\WINDOWS\SYSTEM32\nwiz.exe (NVIDIA Corporation)
CamMonitor - c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe ()
KBD - C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
StorageGuard - C:\Program Files\VERITAS Software\Update Manager\sgtray.exe (VERITAS Software, Inc.)
dla - C:\WINDOWS\system32\dla\tfswctrl.exe (VERITAS Software, Inc.)
Recguard - C:\WINDOWS\SMINST\RECGUARD.EXE ()
IgfxTray - C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
HotKeysCmds - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
PS2 - C:\WINDOWS\system32\ps2.exe ()
Ejfb - C:\documents and settings\owner\local settings\temp\Ejfb.exe ()
2P6WFAX43ZHE7C - C:\WINDOWS\System32\NjpM9X44.exe ()
tF3P3pR - mcadss.exe ()
AlcxMonitor - C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
MCAgentExe - c:\PROGRA~1\mcafee.com\agent\mcagent.exe (Networks Associates Technology, Inc)
MCUpdateExe - C:\PROGRA~1\mcafee.com\agent\mcupdate.exe (Networks Associates Technology, Inc)
HostManager - C:\Program Files\Common Files\AOL\1106867256\ee\AOLSoftware.exe (America Online, Inc.)
rDM - C:\windows\system32\rDM.exe ()
ISUSPM Startup - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
ISUSScheduler - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
AOLSPScheduler - C:\Program Files\Common Files\AOL\1106867256\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe (America Online)
sscRun - C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe (America Online)
OASClnt - C:\Program Files\mcafee.com\antivirus\oasclnt.exe (McAfee, Inc.)
EmailScan - C:\Program Files\mcafee.com\antivirus\mcvsescn.exe (McAfee, Inc.)
MPFExe - C:\Program Files\mcafee.com\personal firewall\MPfTray.exe (McAfee Security)
NvMediaCenter - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll ()
SsAAD.exe - C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe ()
ASM - C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe (AOL LLC)
WT GameChannel - C:\Program Files\WildTangent\Apps\GameChannel.exe (WildTangent)
TkBellExe - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
QuickTime Task - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
MyWebSearch Email Plugin - C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe (MyWebSearch.com)
{4858F78A-09DC-1033-1011-020409020001} - C:\Program Files\Common Files\{4858F78A-09DC-1033-1011-020409020001}\Update.exe ()
CTDrive - rundll32.exe C:\WINDOWS\system32\drvzox.dll ()
!AVG Anti-Spyware - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (Anti-Malware Development a.s.)


----------



## USMCBUCK10 (Jan 21, 2007)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
cosFRfdFl - mdatoenr.exe ()
Weather - C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
Yahoo! Pager - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
AOL Fast Start - C:\Program Files\America Online 9.0a\AOL.EXE (America Online, Inc.)
ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
EA Core - C:\Program Files\Electronic Arts\EA Link\Core.exe (Electronic Arts)
Aim6 - Reg Data missing or invalid ()
MyWebSearch Email Plugin - C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe (MyWebSearch.com)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\TEMP\Start Menu\Programs\Startup\desktop.ini ()

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
\\SV1 - 
\\FunWebProducts -

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]
C:\WINDOWS\System32\ipxpromn1053p.dll = ()

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
\\{664A7BBA-92C4-4086-8B63-D029A149629E} - = C:\WINDOWS\system32\gebcayv.dll ()
\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.)

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\userinit.exe,
\\Shell = Explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\igfxcui - igfxsrvc.dll = (Intel Corporation)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\WgaLogon - WgaLogon.dll = (Microsoft Corporation)
\winips32 - winips32.dll = ()
\wlballoon - wlnotify.dll = (Microsoft Corporation)

>>> DNS Name Servers <<<
{070E907D-9EC7-419C-BCDB-6BB1F0656C4B} - ()
{2F84A874-8445-4F31-B901-FB97629E9204} - (Realtek RTL8139 Family PCI Fast Ethernet NIC)
{60382598-025F-419D-9D2B-1D0AB7AD2246} - (1394 Net Adapter)

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000017\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\ipp - ()
\msdaipp - ()

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

>>> Selected AddOn's <<<

>>>>Output for AddOn file Policies.def<<<<
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} - 1
policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} - 1073741857
policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - 32
policies\system\\dontdisplaylastusername - 0
policies\system\\legalnoticecaption - 
policies\system\\legalnoticetext - 
policies\system\\shutdownwithoutlogon - 1
policies\system\\undockwithoutlogon - 1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
policies\Explorer\\NoDriveTypeAutoRun - 145
policies\System\\DisableRegistryTools - 0

>>>>Output for AddOn file Security.def<<<<
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
Security Center\\AntiVirusDisableNotify - 0
Security Center\\FirewallDisableNotify - 0
Security Center\\UpdatesDisableNotify - 0
Security Center\\AntiVirusOverride - 0
Security Center\\FirewallOverride - 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS]
BITS\\Type - 32
BITS\\Start - 3
BITS\\ErrorControl - 1
BITS\\ImagePath - %SystemRoot%\System32\svchost.exe -k netsvcs
BITS\\DisplayName - Background Intelligent Transfer Service
BITS\\DependOnService - Rpcss;
BITS\\DependOnGroup - 
BITS\\ObjectName - LocalSystem
BITS\\Description - Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
BITS\\FailureActions - 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 68 E3 0C 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 
BITS\Parameters\\ServiceDll - C:\WINDOWS\System32\qmgr.dll
BITS\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 
BITS\Enum\\0 - Root\LEGACY_BITS\0000
BITS\Enum\\Count - 1
BITS\Enum\\NextInstance - 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
SharedAccess\\Type - 32
SharedAccess\\Start - 2
SharedAccess\\ErrorControl - 1
SharedAccess\\ImagePath - %SystemRoot%\System32\svchost.exe -k netsvcs
SharedAccess\\DisplayName - Windows Firewall/Internet Connection Sharing (ICS)
SharedAccess\\DependOnService - Netman;WinMgmt;
SharedAccess\\DependOnGroup - 
SharedAccess\\ObjectName - LocalSystem
SharedAccess\\Description - Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
SharedAccess\Epoch\\Epoch - 262752
SharedAccess\Parameters\\ServiceDll - %SystemRoot%\System32\ipnathlp.dll
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe - %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0b\waol.exe - C:\Program Files\America Online 9.0b\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0c\waol.exe - C:\Program Files\America Online 9.0c\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0e\waol.exe - C:\Program Files\America Online 9.0e\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe - C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe - C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106867256\EE\AOLServiceHost.exe - C:\Program Files\Common Files\AOL\1106867256\EE\AOLServiceHost.exe:*:Enabled:AOL Services
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\AIM\aim.exe - C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe - %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000
SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP - 139:TCP:*:Enabledxpsp2res.dll,-22004
SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP - 445:TCP:*:Enabledxpsp2res.dll,-22005
SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP - 137:UDP:*:Enabledxpsp2res.dll,-22001
SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP - 138:UDP:*:Enabledxpsp2res.dll,-22002
SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall - 0
SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions - 0
SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications - 0
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe - %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\P2P Networking\P2P Networking.exe - C:\WINDOWS\system32\P2P Networking\P2P Networking.exe:*:Enabled2P Networking
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YPager.exe - C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe - C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0k\waol.exe - C:\Program Files\America Online 9.0k\waol.exe:*:Enabled:America Online 9.0k
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0f\waol.exe - C:\Program Files\America Online 9.0f\waol.exe:*:Enabled:America Online 9.0f
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe - C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0m\waol.exe - C:\Program Files\America Online 9.0m\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106303724\EE\AOLServiceHost.exe - C:\Program Files\Common Files\AOL\1106303724\EE\AOLServiceHost.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\System Information\sinf.exe - C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe - C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe - C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe - C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0a\waol.exe - C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\WinMX\WinMX.exe - C:\Program Files\WinMX\WinMX.exe:*:Enabled:WinMX Application
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0b\waol.exe - C:\Program Files\America Online 9.0b\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Kazaa\kazaa.exe - C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106867256\EE\AOLHostManager.exe - C:\Program Files\Common Files\AOL\1106867256\EE\AOLHostManager.exe:*isabled:AOLHostManager Service
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0c\waol.exe - C:\Program Files\America Online 9.0c\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0d\waol.exe - C:\Program Files\America Online 9.0d\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MusicNetOnAOL\client\bin\AOLMN.exe - C:\Program Files\MusicNetOnAOL\client\bin\AOLMN.exe:*:Enabled:MusicNet on AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\McAfee.com\agent\mcagent.exe - C:\Program Files\McAfee.com\agent\mcagent.exe:*isabled:McAfee SecurityCenter Agent
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0e\waol.exe - C:\Program Files\America Online 9.0e\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe - C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Java\jre1.5.0_02\bin\javaw.exe - C:\Program Files\Java\jre1.5.0_02\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\TEMP\Local Settings\Temp\~os275.tmp\ossproxy.exe - C:\Documents and Settings\TEMP\Local Settings\Temp\~os275.tmp\ossproxy.exe:*:Enabledssproxy.exe
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Kiwi Alpha\KiwiAlpha.exe - C:\Program Files\Kiwi Alpha\KiwiAlpha.exe:*:Enabled:KiwiAlpha
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\TEMP\Local Settings\Temp\~os4A.tmp\ossproxy.exe - C:\Documents and Settings\TEMP\Local Settings\Temp\~os4A.tmp\ossproxy.exe:*:Enabledssproxy.exe
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe - C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe - C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\c:\windows\system32\rlvknlg.exe - c:\windows\system32\rlvknlg.exe:*:Enabled:rlvknlg.exe
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\StubInstaller.exe - C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106867256\EE\aolsoftware.exe - C:\Program Files\Common Files\AOL\1106867256\EE\aolsoftware.exe:*:Enabled:AOL Services
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106867256\EE\aim6.exe - C:\Program Files\Common Files\AOL\1106867256\EE\aim6.exe:*:Enabled:AIM
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\c:\windows\system32\rk.exe - c:\windows\system32\rk.exe:*:Enabled:rk.exe
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe - C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106867256\ee\aolservicehost.exe - C:\Program Files\Common Files\AOL\1106867256\ee\aolservicehost.exe:*:Enabled:AOL Services
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe - C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM\aim.exe - C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe - %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe - C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106867256\EE\AOLOpenRide.exe - C:\Program Files\Common Files\AOL\1106867256\EE\AOLOpenRide.exe:*:Enabled:AOL OpenRide
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\TEMP\LOCALS~1\Temp\win1B63.tmp.exe - C:\DOCUME~1\TEMP\LOCALS~1\Temp\win1B63.tmp.exe:*:Enabled:win1B63.tmp
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\TEMP\winF2.tmp.exe - C:\WINDOWS\TEMP\winF2.tmp.exe:*:Enabled:winF2.tmp
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP - 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP - 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP - 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP - 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3389:TCP - 3389:TCP:*:Enabledxpsp2res.dll,-22009
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP - 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP - 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
SharedAccess\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 
SharedAccess\Setup\\ServiceUpgrade - 1
SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{86E02BD3-50CC-48B1-94C1-4CDAFCE1BBC7} - 1
SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{2F84A874-8445-4F31-B901-FB97629E9204} - 1
SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{60382598-025F-419D-9D2B-1D0AB7AD2246} - 1
SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{070E907D-9EC7-419C-BCDB-6BB1F0656C4B} - 1
SharedAccess\Enum\\0 - Root\LEGACY_SHAREDACCESS\0000
SharedAccess\Enum\\Count - 1
SharedAccess\Enum\\NextInstance - 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
wuauserv\\Type - 32
wuauserv\\Start - 2
wuauserv\\ErrorControl - 1
wuauserv\\ImagePath - %systemroot%\system32\svchost.exe -k netsvcs
wuauserv\\DisplayName - Automatic Updates
wuauserv\\ObjectName - LocalSystem
wuauserv\\Description - Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
wuauserv\Parameters\\ServiceDll - C:\WINDOWS\system32\wuauserv.dll
wuauserv\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 
wuauserv\Enum\\0 - Root\LEGACY_WUAUSERV\0000
wuauserv\Enum\\Count - 1
wuauserv\Enum\\NextInstance - 1

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


----------



## USMCBUCK10 (Jan 21, 2007)

bump...


----------



## Cookiegal (Aug 27, 2003)

Download *ComboFix* to your Desktop.

Reboot to Safe mode:

Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load. If done properly a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.

Perform the following actions in *Safe Mode*.

Double click *combofix.exe * and follow the prompts.
When finished, it will produce a log for you. Post that log and a new *HijackThis* log in your next reply
*Note: Do not mouseclick combofix's window while it's running as that may cause it to stall*


----------



## USMCBUCK10 (Jan 21, 2007)

*Combo Fix Log*

"Owner" - 07-01-25 20:08:53 Service Pack 2
ComboFix 07-01-25 - Running from: "C:\Documents and Settings\TEMP\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\INSTALL.LOG
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.72
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48
C:\Program Files\Common Files\{3858F~1
C:\Program Files\Common Files\{4858F~2
C:\Program Files\Common Files\{4858F~1
C:\Program Files\VSAdd-in

((((((((((((((((((((((((((((((( Files Created from 2006-12-25 to 2007-01-25 ))))))))))))))))))))))))))))))))))

2007-01-24 16:06 d--------	C:\DOCUME~1\ALLUSE~1\Application Data\Yahoo! Companion
2007-01-24 15:10	277,104	---hs----	C:\WINDOWS\system32\jkkll.dll
2007-01-24 14:51 d--------	C:\VundoFix Backups
2007-01-23 21:08	989,586	---hs----	C:\WINDOWS\system32\ppqss.bak1
2007-01-23 21:08	76,412	--a------	C:\WINDOWS\system32\vcunqjpt.dll
2007-01-23 17:06 d--------	C:\SDFix
2007-01-22 07:55 d--------	C:\WINDOWS\system32\ActiveScan
2007-01-21 21:47	3,968	--a------	C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-21 21:46 d--------	C:\Program Files\Grisoft
2007-01-21 20:09	79,360	--a------	C:\WINDOWS\system32\swxcacls.exe
2007-01-21 20:09	53,248	--a------	C:\WINDOWS\system32\Process.exe
2007-01-21 20:09	51,200	--a------	C:\WINDOWS\system32\dumphive.exe
2007-01-21 20:09	40,960	--a------	C:\WINDOWS\system32\swsc.exe
2007-01-21 20:09	288,417	--a------	C:\WINDOWS\system32\SrchSTS.exe
2007-01-21 20:09	135,168	--a------	C:\WINDOWS\system32\swreg.exe
2007-01-21 19:50 d--------	C:\Program Files\Hijackthis
2007-01-21 13:26	76,412	--a------	C:\WINDOWS\system32\fmhedcys.dll
2007-01-20 01:25	1,132,112	--a------	C:\DOCUME~1\ALLUSE~1\Application Data\pswi_preloaded.exe
2007-01-18 10:55	76,412	--a------	C:\WINDOWS\system32\vypcsbqk.dll
2007-01-18 02:07 d--------	C:\DOCUME~1\TEMP\Application Data\Viewpoint
2007-01-15 17:21	44,060	--a------	C:\WINDOWS\system32\ynsyjfuf.dll
2007-01-12 23:40	28,672	--a------	C:\WINDOWS\system32\f3PSSavr.scr
2007-01-10 15:22 d--------	C:\WINDOWS\ie7updates
2007-01-05 19:59	861,617	---hs----	C:\WINDOWS\system32\edeeg.bak2
2007-01-05 19:33	159,744	--a------	C:\WINDOWS\Talking Time Keeper.scr
2007-01-05 19:33 d--------	C:\Program Files\Talking Time Keeper
2007-01-05 19:32	164,352	--a------	C:\WINDOWS\system32\SpoonUninstall.exe
2007-01-05 19:06	867,022	---hs----	C:\WINDOWS\system32\edeeg.bak1
2007-01-05 19:06	44,060	--a------	C:\WINDOWS\system32\gaopntlj.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-01-25 18:26	--------	d--------	C:\Program Files\mozilla firefox
2007-01-25 00:03	--------	d--------	C:\DOCUME~1\TEMP\Application Data\weatherbug
2007-01-24 21:56	--------	d--------	C:\Program Files\the college toolbar
2007-01-24 21:42	--------	d--------	C:\Program Files\itunes
2007-01-24 21:24	--------	d--------	C:\Program Files\Common Files\scanner
2007-01-24 21:18	--------	d--------	C:\Program Files\america online 9.0a
2007-01-24 21:17	--------	d--------	C:\Program Files\america online 9.0
2007-01-24 21:17	--------	d--------	C:\Program Files\aim6
2007-01-23 13:37	--------	d--------	C:\Program Files\corel
2007-01-22 10:32	150801	--a------	C:\WildMedia.exe
2007-01-22 10:27	--------	d--------	C:\Program Files\sims2pack clean installer
2007-01-22 10:24	--------	d--------	C:\Program Files\quicktime
2007-01-22 09:47	--------	d--------	C:\Program Files\Common Files\aolshare
2007-01-22 09:47	--------	d--------	C:\Program Files\Common Files\aol
2007-01-21 17:47	6320	--ahs----	C:\WINDOWS\system32\kgygaavl.sys
2007-01-21 15:57	--------	d--------	C:\DOCUME~1\TEMP\Application Data\corel
2007-01-21 15:24	168	-r-hs----	C:\WINDOWS\system32\b89ac51b07.sys
2007-01-20 01:27	--------	d--------	C:\Program Files\Common Files\corel
2007-01-13 22:48	--------	d--------	C:\Program Files\funwebproducts
2007-01-12 23:41	--------	d--------	C:\Program Files\mywebsearch
2007-01-05 19:21	--------	d--------	C:\Program Files\Common Files\adobe
2007-01-05 19:10	--------	d--------	C:\DOCUME~1\TEMP\Application Data\adobe
2007-01-02 04:45	--------	d--------	C:\Program Files\java
2006-12-27 18:09	--------	d--------	C:\DOCUME~1\TEMP\Application Data\apple computer
2006-12-17 16:17	--------	d--------	C:\Program Files\aim
2006-12-07 01:40	2362184	--a------	C:\WINDOWS\system32\wmvcore.dll
2006-11-16 11:44	103984	--a------	C:\WINDOWS\system32\aoldial.dll
2006-11-08 00:06	679424	--a------	C:\WINDOWS\system32\inetcomm.dll
2006-11-04 14:14	1245696	--a------	C:\WINDOWS\system32\msxml4.dll
2006-11-02 20:40	174656	--a------	C:\WINDOWS\system32\psiservice.exe
2006-11-02 20:40	1456704	--a------	C:\WINDOWS\system32\psikey.dll
2006-10-27 02:44	13312	--a------	C:\WINDOWS\system32\ieudinit.exe

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"cosFRfdFl"="mdatoenr.exe"
"Weather"="C:\\Program Files\\AWS\\WeatherBug\\Weather.exe 1"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"AOL Fast Start"="\"C:\\Program Files\\America Online 9.0a\\AOL.EXE\" -b"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"EA Core"="\"C:\\Program Files\\Electronic Arts\\EA Link\\Core.exe\" -silent"
"Aim6"=""
"MyWebSearch Email Plugin"="C:\\PROGRA~1\\MYWEBS~1\\bar\\6.bin\\mwsoemon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"CamMonitor"="c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\hpqcmon.exe"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"StorageGuard"="\"C:\\Program Files\\VERITAS Software\\Update Manager\\sgtray.exe\" /r"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"Ejfb"="C:\\documents and settings\\owner\\local settings\\temp\\Ejfb.exe"
"2P6WFAX43ZHE7C"="C:\\WINDOWS\\System32\\NjpM9X44.exe"
"tF3P3pR"="mcadss.exe"
"AlcxMonitor"="ALCXMNTR.EXE"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1106867256\\ee\\AOLSoftware.exe"
"rDM"="C:\\windows\\system32\\rDM.exe"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"AOLSPScheduler"="C:\\Program Files\\Common Files\\AOL\\1106867256\\ee\\services\\sscAntiSpywarePlugin\\ver1_10_3_1\\AOLSP Scheduler.exe"
"sscRun"="C:\\Program Files\\Common Files\\AOL\\1106867256\\ee\\services\\sscFirewallPlugin\\ver1_10_3_1\\SSCRun.exe"
"OASClnt"="C:\\Program Files\\mcafee.com\\antivirus\\oasclnt.exe"
"EmailScan"="C:\\Program Files\\mcafee.com\\antivirus\\mcvsescn.exe"
"MPFExe"="C:\\Program Files\\mcafee.com\\personal firewall\\MPfTray.exe"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
"ASM"="\"C:\\Program Files\\AOL\\Active Security Monitor\\ASMonitor.exe\""
"WT GameChannel"="C:\\Program Files\\WildTangent\\Apps\\GameChannel.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"MyWebSearch Email Plugin"="C:\\PROGRA~1\\MYWEBS~1\\bar\\6.bin\\mwsoemon.exe"
"{4858F78A-09DC-1033-1011-020409020001}"="\"C:\\Program Files\\Common Files\\{4858F78A-09DC-1033-1011-020409020001}\\Update.exe\" mc-110-12-0000272"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\WINDOWS\System32\ipxpromn1053p.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{664A7BBA-92C4-4086-8B63-D029A149629E}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winips32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService	REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService	REG_MULTI_SZ DnsCache\0\0
rpcss	REG_MULTI_SZ RpcSs\0\0
imgsvc	REG_MULTI_SZ StiSvc\0\0
termsvcs	REG_MULTI_SZ TermService\0\0
HTTPFilter	REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch	REG_MULTI_SZ DcomLaunch\0TermService\0\0

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McAfee.com Update Check (KAYLA-Owner).job
C:\WINDOWS\tasks\PcbugDoctorOwner.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 07-01-25 20:21:56


----------



## USMCBUCK10 (Jan 21, 2007)

*Hijack This Log*

Logfile of HijackThis v1.99.1
Scan saved at 8:26:33 PM, on 1/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\6.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O2 - BHO: (no name) - {2ABD2D6E-8A13-4C72-841D-2B04CEC37131} - C:\WINDOWS\system32\ssqpp.dll (file missing)
O2 - BHO: COLLEGETOOLBAR - {3E15928A-26B2-40b2-A4CA-408720C444BA} - C:\PROGRA~1\THECOL~1\COLLEG~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {664A7BBA-92C4-4086-8B63-D029A149629E} - C:\WINDOWS\system32\gebcayv.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\fuiqvcdn.dll (file missing)
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: The College Toolbar - {50EC13F9-D1F6-4012-A076-F73088D8241C} - C:\Program Files\The College Toolbar\collegetoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Ejfb] C:\documents and settings\owner\local settings\temp\Ejfb.exe
O4 - HKLM\..\Run: [2P6WFAX43ZHE7C] C:\WINDOWS\System32\NjpM9X44.exe
O4 - HKLM\..\Run: [tF3P3pR] mcadss.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1106867256\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [rDM] C:\windows\system32\rDM.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1106867256\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe"
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
O4 - HKLM\..\Run: [{4858F78A-09DC-1033-1011-020409020001}] "C:\Program Files\Common Files\{4858F78A-09DC-1033-1011-020409020001}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [cosFRfdFl] mdatoenr.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSYYYYYYYYUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - 
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://ezgreets.aavalue.com/EZG/Toolbar/EZG-toolbar.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://aolsvc.aol.com/onlinegames/trydinerdash2/DinerDash2.1.0.0.67.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://online.invokesolutions.com/events/bin/media/5.1.2.1427-3.0.0.7207/MILive.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.93.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/pcastropop/popcaploader_v7.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\ipxpromn1053p.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winips32 - winips32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


----------



## Cookiegal (Aug 27, 2003)

Go to Start > Search and under "More advanced search options". 
Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"

Next click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"

Now, go to the following link and upload each of the following files for analysis and let me know what the results are please:

http://virusscan.jotti.org/

C:\DOCUME~1\ALLUSE~1\Application Data\pswi_preloaded.exe
C:\WINDOWS\system32\b89ac51b07.sys
C:\WINDOWS\System32\ipxpromn1053p.dll


----------



## USMCBUCK10 (Jan 21, 2007)

*C:\DOCUME~1\ALLUSE~1\Application Data\pswi_preloaded.exe*

AntiVir 
Found nothing
ArcaVir 
Found nothing
Avast 
Found nothing
AVG Antivirus 
Found nothing
BitDefender 
Found nothing
ClamAV 
Found nothing
Dr.Web 
Found nothing
F-Prot Antivirus 
Found nothing
F-Secure Anti-Virus 
Found nothing
Fortinet 
Found nothing
Kaspersky Anti-Virus 
Found nothing
NOD32 
Found nothing
Norman Virus Control 
Found nothing
VirusBuster 
Found nothing
VBA32 
Found nothing

*C:\WINDOWS\system32\b89ac51b07.sys*

AntiVir 
Found nothing
ArcaVir 
Found nothing
Avast 
Found nothing
AVG Antivirus 
Found nothing
BitDefender 
Found nothing
ClamAV 
Found nothing
Dr.Web 
Found nothing
F-Prot Antivirus 
Found nothing
F-Secure Anti-Virus 
Found nothing
Fortinet 
Found nothing
Kaspersky Anti-Virus 
Found nothing
NOD32 
Found nothing
Norman Virus Control 
Found nothing
VirusBuster 
Found nothing
VBA32 
Found nothing

*C:\WINDOWS\System32\ipxpromn1053p.dll*

The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file


----------



## Cookiegal (Aug 27, 2003)

The one that was 0 bytes is the one I'm most suspicious of. Let's try this and see if we can get all three of them examined closer:

Download Suspicious File Packer from http://www.safer-networking.org/en/tools/index.html and unzip it to desktop, open it & 
paste in this list of files and when it has created the archive on your desktop please upload that to http://www.thespykiller.co.uk/forum/index.php?board=1.0 so we can examine the files

*C:\DOCUME~1\ALLUSE~1\Application Data\pswi_preloaded.exe
C:\WINDOWS\system32\b89ac51b07.sys
C:\WINDOWS\System32\ipxpromn1053p.dll*

Please add a link to your post here so we know where the files came from. Thanks.


----------



## USMCBUCK10 (Jan 21, 2007)

Here's the link to my post on thespykiller

http://www.thespykiller.co.uk/forum/index.php?topic=3495.0


----------



## Cookiegal (Aug 27, 2003)

Thanks. 

While we wait for news about those files, we can continue.

I'm attaching a FixUSMCBUCK10.zip file to this post. Save it to your desktop. Unzip it and double click the FixUSMCBUCK10.reg file and allow it to enter into the registry.

Go to Control Panel - Add/Remove programs and remove:

*WildTangent
AWS (WeatherBug)
MyWebSearch
FunWebProducts*

*Click Here* and download Killbox and save it to your desktop but dont run it yet.

Rescan with HijackThis, close all browser windows except HijackThis, put a check mark beside these entries and click *fix checked*.

* 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\6.bin\MWSSRCAS.DLL

O2 - BHO: (no name) - SOFTWARE - (no file)

O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)

O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)

O2 - BHO: (no name) - {2ABD2D6E-8A13-4C72-841D-2B04CEC37131} - C:\WINDOWS\system32\ssqpp.dll (file missing)

O2 - BHO: (no name) - {664A7BBA-92C4-4086-8B63-D029A149629E} - C:\WINDOWS\system32\gebcayv.dll (file missing)

O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\fuiqvcdn.dll (file missing)

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O4 - HKLM\..\Run: [Ejfb] C:\documents and settings\owner\local 
settings\temp\Ejfb.exe

O4 - HKLM\..\Run: [2P6WFAX43ZHE7C] C:\WINDOWS\System32\NjpM9X44.exe

O4 - HKLM\..\Run: [tF3P3pR] mcadss.exe

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe

O4 - HKLM\..\Run: [{4858F78A-09DC-1033-1011-020409020001}] "C:\Program Files\Common Files\{4858F78A-09DC-1033-1011-020409020001}\Update.exe" mc-110-12-0000272

O4 - HKCU\..\Run: [cosFRfdFl] mdatoenr.exe

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSYYYYYYYYUS

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://ezgreets.aavalue.com/EZG/Toolbar/EZG-toolbar.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/pcastropop/popcaploader_v7.cab

O20 - Winlogon Notify: winips32 - winips32.dll (file missing)
*

Then boot to safe mode:

 *How to restart to safe mode*

Double-click on Killbox.exe to run it. 

Put a tick by *Standard File Kill*. 
In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:

* C:\WINDOWS\system32\jkkll.dll
C:\WINDOWS\system32\ppqss.bak1
C:\WINDOWS\system32\vcunqjpt.dll
C:\WINDOWS\system32\fmhedcys.dll
C:\WINDOWS\system32\vypcsbqk.dll
C:\DOCUME~1\TEMP\Application Data\Viewpoint
C:\WINDOWS\system32\ynsyjfuf.dll
C:\WINDOWS\system32\edeeg.bak2
C:\WINDOWS\system32\edeeg.bak1
C:\WINDOWS\system32\gaopntlj.dll
C:\WildMedia.exe
C:\Program Files\funwebproducts
C:\Program Files\mywebsearch
C:\WINDOWS\system32\P2P Networking
C:\documents and settings\owner\local 
settings\temp\Ejfb.exe
C:\WINDOWS\System32\NjpM9X44.exe
C:\WINDOWS\System32\mcadss.exe
C:\Program Files\Common Files\{4858F78A-09DC-1033-1011-020409020001}
C:\Program Files\AWS
C:\WINDOWS\System32\mdatoenr.exe
*

Click on the button that has the red circle with the X in the middle after you enter each file. 
It will ask for confirmation to delete the file. 
Click Yes. 
Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
Killbox may tell you that one or more files do not exist. 
If that happens, just continue on with all the files. Be sure you don't miss any.
Next in Killbox go to *Tools > Delete Temp Files*
In the window that pops up, put a check by *ALL* the options there *except* these three:
XP Prefetch
Recent
History

Now click the *Delete Selected Temp Files* button.
Exit the Killbox.

Boot back to Windows normally and post another WinpFind log please.

What can you tell me about The College Toolbar? I've never heard of it. Is it something you downloaded intentionally?


----------



## USMCBUCK10 (Jan 21, 2007)

Yes, I Downloaded College Toolbar as a add on for Firefox and IE. I thought I uninstalled it though. I wasnt aware it was still on my computer.


----------



## Cookiegal (Aug 27, 2003)

If you want to remove it, look to see if it's listed in the Control Panel - Add/Remove programs and if so, uninstall there.

Then fix these entries with HijackThis:

*O2 - BHO: COLLEGETOOLBAR - {3E15928A-26B2-40b2-A4CA-408720C444BA} - C:\PROGRA~1\THECOL~1\COLLEG~1.DLL

O3 - Toolbar: The College Toolbar - {50EC13F9-D1F6-4012-A076-F73088D8241C} - C:\Program Files\The College Toolbar\collegetoolbar.dll*

Lastly, remove this folder:

C:\Program Files\*The College Toolbar*


----------



## USMCBUCK10 (Jan 21, 2007)

*Win P Find Log*

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 1/26/2007 2:55:40 PM
WinPFind v1.5.0	Folder = C:\Documents and Settings\TEMP\Desktop\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
WSUD 9/20/2004 3:20:44 PM 16121856 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
aspack 3/18/2005 4:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll (Microsoft Corporation)
aspack 5/26/2005 2:34:52 PM 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll (Microsoft Corporation)
aspack 7/22/2005 6:59:04 PM 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll (Microsoft Corporation)
aspack 12/5/2005 5:09:18 PM 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll (Microsoft Corporation)
aspack 2/3/2006 7:43:16 AM 2332368 C:\WINDOWS\SYSTEM32\d3dx9_29.dll (Microsoft Corporation)
aspack 3/31/2006 11:40:58 AM 2388176 C:\WINDOWS\SYSTEM32\d3dx9_30.dll (Microsoft Corporation)
PEC2 8/18/2001 7:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
UPX! 9/13/2004 2:39:54 PM 69632 C:\WINDOWS\SYSTEM32\first.awp ()
PTech 6/10/2004 12:47:02 AM H 3279394 C:\WINDOWS\SYSTEM32\kyf.dat ()
UPX! 4/11/2000 8:44:56 PM 85504 C:\WINDOWS\SYSTEM32\lame_enc.dll ()
PTech 6/19/2006 3:19:42 PM 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll (Microsoft Corporation)
PECompact2 1/2/2007 6:19:44 PM 10980776 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 1/2/2007 6:19:44 PM 10980776 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 8/4/2004 2:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
WSUD 8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
aspack 3/26/2004 1:06:40 AM 2316336 C:\WINDOWS\SYSTEM32\NY Nights.scr (Axialis Software)
WSUD 6/12/2004 2:12:30 PM HS 2926 C:\WINDOWS\SYSTEM32\qyrwi.dat ()
Umonitor 8/4/2004 2:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
UPX! 9/13/2004 2:39:56 PM 46080 C:\WINDOWS\SYSTEM32\second.awp ()
UPX! 4/27/2006 4:49:30 PM 288417 C:\WINDOWS\SYSTEM32\SrchSTS.exe (S!Ri)
UPX! 8/29/2006 6:43:54 PM 135168 C:\WINDOWS\SYSTEM32\swreg.exe (SteelWerX)
UPX! 1/9/2006 9:36:06 AM 40960 C:\WINDOWS\SYSTEM32\swsc.exe ()
UPX! 12/1/2006 5:20:34 AM 79360 C:\WINDOWS\SYSTEM32\swxcacls.exe (SteelWerX)
UPX! 10/22/2004 4:46:50 AM 33280 C:\WINDOWS\SYSTEM32\tasklist.exe (Microsoft Corporation)
winsync 8/18/2001 7:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
PTech 6/19/2006 3:19:26 PM 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe (Microsoft Corporation)

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 12:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys (Smart Link)

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\HOSTS

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
1/26/2007 2:41:26 PM S 2048 C:\WINDOWS\bootstat.dat ()
1/25/2007 9:57:54 PM H 54156 C:\WINDOWS\QTFont.qfn ()
1/21/2007 3:24:52 PM RHS 168 C:\WINDOWS\system32\B89AC51B07.sys ()
1/8/2007 3:59:04 AM HS 914072 C:\WINDOWS\system32\edeeg.ini ()
1/8/2007 3:59:36 AM HS 914072 C:\WINDOWS\system32\edeeg.tmp ()
1/15/2007 1:06:20 PM HS 916403 C:\WINDOWS\system32\edeeg.tmp2 ()
1/21/2007 5:47:28 PM HS 6320 C:\WINDOWS\system32\KGyGaAvL.sys ()
1/24/2007 3:04:28 PM HS 1044435 C:\WINDOWS\system32\ppqss.ini ()
12/7/2006 8:30:20 PM S 9057 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923689.cat ()
12/22/2006 11:53:02 AM S 7894 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB929969.cat ()
1/26/2007 2:43:06 PM H 1024 C:\WINDOWS\system32\config\default.LOG ()
1/26/2007 2:41:36 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
1/26/2007 2:51:38 PM H 1024 C:\WINDOWS\system32\config\SECURITY.LOG ()
1/26/2007 3:03:06 PM H 1024 C:\WINDOWS\system32\config\software.LOG ()
1/26/2007 3:01:50 PM H 1024 C:\WINDOWS\system32\config\system.LOG ()
1/10/2007 3:22:26 PM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG ()
1/7/2007 1:26:00 AM S 1039 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\CFC456E7E410D69E2C6F3E2DB75C7DB3 ()
1/7/2007 1:26:00 AM S 126 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\CFC456E7E410D69E2C6F3E2DB75C7DB3 ()
1/17/2007 7:04:18 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\1d577e61-58b0-4558-bbd6-d93be246bc3d ()
1/17/2007 7:04:18 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
1/26/2007 2:41:32 PM H 6 C:\WINDOWS\Tasks\SA.DAT ()

Checking for CPL files...
8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
9/20/2004 3:20:44 PM 16121856 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
4/26/2002 6:33:40 PM 183808 C:\WINDOWS\SYSTEM32\bdeadmin.cpl ()
8/4/2004 2:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
5/15/2002 5:24:56 AM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl (Intel Corporation)
8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
6/10/2005 10:43:18 AM 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl (InstallShield Software Corporation)
8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
11/9/2006 3:07:28 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
8/18/2001 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
8/18/2001 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
7/28/2003 1:19:00 PM 143360 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl (NVIDIA Corporation)
8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
3/3/1999 2:10:02 AM 49152 C:\WINDOWS\SYSTEM32\speech.cpl (Microsoft)
8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
8/18/2001 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
8/18/2001 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
8/18/2001 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
8/18/2001 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)
5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)
5/15/2002 5:24:56 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0004\DriverFiles\igfxcpl.cpl (Intel Corporation)
6/20/2002 1:58:44 AM 629248 C:\WINDOWS\SYSTEM32\ReinstallBackups\0011\DriverFiles\ALSNDMGR.CPL (Avance Logic, Inc.)

Checking for Downloaded Program Files...
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - QuickTime Object - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab
{11260943-421B-11D0-8EAC-0000C07D88CF} - iPIX ActiveX Control - CodeBase = http://www.ipix.com/viewers/ipixx.cab
{166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://active.macromedia.com/director/cabs/sw.cab
{17492023-C23A-453E-A040-C7C580BBF700} - Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204
{2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} - DownloadManager Control - CodeBase = http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll
{406B5949-7190-4245-91A9-30A17DE16AD0} - Snapfish Activia - CodeBase = http://www1.snapfish.com/SnapfishActivia.cab
{4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - - CodeBase = http://aolcc.aol.com/computercheckup/qdiagcc.cab
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - McAfee.com Operating System Class - CodeBase = http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
{639658F3-B141-4D6B-B936-226F75A5EAC3} - CPlayFirstDinerDash2Control Object - CodeBase = http://aolsvc.aol.com/onlinegames/trydinerdash2/DinerDash2.1.0.0.67.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab
{B9191F79-5613-4C76-AA2A-398534BB8999} - - CodeBase = http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - DwnldGroupMgr Class - CodeBase = http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - Java Plug-in 1.5.0_02 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - Java Plug-in 1.5.0_04 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
{D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} - Invoke Solutions Participant Control(MR) - CodeBase = http://online.invokesolutions.com/events/bin/media/5.1.2.1427-3.0.0.7207/MILive.cab
{DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - CPlayFirstDinerDashControl Object - CodeBase = http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.93.cab
Microsoft XML Parser for Java - - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
7/24/2002 2:18:36 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
7/23/2002 7:10:30 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()
1/20/2007 1:39:46 AM 1132112 C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe ()
12/16/2006 5:22:22 PM 1353 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache ()

Checking files in %USERPROFILE%\Startup folder...
7/24/2002 2:18:36 AM HS 84 C:\Documents and Settings\TEMP\Start Menu\Programs\Startup\desktop.ini ()

Checking files in %USERPROFILE%\Application Data folder...
10/20/2004 5:59:30 PM 12358 C:\Documents and Settings\TEMP\Application Data\PFP100JCM.{PB ()
10/20/2004 5:59:30 PM 61678 C:\Documents and Settings\TEMP\Application Data\PFP100JPR.{PB ()

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

>>> Internet Explorer Settings <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.yahoo.com/
\\Search Bar - http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
\\Search Page - http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
\\Default_Page_URL - http://www.yahoo.com/
\\Default_Search_URL - http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
\\Local Page - %SystemRoot%\system32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.yahoo.com/
\\Search Bar - http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
\\Search Page - http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
\\Local Page - C:\WINDOWS\system32\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
\\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - AOLTBSearch Class = C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - = ()

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
\{02478D38-C3F9-4EFB-9B51-7695ECA05670} - Yahoo! Toolbar Helper = C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
\{3E15928A-26B2-40b2-A4CA-408720C444BA} - COLLEGETOOLBAR = C:\PROGRA~1\THECOL~1\COLLEG~1.DLL (College Toolbars)
\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - Yahoo! IE Services Button = C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)
\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - AOL Toolbar Launcher = C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - = ()
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
\{8F4902B6-6C04-4ade-8052-AA58578A21BD} - hp toolkit = C:\WINDOWS\System32\Shdocvw.dll (Microsoft Corporation)
\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - Real.com = C:\WINDOWS\System32\Shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{30D02401-6A81-11D0-8274-00C04FD5AE38} - Search Band = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\{32683183-48a0-441b-a342-7c2a440a9478} - = ()
\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - = ()
\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} - History Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - hp toolkit = C:\HP\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
\\{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar = C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
\\{50EC13F9-D1F6-4012-A076-F73088D8241C} - The College Toolbar = C:\Program Files\The College Toolbar\collegetoolbar.dll (College Toolbars)
\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - hp toolkit = C:\HP\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()
\ShellBrowser\\{50EC13F9-D1F6-4012-A076-F73088D8241C} - The College Toolbar = C:\Program Files\The College Toolbar\collegetoolbar.dll (College Toolbars)
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
\WebBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - hp toolkit = C:\HP\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()
\WebBrowser\\{40D41A8B-D79B-43D7-99A7-9EE0F344C385} - AIM Search = C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - = ()
\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar = C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
\WebBrowser\\{50EC13F9-D1F6-4012-A076-F73088D8241C} - The College Toolbar = C:\Program Files\The College Toolbar\collegetoolbar.dll (College Toolbars)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - 8192 = 
\\NEXTID - 8202
\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8193 = Sun Java Console
\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - 8195 = 
\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - 8196 = 
\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 8197 = 
\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - 8198 = 
\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8199 = Windows Messenger
\\{3369AF0D-62E9-4bda-8103-B4C75499B578} - 8200 = 
\\{e2e2dd38-d088-4134-82b7-f2ba38496583} - 8201 = @xpsp3res.dll,-20001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\CmdMapping - MenuText: = ()
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)(HKCU CLSID)
\{3369AF0D-62E9-4bda-8103-B4C75499B578} - ButtonText: AOL Toolbar = 
\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - ButtonText: Yahoo! Services = 
\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - ButtonText: AIM = C:\Program Files\AIM\aim.exe (America Online, Inc.)
\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - ButtonText: Real.com = 
\{e2e2dd38-d088-4134-82b7-f2ba38496583} - MenuText: @xpsp3res.dll,-20001 = ()
\{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
\\{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
\\{1CDB2949-8F65-4355-8456-263E7C208A5D} - Desktop Explorer = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
\\{1E9B04FB-F9E5-4718-997B-B8DA88302A47} - Desktop Explorer Menu = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
\\{5CA3D70E-1895-11CF-8E15-001234567890} - DriveLetterAccess = C:\WINDOWS\system32\dla\tfswshx.dll (VERITAS Software, Inc.)
\\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = ()
\\{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = C:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc.)
\\{5464D816-CF16-4784-B9F3-75C0DB52B499} - Yahoo! Mail = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll (Yahoo! Inc.)
\\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ()
\\{A70C977A-BF00-412C-90B7-034C51DA2439} - NvCpl DesktopContext Class = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)
\\{1E9B04FB-F9E5-4718-997B-B8DA88302A48} - nView Desktop Context Menu = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
\\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\Yahoo! Mail - {5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll (Yahoo! Inc.)

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]
\00nView - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
\igfxcui - {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} = C:\WINDOWS\System32\igfxpph.dll (Intel Corporation)
\NvCplDesktopContext - {A70C977A-BF00-412C-90B7-034C51DA2439} = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()


----------



## USMCBUCK10 (Jan 21, 2007)

*Win P Find Log Continued*

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
hpsysdrv - c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
NvCplDaemon - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll ()
nwiz - C:\WINDOWS\SYSTEM32\nwiz.exe (NVIDIA Corporation)
CamMonitor - c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe ()
KBD - C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
StorageGuard - C:\Program Files\VERITAS Software\Update Manager\sgtray.exe (VERITAS Software, Inc.)
dla - C:\WINDOWS\system32\dla\tfswctrl.exe (VERITAS Software, Inc.)
Recguard - C:\WINDOWS\SMINST\RECGUARD.EXE ()
IgfxTray - C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
HotKeysCmds - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
PS2 - C:\WINDOWS\system32\ps2.exe ()
Ejfb - C:\documents and settings\owner\local settings\temp\Ejfb.exe ()
MCAgentExe - c:\PROGRA~1\mcafee.com\agent\mcagent.exe (Networks Associates Technology, Inc)
MCUpdateExe - C:\PROGRA~1\mcafee.com\agent\mcupdate.exe (Networks Associates Technology, Inc)
HostManager - C:\Program Files\Common Files\AOL\1106867256\ee\AOLSoftware.exe (America Online, Inc.)
rDM - C:\windows\system32\rDM.exe ()
ISUSPM Startup - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
ISUSScheduler - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
AOLSPScheduler - C:\Program Files\Common Files\AOL\1106867256\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe (America Online)
sscRun - C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe (America Online)
OASClnt - C:\Program Files\mcafee.com\antivirus\oasclnt.exe (McAfee, Inc.)
EmailScan - C:\Program Files\mcafee.com\antivirus\mcvsescn.exe (McAfee, Inc.)
MPFExe - C:\Program Files\mcafee.com\personal firewall\MPfTray.exe (McAfee Security)
NvMediaCenter - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll ()
SsAAD.exe - C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe ()
ASM - C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe (AOL LLC)
TkBellExe - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
QuickTime Task - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
CTDrive - rundll32.exe C:\WINDOWS\system32\drvzox.dll ()
!AVG Anti-Spyware - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (Anti-Malware Development a.s.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
Yahoo! Pager - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
AOL Fast Start - C:\Program Files\America Online 9.0a\AOL.EXE (America Online, Inc.)
ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
EA Core - C:\Program Files\Electronic Arts\EA Link\Core.exe (Electronic Arts)
Aim6 - Reg Data missing or invalid ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\TEMP\Start Menu\Programs\Startup\desktop.ini ()

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
\\SV1 -

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]
C:\WINDOWS\System32\ipxpromn1053p.dll = ()

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
\\{664A7BBA-92C4-4086-8B63-D029A149629E} - = ()
\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.)

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\userinit.exe,
\\Shell = Explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\igfxcui - igfxsrvc.dll = (Intel Corporation)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\WgaLogon - WgaLogon.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)

>>> DNS Name Servers <<<
{070E907D-9EC7-419C-BCDB-6BB1F0656C4B} - ()
{2F84A874-8445-4F31-B901-FB97629E9204} - (Realtek RTL8139 Family PCI Fast Ethernet NIC)
{60382598-025F-419D-9D2B-1D0AB7AD2246} - (1394 Net Adapter)

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000017\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\ipp - ()
\msdaipp - ()

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

>>> Selected AddOn's <<<

>>>>Output for AddOn file Policies.def<<<<
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} - 1
policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} - 1073741857
policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - 32
policies\system\\dontdisplaylastusername - 0
policies\system\\legalnoticecaption - 
policies\system\\legalnoticetext - 
policies\system\\shutdownwithoutlogon - 1
policies\system\\undockwithoutlogon - 1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
policies\Explorer\\NoDriveTypeAutoRun - 145
policies\System\\DisableRegistryTools - 0

>>>>Output for AddOn file Security.def<<<<
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
Security Center\\AntiVirusDisableNotify - 0
Security Center\\FirewallDisableNotify - 0
Security Center\\UpdatesDisableNotify - 0
Security Center\\AntiVirusOverride - 0
Security Center\\FirewallOverride - 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS]
BITS\\Type - 32
BITS\\Start - 3
BITS\\ErrorControl - 1
BITS\\ImagePath - %SystemRoot%\System32\svchost.exe -k netsvcs
BITS\\DisplayName - Background Intelligent Transfer Service
BITS\\DependOnService - Rpcss;
BITS\\DependOnGroup - 
BITS\\ObjectName - LocalSystem
BITS\\Description - Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
BITS\\FailureActions - 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 68 E3 0C 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 
BITS\Parameters\\ServiceDll - C:\WINDOWS\System32\qmgr.dll
BITS\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 
BITS\Enum\\0 - Root\LEGACY_BITS\0000
BITS\Enum\\Count - 1
BITS\Enum\\NextInstance - 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
SharedAccess\\Type - 32
SharedAccess\\Start - 2
SharedAccess\\ErrorControl - 1
SharedAccess\\ImagePath - %SystemRoot%\System32\svchost.exe -k netsvcs
SharedAccess\\DisplayName - Windows Firewall/Internet Connection Sharing (ICS)
SharedAccess\\DependOnService - Netman;WinMgmt;
SharedAccess\\DependOnGroup - 
SharedAccess\\ObjectName - LocalSystem
SharedAccess\\Description - Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
SharedAccess\Epoch\\Epoch - 263537
SharedAccess\Parameters\\ServiceDll - %SystemRoot%\System32\ipnathlp.dll
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe - %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0b\waol.exe - C:\Program Files\America Online 9.0b\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0c\waol.exe - C:\Program Files\America Online 9.0c\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0e\waol.exe - C:\Program Files\America Online 9.0e\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe - C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe - C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106867256\EE\AOLServiceHost.exe - C:\Program Files\Common Files\AOL\1106867256\EE\AOLServiceHost.exe:*:Enabled:AOL Services
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\AIM\aim.exe - C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe - %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000
SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP - 139:TCP:*:Enabledxpsp2res.dll,-22004
SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP - 445:TCP:*:Enabledxpsp2res.dll,-22005
SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP - 137:UDP:*:Enabledxpsp2res.dll,-22001
SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP - 138:UDP:*:Enabledxpsp2res.dll,-22002
SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall - 0
SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions - 0
SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications - 0
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe - %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YPager.exe - C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe - C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0k\waol.exe - C:\Program Files\America Online 9.0k\waol.exe:*:Enabled:America Online 9.0k
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0f\waol.exe - C:\Program Files\America Online 9.0f\waol.exe:*:Enabled:America Online 9.0f
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe - C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0m\waol.exe - C:\Program Files\America Online 9.0m\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106303724\EE\AOLServiceHost.exe - C:\Program Files\Common Files\AOL\1106303724\EE\AOLServiceHost.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\System Information\sinf.exe - C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe - C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe - C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe - C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0a\waol.exe - C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\WinMX\WinMX.exe - C:\Program Files\WinMX\WinMX.exe:*:Enabled:WinMX Application
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0b\waol.exe - C:\Program Files\America Online 9.0b\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Kazaa\kazaa.exe - C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106867256\EE\AOLHostManager.exe - C:\Program Files\Common Files\AOL\1106867256\EE\AOLHostManager.exe:*isabled:AOLHostManager Service
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0c\waol.exe - C:\Program Files\America Online 9.0c\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0d\waol.exe - C:\Program Files\America Online 9.0d\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MusicNetOnAOL\client\bin\AOLMN.exe - C:\Program Files\MusicNetOnAOL\client\bin\AOLMN.exe:*:Enabled:MusicNet on AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\McAfee.com\agent\mcagent.exe - C:\Program Files\McAfee.com\agent\mcagent.exe:*isabled:McAfee SecurityCenter Agent
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0e\waol.exe - C:\Program Files\America Online 9.0e\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe - C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Java\jre1.5.0_02\bin\javaw.exe - C:\Program Files\Java\jre1.5.0_02\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Kiwi Alpha\KiwiAlpha.exe - C:\Program Files\Kiwi Alpha\KiwiAlpha.exe:*:Enabled:KiwiAlpha
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe - C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe - C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\StubInstaller.exe - C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106867256\EE\aolsoftware.exe - C:\Program Files\Common Files\AOL\1106867256\EE\aolsoftware.exe:*:Enabled:AOL Services
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106867256\EE\aim6.exe - C:\Program Files\Common Files\AOL\1106867256\EE\aim6.exe:*:Enabled:AIM
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe - C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106867256\ee\aolservicehost.exe - C:\Program Files\Common Files\AOL\1106867256\ee\aolservicehost.exe:*:Enabled:AOL Services
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe - C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM\aim.exe - C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe - %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe - C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106867256\EE\AOLOpenRide.exe - C:\Program Files\Common Files\AOL\1106867256\EE\AOLOpenRide.exe:*:Enabled:AOL OpenRide
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\TEMP\LOCALS~1\Temp\win1B63.tmp.exe - C:\DOCUME~1\TEMP\LOCALS~1\Temp\win1B63.tmp.exe:*:Enabled:win1B63.tmp
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\TEMP\winF2.tmp.exe - C:\WINDOWS\TEMP\winF2.tmp.exe:*:Enabled:winF2.tmp
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP - 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP - 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP - 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP - 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3389:TCP - 3389:TCP:*:Enabledxpsp2res.dll,-22009
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP - 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP - 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
SharedAccess\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 
SharedAccess\Setup\\ServiceUpgrade - 1
SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{86E02BD3-50CC-48B1-94C1-4CDAFCE1BBC7} - 1
SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{2F84A874-8445-4F31-B901-FB97629E9204} - 1
SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{60382598-025F-419D-9D2B-1D0AB7AD2246} - 1
SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{070E907D-9EC7-419C-BCDB-6BB1F0656C4B} - 1
SharedAccess\Enum\\0 - Root\LEGACY_SHAREDACCESS\0000
SharedAccess\Enum\\Count - 1
SharedAccess\Enum\\NextInstance - 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
wuauserv\\Type - 32
wuauserv\\Start - 2
wuauserv\\ErrorControl - 1
wuauserv\\ImagePath - %systemroot%\system32\svchost.exe -k netsvcs
wuauserv\\DisplayName - Automatic Updates
wuauserv\\ObjectName - LocalSystem
wuauserv\\Description - Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
wuauserv\Parameters\\ServiceDll - C:\WINDOWS\system32\wuauserv.dll
wuauserv\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 
wuauserv\Enum\\0 - Root\LEGACY_WUAUSERV\0000
wuauserv\Enum\\Count - 1
wuauserv\Enum\\NextInstance - 1

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


----------



## Cookiegal (Aug 27, 2003)

There will be more files to delete but I think it's best to wait until we hear back about those other files before continuing.

Please post a new HijackThis log in the meantime.


----------



## USMCBUCK10 (Jan 21, 2007)

*New Hijack This Log*

Logfile of HijackThis v1.99.1
Scan saved at 6:52:31 PM, on 1/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\AOL\1106867256\ee\AOLSoftware.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\1106867256\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\Common Files\AOL\1106867256\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCEvtHdlr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\program files\common files\aol\1106867256\ee\aolssc.exe
C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Ejfb] C:\documents and settings\owner\local settings\temp\Ejfb.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1106867256\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [rDM] C:\windows\system32\rDM.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1106867256\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvzox.dll,startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://aolsvc.aol.com/onlinegames/trydinerdash2/DinerDash2.1.0.0.67.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://online.invokesolutions.com/events/bin/media/5.1.2.1427-3.0.0.7207/MILive.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.93.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\ipxpromn1053p.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


----------



## USMCBUCK10 (Jan 21, 2007)

bump


----------



## USMCBUCK10 (Jan 21, 2007)

They have responded with this



> C:\DOCUME~1\ALLUSE~1\Application Data\pswi_preloaded.exe is something to do with corel snapfire & paintshop pro & is harmless
> 
> C:\WINDOWS\system32\b89ac51b07.sys I am looking at further & will see what I can find
> It's not being detected by anything and it's a very small file. many of these drivers are not malicious in themselves but block other things so to be safe delete it as well
> ...


http://www.thespykiller.co.uk/forum/index.php?topic=3495.0


----------



## Cookiegal (Aug 27, 2003)

I'm attaching a Fixusmcbuck2.zip file. Save it to your desktop. Unzip it and double click the Fixusmcbuck2.reg file and allow it to enter into the registry.

Rescan with HijackThis and fix these entries:

*O4 - HKLM\..\Run: [Ejfb] C:\documents and settings\owner\local settings\temp\Ejfb.exe

O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvzox.dll,startup

O20 - AppInit_DLLs: C:\WINDOWS\System32\ipxpromn1053p.dll*

Reboot to safe mode and run Killbox on these items:

*C:\WINDOWS\system32\b89ac51b07.sys
C:\WINDOWS\System32\ipxpromn1053p.dll
C:\WINDOWS\SYSTEM32\first.awp
C:\WINDOWS\SYSTEM32\second.awp
C:\WINDOWS\SYSTEM32\kyf.dat
C:\WINDOWS\SYSTEM32\qyrwi.dat
C:\WINDOWS\system32\edeeg.ini
C:\WINDOWS\system32\edeeg.tmp
C:\WINDOWS\system32\edeeg.tmp2
C:\WINDOWS\system32\ppqss.ini
C:\\WINDOWS\TEMP\winF2.tmp.exe
C:\documents and settings\owner\local settings\temp\Ejfb.exe
C:\WINDOWS\system32\drvzox.dll*

Reboot and post a new HijackThis log along with a new WinpFind log.


----------



## USMCBUCK10 (Jan 21, 2007)

*Hijack This Log*

Logfile of HijackThis v1.99.1
Scan saved at 6:53:25 PM, on 1/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\AOL\1106867256\ee\AOLSoftware.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\AOL\1106867256\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCEvtHdlr.exe
C:\Program Files\Common Files\AOL\1106867256\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\common files\aol\1106867256\ee\aolssc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1106867256\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [rDM] C:\windows\system32\rDM.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1106867256\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://aolsvc.aol.com/onlinegames/trydinerdash2/DinerDash2.1.0.0.67.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://online.invokesolutions.com/events/bin/media/5.1.2.1427-3.0.0.7207/MILive.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.93.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


----------



## USMCBUCK10 (Jan 21, 2007)

*WinPFind Log*

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 1/27/2007 6:55:03 PM
WinPFind v1.5.0	Folder = C:\Documents and Settings\TEMP\Desktop\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
WSUD 9/20/2004 3:20:44 PM 16121856 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
aspack 3/18/2005 4:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll (Microsoft Corporation)
aspack 5/26/2005 2:34:52 PM 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll (Microsoft Corporation)
aspack 7/22/2005 6:59:04 PM 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll (Microsoft Corporation)
aspack 12/5/2005 5:09:18 PM 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll (Microsoft Corporation)
aspack 2/3/2006 7:43:16 AM 2332368 C:\WINDOWS\SYSTEM32\d3dx9_29.dll (Microsoft Corporation)
aspack 3/31/2006 11:40:58 AM 2388176 C:\WINDOWS\SYSTEM32\d3dx9_30.dll (Microsoft Corporation)
PEC2 8/18/2001 7:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
UPX! 4/11/2000 8:44:56 PM 85504 C:\WINDOWS\SYSTEM32\lame_enc.dll ()
PTech 6/19/2006 3:19:42 PM 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll (Microsoft Corporation)
PECompact2 1/2/2007 6:19:44 PM 10980776 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 1/2/2007 6:19:44 PM 10980776 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 8/4/2004 2:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
WSUD 8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
aspack 3/26/2004 1:06:40 AM 2316336 C:\WINDOWS\SYSTEM32\NY Nights.scr (Axialis Software)
Umonitor 8/4/2004 2:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
UPX! 4/27/2006 4:49:30 PM 288417 C:\WINDOWS\SYSTEM32\SrchSTS.exe (S!Ri)
UPX! 8/29/2006 6:43:54 PM 135168 C:\WINDOWS\SYSTEM32\swreg.exe (SteelWerX)
UPX! 1/9/2006 9:36:06 AM 40960 C:\WINDOWS\SYSTEM32\swsc.exe ()
UPX! 12/1/2006 5:20:34 AM 79360 C:\WINDOWS\SYSTEM32\swxcacls.exe (SteelWerX)
UPX! 10/22/2004 4:46:50 AM 33280 C:\WINDOWS\SYSTEM32\tasklist.exe (Microsoft Corporation)
winsync 8/18/2001 7:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
PTech 6/19/2006 3:19:26 PM 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe (Microsoft Corporation)

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 12:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys (Smart Link)

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\HOSTS

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
 1/27/2007 6:38:56 PM S 2048 C:\WINDOWS\bootstat.dat ()
1/26/2007 3:27:30 PM H 54156 C:\WINDOWS\QTFont.qfn ()
1/21/2007 5:47:28 PM HS 6320 C:\WINDOWS\system32\KGyGaAvL.sys ()
12/7/2006 8:30:20 PM S 9057 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923689.cat ()
12/22/2006 11:53:02 AM S 7894 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB929969.cat ()
1/27/2007 6:41:28 PM H 1024 C:\WINDOWS\system32\config\default.LOG ()
1/27/2007 6:39:06 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
1/27/2007 6:41:30 PM H 1024 C:\WINDOWS\system32\config\SECURITY.LOG ()
1/27/2007 6:58:06 PM H 1024 C:\WINDOWS\system32\config\software.LOG ()
1/27/2007 6:59:36 PM H 1024 C:\WINDOWS\system32\config\system.LOG ()
1/10/2007 3:22:26 PM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG ()
1/7/2007 1:26:00 AM S 1039 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\CFC456E7E410D69E2C6F3E2DB75C7DB3 ()
1/7/2007 1:26:00 AM S 126 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\CFC456E7E410D69E2C6F3E2DB75C7DB3 ()
1/17/2007 7:04:18 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\1d577e61-58b0-4558-bbd6-d93be246bc3d ()
1/17/2007 7:04:18 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
1/27/2007 6:39:00 PM H 6 C:\WINDOWS\Tasks\SA.DAT ()

Checking for CPL files...
8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
9/20/2004 3:20:44 PM 16121856 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
4/26/2002 6:33:40 PM 183808 C:\WINDOWS\SYSTEM32\bdeadmin.cpl ()
8/4/2004 2:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
5/15/2002 5:24:56 AM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl (Intel Corporation)
8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
6/10/2005 10:43:18 AM 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl (InstallShield Software Corporation)
8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
11/9/2006 3:07:28 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
8/18/2001 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
8/18/2001 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
7/28/2003 1:19:00 PM 143360 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl (NVIDIA Corporation)
8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
3/3/1999 2:10:02 AM 49152 C:\WINDOWS\SYSTEM32\speech.cpl (Microsoft)
8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
8/18/2001 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
8/18/2001 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
8/18/2001 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
8/18/2001 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)
5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)
5/15/2002 5:24:56 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0004\DriverFiles\igfxcpl.cpl (Intel Corporation)
6/20/2002 1:58:44 AM 629248 C:\WINDOWS\SYSTEM32\ReinstallBackups\0011\DriverFiles\ALSNDMGR.CPL (Avance Logic, Inc.)

Checking for Downloaded Program Files...
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - QuickTime Object - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab
{11260943-421B-11D0-8EAC-0000C07D88CF} - iPIX ActiveX Control - CodeBase = http://www.ipix.com/viewers/ipixx.cab
{166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://active.macromedia.com/director/cabs/sw.cab
{17492023-C23A-453E-A040-C7C580BBF700} - Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204
{2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} - DownloadManager Control - CodeBase = http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll
{406B5949-7190-4245-91A9-30A17DE16AD0} - Snapfish Activia - CodeBase = http://www1.snapfish.com/SnapfishActivia.cab
{4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - - CodeBase = http://aolcc.aol.com/computercheckup/qdiagcc.cab
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - McAfee.com Operating System Class - CodeBase = http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
{639658F3-B141-4D6B-B936-226F75A5EAC3} - CPlayFirstDinerDash2Control Object - CodeBase = http://aolsvc.aol.com/onlinegames/trydinerdash2/DinerDash2.1.0.0.67.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab
{B9191F79-5613-4C76-AA2A-398534BB8999} - - CodeBase = http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - DwnldGroupMgr Class - CodeBase = http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - Java Plug-in 1.5.0_02 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - Java Plug-in 1.5.0_04 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
{D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} - Invoke Solutions Participant Control(MR) - CodeBase = http://online.invokesolutions.com/events/bin/media/5.1.2.1427-3.0.0.7207/MILive.cab
{DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - CPlayFirstDinerDashControl Object - CodeBase = http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.93.cab
Microsoft XML Parser for Java - - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
7/24/2002 2:18:36 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
7/23/2002 7:10:30 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()
1/20/2007 1:39:46 AM 1132112 C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe ()
12/16/2006 5:22:22 PM 1353 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache ()

Checking files in %USERPROFILE%\Startup folder...
7/24/2002 2:18:36 AM HS 84 C:\Documents and Settings\TEMP\Start Menu\Programs\Startup\desktop.ini ()

Checking files in %USERPROFILE%\Application Data folder...
10/20/2004 5:59:30 PM 12358 C:\Documents and Settings\TEMP\Application Data\PFP100JCM.{PB ()
10/20/2004 5:59:30 PM 61678 C:\Documents and Settings\TEMP\Application Data\PFP100JPR.{PB ()

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

>>> Internet Explorer Settings <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.yahoo.com/
\\Search Bar - http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
\\Search Page - http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
\\Default_Page_URL - http://www.yahoo.com/
\\Default_Search_URL - http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
\\Local Page - %SystemRoot%\system32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.yahoo.com/
\\Search Bar - http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
\\Search Page - http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
\\Local Page - C:\WINDOWS\system32\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
\\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - AOLTBSearch Class = C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - = ()

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
\{02478D38-C3F9-4EFB-9B51-7695ECA05670} - Yahoo! Toolbar Helper = C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - Yahoo! IE Services Button = C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)
\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - AOL Toolbar Launcher = C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - = ()
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
\{8F4902B6-6C04-4ade-8052-AA58578A21BD} - hp toolkit = C:\WINDOWS\System32\Shdocvw.dll (Microsoft Corporation)
\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - Real.com = C:\WINDOWS\System32\Shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{30D02401-6A81-11D0-8274-00C04FD5AE38} - Search Band = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\{32683183-48a0-441b-a342-7c2a440a9478} - = ()
\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - = ()
\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} - History Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - hp toolkit = C:\HP\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
\\{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar = C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - hp toolkit = C:\HP\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()
\ShellBrowser\\{50EC13F9-D1F6-4012-A076-F73088D8241C} - The College Toolbar = C:\Program Files\The College Toolbar\collegetoolbar.dll ()
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
\WebBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - hp toolkit = C:\HP\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()
\WebBrowser\\{40D41A8B-D79B-43D7-99A7-9EE0F344C385} - AIM Search = C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - = ()
\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar = C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
\WebBrowser\\{50EC13F9-D1F6-4012-A076-F73088D8241C} - The College Toolbar = C:\Program Files\The College Toolbar\collegetoolbar.dll ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - 8192 = 
\\NEXTID - 8202
\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8193 = Sun Java Console
\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - 8195 = 
\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - 8196 = 
\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 8197 = 
\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - 8198 = 
\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8199 = Windows Messenger
\\{3369AF0D-62E9-4bda-8103-B4C75499B578} - 8200 = 
\\{e2e2dd38-d088-4134-82b7-f2ba38496583} - 8201 = @xpsp3res.dll,-20001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\CmdMapping - MenuText: = ()
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)(HKCU CLSID)
\{3369AF0D-62E9-4bda-8103-B4C75499B578} - ButtonText: AOL Toolbar = 
\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - ButtonText: Yahoo! Services = 
\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - ButtonText: AIM = C:\Program Files\AIM\aim.exe (America Online, Inc.)
\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - ButtonText: Real.com = 
\{e2e2dd38-d088-4134-82b7-f2ba38496583} - MenuText: @xpsp3res.dll,-20001 = ()
\{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
\\{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
\\{1CDB2949-8F65-4355-8456-263E7C208A5D} - Desktop Explorer = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
\\{1E9B04FB-F9E5-4718-997B-B8DA88302A47} - Desktop Explorer Menu = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
\\{5CA3D70E-1895-11CF-8E15-001234567890} - DriveLetterAccess = C:\WINDOWS\system32\dla\tfswshx.dll (VERITAS Software, Inc.)
\\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = ()
\\{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = C:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc.)
\\{5464D816-CF16-4784-B9F3-75C0DB52B499} - Yahoo! Mail = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll (Yahoo! Inc.)
\\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ()
\\{A70C977A-BF00-412C-90B7-034C51DA2439} - NvCpl DesktopContext Class = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)
\\{1E9B04FB-F9E5-4718-997B-B8DA88302A48} - nView Desktop Context Menu = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
\\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\Yahoo! Mail - {5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll (Yahoo! Inc.)


----------



## USMCBUCK10 (Jan 21, 2007)

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]
\00nView - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
\igfxcui - {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} = C:\WINDOWS\System32\igfxpph.dll (Intel Corporation)
\NvCplDesktopContext - {A70C977A-BF00-412C-90B7-034C51DA2439} = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
hpsysdrv - c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
NvCplDaemon - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll ()
nwiz - C:\WINDOWS\SYSTEM32\nwiz.exe (NVIDIA Corporation)
CamMonitor - c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe ()
KBD - C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
StorageGuard - C:\Program Files\VERITAS Software\Update Manager\sgtray.exe (VERITAS Software, Inc.)
dla - C:\WINDOWS\system32\dla\tfswctrl.exe (VERITAS Software, Inc.)
Recguard - C:\WINDOWS\SMINST\RECGUARD.EXE ()
IgfxTray - C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
HotKeysCmds - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
PS2 - C:\WINDOWS\system32\ps2.exe ()
MCAgentExe - c:\PROGRA~1\mcafee.com\agent\mcagent.exe (Networks Associates Technology, Inc)
MCUpdateExe - C:\PROGRA~1\mcafee.com\agent\McUpdate.exe (Networks Associates Technology, Inc)
HostManager - C:\Program Files\Common Files\AOL\1106867256\ee\AOLSoftware.exe (America Online, Inc.)
rDM - C:\windows\system32\rDM.exe ()
ISUSPM Startup - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
ISUSScheduler - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
AOLSPScheduler - C:\Program Files\Common Files\AOL\1106867256\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe (America Online)
sscRun - C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe (America Online)
OASClnt - C:\Program Files\mcafee.com\antivirus\oasclnt.exe (McAfee, Inc.)
EmailScan - C:\Program Files\mcafee.com\antivirus\mcvsescn.exe (McAfee, Inc.)
MPFExe - C:\Program Files\mcafee.com\personal firewall\MPfTray.exe (McAfee Security)
NvMediaCenter - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll ()
SsAAD.exe - C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe ()
ASM - C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe (AOL LLC)
TkBellExe - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
QuickTime Task - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
!AVG Anti-Spyware - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (Anti-Malware Development a.s.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
Yahoo! Pager - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
AOL Fast Start - C:\Program Files\America Online 9.0a\AOL.EXE (America Online, Inc.)
ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
EA Core - C:\Program Files\Electronic Arts\EA Link\Core.exe (Electronic Arts)
Aim6 - Reg Data missing or invalid ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\TEMP\Start Menu\Programs\Startup\desktop.ini ()

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
\\SV1 -

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
\\{664A7BBA-92C4-4086-8B63-D029A149629E} - = ()
\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.)

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\userinit.exe,
\\Shell = Explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\igfxcui - igfxsrvc.dll = (Intel Corporation)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\WgaLogon - WgaLogon.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)

>>> DNS Name Servers <<<
{070E907D-9EC7-419C-BCDB-6BB1F0656C4B} - ()
{2F84A874-8445-4F31-B901-FB97629E9204} - (Realtek RTL8139 Family PCI Fast Ethernet NIC)
{60382598-025F-419D-9D2B-1D0AB7AD2246} - (1394 Net Adapter)

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000017\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\ipp - ()
\msdaipp - ()

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

>>> Selected AddOn's <<<

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


----------



## Cookiegal (Aug 27, 2003)

You did not include the add-ons in the WinpFind log and that is specifically a part that I need to see so please post the add-ons portion.


----------



## USMCBUCK10 (Jan 21, 2007)

Whoops, sorry about that.


----------



## USMCBUCK10 (Jan 21, 2007)

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 1/28/2007 9:16:05 PM
WinPFind v1.5.0	Folder = C:\Documents and Settings\TEMP\Desktop\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
WSUD 9/20/2004 3:20:44 PM 16121856 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
aspack 3/18/2005 4:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll (Microsoft Corporation)
aspack 5/26/2005 2:34:52 PM 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll (Microsoft Corporation)
aspack 7/22/2005 6:59:04 PM 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll (Microsoft Corporation)
aspack 12/5/2005 5:09:18 PM 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll (Microsoft Corporation)
aspack 2/3/2006 7:43:16 AM 2332368 C:\WINDOWS\SYSTEM32\d3dx9_29.dll (Microsoft Corporation)
aspack 3/31/2006 11:40:58 AM 2388176 C:\WINDOWS\SYSTEM32\d3dx9_30.dll (Microsoft Corporation)
PEC2 8/18/2001 7:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
UPX! 4/11/2000 8:44:56 PM 85504  C:\WINDOWS\SYSTEM32\lame_enc.dll ()
PTech 6/19/2006 3:19:42 PM 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll (Microsoft Corporation)
PECompact2 1/2/2007 6:19:44 PM 10980776 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 1/2/2007 6:19:44 PM 10980776 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 8/4/2004 2:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
WSUD 8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
aspack 3/26/2004 1:06:40 AM 2316336 C:\WINDOWS\SYSTEM32\NY Nights.scr (Axialis Software)
Umonitor 8/4/2004 2:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
UPX! 4/27/2006 4:49:30 PM 288417 C:\WINDOWS\SYSTEM32\SrchSTS.exe (S!Ri)
UPX! 8/29/2006 6:43:54 PM 135168 C:\WINDOWS\SYSTEM32\swreg.exe (SteelWerX)
UPX! 1/9/2006 9:36:06 AM 40960 C:\WINDOWS\SYSTEM32\swsc.exe ()
UPX! 12/1/2006 5:20:34 AM 79360 C:\WINDOWS\SYSTEM32\swxcacls.exe (SteelWerX)
UPX! 10/22/2004 4:46:50 AM 33280 C:\WINDOWS\SYSTEM32\tasklist.exe (Microsoft Corporation)
winsync 8/18/2001 7:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
PTech 6/19/2006 3:19:26 PM 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe (Microsoft Corporation)

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 12:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys (Smart Link)

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\HOSTS

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
1/28/2007 9:14:02 PM S 2048 C:\WINDOWS\bootstat.dat ()
1/27/2007 7:49:14 PM H 54156 C:\WINDOWS\QTFont.qfn ()
1/21/2007 5:47:28 PM HS 6320 C:\WINDOWS\system32\KGyGaAvL.sys ()
12/7/2006 8:30:20 PM S 9057 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923689.cat ()
12/22/2006 11:53:02 AM S 7894 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB929969.cat ()
1/28/2007 9:13:48 PM H 8192 C:\WINDOWS\system32\config\default.LOG ()
1/28/2007 9:14:28 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
1/28/2007 9:14:06 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG ()
1/28/2007 9:14:32 PM H 98304 C:\WINDOWS\system32\config\software.LOG ()
1/28/2007 9:14:14 PM H 1155072 C:\WINDOWS\system32\config\system.LOG ()
1/10/2007 3:22:26 PM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG ()
1/7/2007 1:26:00 AM S 1039 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\CFC456E7E410D69E2C6F3E2DB75C7DB3 ()
1/7/2007 1:26:00 AM S 126 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\CFC456E7E410D69E2C6F3E2DB75C7DB3 ()
1/17/2007 7:04:18 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\1d577e61-58b0-4558-bbd6-d93be246bc3d ()
1/17/2007 7:04:18 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
1/27/2007 6:39:00 PM H 6 C:\WINDOWS\Tasks\SA.DAT ()

Checking for CPL files...
8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
9/20/2004 3:20:44 PM 16121856 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
4/26/2002 6:33:40 PM 183808 C:\WINDOWS\SYSTEM32\bdeadmin.cpl ()
8/4/2004 2:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
5/15/2002 5:24:56 AM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl (Intel Corporation)
8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
6/10/2005 10:43:18 AM 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl (InstallShield Software Corporation)
8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
11/9/2006 3:07:28 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
8/18/2001 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
8/18/2001 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
7/28/2003 1:19:00 PM 143360 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl (NVIDIA Corporation)
8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
3/3/1999 2:10:02 AM 49152 C:\WINDOWS\SYSTEM32\speech.cpl (Microsoft)
8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
8/18/2001 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
8/18/2001 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
8/18/2001 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
8/18/2001 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)
5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)
5/15/2002 5:24:56 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0004\DriverFiles\igfxcpl.cpl (Intel Corporation)
6/20/2002 1:58:44 AM 629248 C:\WINDOWS\SYSTEM32\ReinstallBackups\0011\DriverFiles\ALSNDMGR.CPL (Avance Logic, Inc.)

Checking for Downloaded Program Files...
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - QuickTime Object - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab
{11260943-421B-11D0-8EAC-0000C07D88CF} - iPIX ActiveX Control - CodeBase = http://www.ipix.com/viewers/ipixx.cab
{166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://active.macromedia.com/director/cabs/sw.cab
{17492023-C23A-453E-A040-C7C580BBF700} - Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204
{2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} - DownloadManager Control - CodeBase = http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll
{406B5949-7190-4245-91A9-30A17DE16AD0} - Snapfish Activia - CodeBase = http://www1.snapfish.com/SnapfishActivia.cab
{4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - - CodeBase = http://aolcc.aol.com/computercheckup/qdiagcc.cab
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - McAfee.com Operating System Class - CodeBase = http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
{639658F3-B141-4D6B-B936-226F75A5EAC3} - CPlayFirstDinerDash2Control Object - CodeBase = http://aolsvc.aol.com/onlinegames/trydinerdash2/DinerDash2.1.0.0.67.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab
{B9191F79-5613-4C76-AA2A-398534BB8999} - - CodeBase = http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - DwnldGroupMgr Class - CodeBase = http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - Java Plug-in 1.5.0_02 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - Java Plug-in 1.5.0_04 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
{D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} - Invoke Solutions Participant Control(MR) - CodeBase = http://online.invokesolutions.com/events/bin/media/5.1.2.1427-3.0.0.7207/MILive.cab
{DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - CPlayFirstDinerDashControl Object - CodeBase = http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.93.cab
Microsoft XML Parser for Java - - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
7/24/2002 2:18:36 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
7/23/2002 7:10:30 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()
1/20/2007 1:39:46 AM 1132112 C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe ()
12/16/2006 5:22:22 PM 1353 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache ()

Checking files in %USERPROFILE%\Startup folder...
7/24/2002 2:18:36 AM HS 84 C:\Documents and Settings\TEMP\Start Menu\Programs\Startup\desktop.ini ()

Checking files in %USERPROFILE%\Application Data folder...
10/20/2004 5:59:30 PM 12358 C:\Documents and Settings\TEMP\Application Data\PFP100JCM.{PB ()
10/20/2004 5:59:30 PM 61678 C:\Documents and Settings\TEMP\Application Data\PFP100JPR.{PB ()

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

>>> Internet Explorer Settings <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.yahoo.com/
\\Search Bar - http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
\\Search Page - http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
\\Default_Page_URL - http://www.yahoo.com/
\\Default_Search_URL - http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
\\Local Page - %SystemRoot%\system32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.yahoo.com/
\\Search Bar - http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
\\Search Page - http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
\\Local Page - C:\WINDOWS\system32\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
\\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - AOLTBSearch Class = C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - = ()

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
\{02478D38-C3F9-4EFB-9B51-7695ECA05670} - Yahoo! Toolbar Helper = C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - Yahoo! IE Services Button = C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)
\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - AOL Toolbar Launcher = C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - = ()
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
\{8F4902B6-6C04-4ade-8052-AA58578A21BD} - hp toolkit = C:\WINDOWS\System32\Shdocvw.dll (Microsoft Corporation)
\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - Real.com = C:\WINDOWS\System32\Shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{30D02401-6A81-11D0-8274-00C04FD5AE38} - Search Band = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\{32683183-48a0-441b-a342-7c2a440a9478} - = ()
\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - = ()
\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} - History Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - hp toolkit = C:\HP\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
\\{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar = C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - hp toolkit = C:\HP\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()
\ShellBrowser\\{50EC13F9-D1F6-4012-A076-F73088D8241C} - The College Toolbar = C:\Program Files\The College Toolbar\collegetoolbar.dll ()
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
\WebBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - hp toolkit = C:\HP\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()
\WebBrowser\\{40D41A8B-D79B-43D7-99A7-9EE0F344C385} - AIM Search = C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - = ()
\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar = C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
\WebBrowser\\{50EC13F9-D1F6-4012-A076-F73088D8241C} - The College Toolbar = C:\Program Files\The College Toolbar\collegetoolbar.dll ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - 8192 = 
\\NEXTID - 8202
\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8193 = Sun Java Console
\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - 8195 = 
\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - 8196 = 
\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 8197 = 
\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - 8198 = 
\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8199 = Windows Messenger
\\{3369AF0D-62E9-4bda-8103-B4C75499B578} - 8200 = 
\\{e2e2dd38-d088-4134-82b7-f2ba38496583} - 8201 = @xpsp3res.dll,-20001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\CmdMapping - MenuText: = ()
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)(HKCU CLSID)
\{3369AF0D-62E9-4bda-8103-B4C75499B578} - ButtonText: AOL Toolbar = 
\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - ButtonText: Yahoo! Services = 
\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - ButtonText: AIM = C:\Program Files\AIM\aim.exe (America Online, Inc.)
\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - ButtonText: Real.com = 
\{e2e2dd38-d088-4134-82b7-f2ba38496583} - MenuText: @xpsp3res.dll,-20001 = ()
\{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
\\{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
\\{1CDB2949-8F65-4355-8456-263E7C208A5D} - Desktop Explorer = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
\\{1E9B04FB-F9E5-4718-997B-B8DA88302A47} - Desktop Explorer Menu = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
\\{5CA3D70E-1895-11CF-8E15-001234567890} - DriveLetterAccess = C:\WINDOWS\system32\dla\tfswshx.dll (VERITAS Software, Inc.)
\\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = ()
\\{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = C:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc.)
\\{5464D816-CF16-4784-B9F3-75C0DB52B499} - Yahoo! Mail = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll (Yahoo! Inc.)
\\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ()
\\{A70C977A-BF00-412C-90B7-034C51DA2439} - NvCpl DesktopContext Class = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)
\\{1E9B04FB-F9E5-4718-997B-B8DA88302A48} - nView Desktop Context Menu = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
\\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\Yahoo! Mail - {5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll (Yahoo! Inc.)

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]
\00nView - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
\igfxcui - {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} = C:\WINDOWS\System32\igfxpph.dll (Intel Corporation)
\NvCplDesktopContext - {A70C977A-BF00-412C-90B7-034C51DA2439} = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]


----------



## USMCBUCK10 (Jan 21, 2007)

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
hpsysdrv - c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
NvCplDaemon - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll ()
nwiz - C:\WINDOWS\SYSTEM32\nwiz.exe (NVIDIA Corporation)
CamMonitor - c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe ()
KBD - C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
StorageGuard - C:\Program Files\VERITAS Software\Update Manager\sgtray.exe (VERITAS Software, Inc.)
dla - C:\WINDOWS\system32\dla\tfswctrl.exe (VERITAS Software, Inc.)
Recguard - C:\WINDOWS\SMINST\RECGUARD.EXE ()
IgfxTray - C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
HotKeysCmds - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
PS2 - C:\WINDOWS\system32\ps2.exe ()
MCAgentExe - c:\PROGRA~1\mcafee.com\agent\mcagent.exe (Networks Associates Technology, Inc)
MCUpdateExe - C:\PROGRA~1\mcafee.com\agent\mcupdate.exe (Networks Associates Technology, Inc)
HostManager - C:\Program Files\Common Files\AOL\1106867256\ee\AOLSoftware.exe (America Online, Inc.)
rDM - C:\windows\system32\rDM.exe ()
ISUSPM Startup - c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
ISUSScheduler - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
AOLSPScheduler - C:\Program Files\Common Files\AOL\1106867256\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe (America Online)
sscRun - C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe (America Online)
OASClnt - C:\Program Files\mcafee.com\antivirus\oasclnt.exe (McAfee, Inc.)
EmailScan - C:\Program Files\mcafee.com\antivirus\mcvsescn.exe (McAfee, Inc.)
MPFExe - C:\Program Files\mcafee.com\personal firewall\MPfTray.exe (McAfee Security)
NvMediaCenter - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll ()
SsAAD.exe - C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe ()
ASM - C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe (AOL LLC)
TkBellExe - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
QuickTime Task - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
!AVG Anti-Spyware - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (Anti-Malware Development a.s.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
Yahoo! Pager - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
AOL Fast Start - C:\Program Files\America Online 9.0a\AOL.EXE (America Online, Inc.)
ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
EA Core - C:\Program Files\Electronic Arts\EA Link\Core.exe (Electronic Arts)
Aim6 - Reg Data missing or invalid ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\TEMP\Start Menu\Programs\Startup\desktop.ini ()

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
\\SV1 -

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
\\{664A7BBA-92C4-4086-8B63-D029A149629E} - = ()
\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.)

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\userinit.exe,
\\Shell = Explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\igfxcui - igfxsrvc.dll = (Intel Corporation)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\WgaLogon - WgaLogon.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)

>>> DNS Name Servers <<<
{070E907D-9EC7-419C-BCDB-6BB1F0656C4B} - ()
{2F84A874-8445-4F31-B901-FB97629E9204} - (Realtek RTL8139 Family PCI Fast Ethernet NIC)
{60382598-025F-419D-9D2B-1D0AB7AD2246} - (1394 Net Adapter)

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000017\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\ipp - ()
\msdaipp - ()

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

>>> Selected AddOn's <<<

>>>>Output for AddOn file Policies.def<<<<
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} - 1
policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} - 1073741857
policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - 32
policies\system\\dontdisplaylastusername - 0
policies\system\\legalnoticecaption - 
policies\system\\legalnoticetext - 
policies\system\\shutdownwithoutlogon - 1
policies\system\\undockwithoutlogon - 1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
policies\Explorer\\NoDriveTypeAutoRun - 145
policies\System\\DisableRegistryTools - 0

>>>>Output for AddOn file Security.def<<<<
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
Security Center\\AntiVirusDisableNotify - 0
Security Center\\FirewallDisableNotify - 0
Security Center\\UpdatesDisableNotify - 0
Security Center\\AntiVirusOverride - 0
Security Center\\FirewallOverride - 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS]
BITS\\Type - 32
BITS\\Start - 3
BITS\\ErrorControl - 1
BITS\\ImagePath - %SystemRoot%\System32\svchost.exe -k netsvcs
BITS\\DisplayName - Background Intelligent Transfer Service
BITS\\DependOnService - Rpcss;
BITS\\DependOnGroup - 
BITS\\ObjectName - LocalSystem
BITS\\Description - Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
BITS\\FailureActions - 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 68 E3 0C 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 
BITS\Parameters\\ServiceDll - C:\WINDOWS\System32\qmgr.dll
BITS\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 
BITS\Enum\\0 - Root\LEGACY_BITS\0000
BITS\Enum\\Count - 1
BITS\Enum\\NextInstance - 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
SharedAccess\\Type - 32
SharedAccess\\Start - 2
SharedAccess\\ErrorControl - 1
SharedAccess\\ImagePath - %SystemRoot%\System32\svchost.exe -k netsvcs
SharedAccess\\DisplayName - Windows Firewall/Internet Connection Sharing (ICS)
SharedAccess\\DependOnService - Netman;WinMgmt;
SharedAccess\\DependOnGroup - 
SharedAccess\\ObjectName - LocalSystem
SharedAccess\\Description - Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
SharedAccess\Epoch\\Epoch - 264631
SharedAccess\Parameters\\ServiceDll - %SystemRoot%\System32\ipnathlp.dll
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe - %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0b\waol.exe - C:\Program Files\America Online 9.0b\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0c\waol.exe - C:\Program Files\America Online 9.0c\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0e\waol.exe - C:\Program Files\America Online 9.0e\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe - C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe - C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106867256\EE\AOLServiceHost.exe - C:\Program Files\Common Files\AOL\1106867256\EE\AOLServiceHost.exe:*:Enabled:AOL Services
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\AIM\aim.exe - C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe - %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000
SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP - 139:TCP:*:Enabledxpsp2res.dll,-22004
SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP - 445:TCP:*:Enabledxpsp2res.dll,-22005
SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP - 137:UDP:*:Enabledxpsp2res.dll,-22001
SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP - 138:UDP:*:Enabledxpsp2res.dll,-22002
SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall - 0
SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions - 0
SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications - 0
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe - %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YPager.exe - C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe - C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0k\waol.exe - C:\Program Files\America Online 9.0k\waol.exe:*:Enabled:America Online 9.0k
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0f\waol.exe - C:\Program Files\America Online 9.0f\waol.exe:*:Enabled:America Online 9.0f
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe - C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0m\waol.exe - C:\Program Files\America Online 9.0m\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106303724\EE\AOLServiceHost.exe - C:\Program Files\Common Files\AOL\1106303724\EE\AOLServiceHost.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\System Information\sinf.exe - C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe - C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe - C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe - C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0a\waol.exe - C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\WinMX\WinMX.exe - C:\Program Files\WinMX\WinMX.exe:*:Enabled:WinMX Application
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0b\waol.exe - C:\Program Files\America Online 9.0b\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Kazaa\kazaa.exe - C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106867256\EE\AOLHostManager.exe - C:\Program Files\Common Files\AOL\1106867256\EE\AOLHostManager.exe:*isabled:AOLHostManager Service
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0c\waol.exe - C:\Program Files\America Online 9.0c\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0d\waol.exe - C:\Program Files\America Online 9.0d\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MusicNetOnAOL\client\bin\AOLMN.exe - C:\Program Files\MusicNetOnAOL\client\bin\AOLMN.exe:*:Enabled:MusicNet on AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\McAfee.com\agent\mcagent.exe - C:\Program Files\McAfee.com\agent\mcagent.exe:*isabled:McAfee SecurityCenter Agent
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0e\waol.exe - C:\Program Files\America Online 9.0e\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe - C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Java\jre1.5.0_02\bin\javaw.exe - C:\Program Files\Java\jre1.5.0_02\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Kiwi Alpha\KiwiAlpha.exe - C:\Program Files\Kiwi Alpha\KiwiAlpha.exe:*:Enabled:KiwiAlpha
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe - C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe - C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\StubInstaller.exe - C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106867256\EE\aolsoftware.exe - C:\Program Files\Common Files\AOL\1106867256\EE\aolsoftware.exe:*:Enabled:AOL Services
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106867256\EE\aim6.exe - C:\Program Files\Common Files\AOL\1106867256\EE\aim6.exe:*:Enabled:AIM
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe - C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106867256\ee\aolservicehost.exe - C:\Program Files\Common Files\AOL\1106867256\ee\aolservicehost.exe:*:Enabled:AOL Services
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe - C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM\aim.exe - C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe - %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe - C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106867256\EE\AOLOpenRide.exe - C:\Program Files\Common Files\AOL\1106867256\EE\AOLOpenRide.exe:*:Enabled:AOL OpenRide
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP - 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP - 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP - 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP - 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3389:TCP - 3389:TCP:*:Enabledxpsp2res.dll,-22009
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP - 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP - 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
SharedAccess\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 
SharedAccess\Setup\\ServiceUpgrade - 1
SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{86E02BD3-50CC-48B1-94C1-4CDAFCE1BBC7} - 1
SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{2F84A874-8445-4F31-B901-FB97629E9204} - 1
SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{60382598-025F-419D-9D2B-1D0AB7AD2246} - 1
SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{070E907D-9EC7-419C-BCDB-6BB1F0656C4B} - 1
SharedAccess\Enum\\0 - Root\LEGACY_SHAREDACCESS\0000
SharedAccess\Enum\\Count - 1
SharedAccess\Enum\\NextInstance - 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
wuauserv\\Type - 32
wuauserv\\Start - 2
wuauserv\\ErrorControl - 1
wuauserv\\ImagePath - %systemroot%\system32\svchost.exe -k netsvcs
wuauserv\\DisplayName - Automatic Updates
wuauserv\\ObjectName - LocalSystem
wuauserv\\Description - Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
wuauserv\Parameters\\ServiceDll - C:\WINDOWS\system32\wuauserv.dll
wuauserv\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 
wuauserv\Enum\\0 - Root\LEGACY_WUAUSERV\0000
wuauserv\Enum\\Count - 1
wuauserv\Enum\\NextInstance - 1

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


----------



## Cookiegal (Aug 27, 2003)

That's good. How are things running?


----------



## USMCBUCK10 (Jan 21, 2007)

Everything seems to be running fine, my computer is even loading up faster then before. Also i havent seen a Win Anti Virus or Drive Cleaner pop up for a few days now.


----------



## Cookiegal (Aug 27, 2003)

*Click here* to download ATF Cleaner by Atribune and save it to your desktop.
Double-click *ATF-Cleaner.exe* to run the program.
Under *Main* choose: *Select All*
Click the *Empty Selected* button.
*If you use Firefox:*
Click *Firefox* at the top and choose: *Select All*
Click the *Empty Selected* button.
*NOTE:* If you would like to keep your saved passwords, please click *No* at the prompt.


*If you use Opera:*
Click *Opera* at the top and choose: *Select All*
Click the *Empty Selected* button.
*
[*]NOTE:* If you would like to keep your saved passwords, please click *No* at the prompt.


Click *Exit* on the Main menu to close the program.

Then reboot and run another Panda scan and post those results please.


----------



## USMCBUCK10 (Jan 21, 2007)

*Panda Active Scan*

Incident Status Location

Spyware:spyware/whazit Not disinfected c:\windows\system32\fiz1 
Adware:adware/adlogix Not disinfected c:\windows\system32\retpdat32.xml 
Adware:adware/iedriver Not disinfected c:\windows\system32\sub.dll 
Adware:adware/statblaster Not disinfected c:\windows\downloaded program files\WildApp.inf 
Adware:adware/comet Not disinfected c:\windows\inf\dm.inf 
Adware:adware/gator Not disinfected c:\windows\GatorHDPlugin.log-old.log 
Dialer:dialer.bny Not disinfected c:\windows\pcconfig.dat 
Adware:adware/ncase Not disinfected c:\windows\system32\FLEOK 
Potentially unwanted tool:application/myway Not disinfected c:\program files\MyWay 
Adware:adware/quicksearch Not disinfected c:\program files\QuickSearch 
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_local_machine\software\FocusInteractive  
Adware:adware/transponder Not disinfected Windows Registry 
Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\AltnetDM 
Adware:adware/dyfuca Not disinfected Windows Registry 
Adware:adware/wupd Not disinfected Windows Registry 
Potentially unwanted tool:application/funweb Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} 
Adware:Adware/WinAntivirus2006 Not disinfected C:\!KillBox\fmhedcys.dll 
Adware:Adware/InstDollars Not disinfected C:\!KillBox\second.awp 
Adware:Adware/WinAntivirus2006 Not disinfected C:\!KillBox\vcunqjpt.dll 
Adware:Adware/WinAntivirus2006 Not disinfected C:\!KillBox\vypcsbqk.dll 
Potentially unwanted tool:Application/Altnet Not disinfected C:\!KillBox\WildMedia.exe[IdmUP.dll] 
Adware:Adware Program Not disinfected C:\!KillBox\WildMedia.exe[Topicks.reg]  
Potentially unwanted tool:Application/Altnet Not disinfected C:\!KillBox\WildMedia.exe[TPReg.dll] 
Adware:Adware Program Not disinfected C:\!KillBox\WildMedia.exe[FileVersions.ini] 
Potentially unwanted tool:Application/Altnet Not disinfected C:\!KillBox\WildMedia.exe[HtCheck2.dll] 
Potentially unwanted tool:Application/Altnet Not disinfected C:\!KillBox\WildMedia.exe[Idhost.exe] 
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20050923215629.zip[WINDOWS/inf/Pynix.inf] 
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Owner\Application Data\rawh\ctxad-204.0000[NDrv.dll] 
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\Owner\Local Settings\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20050923215629.zip[WINDOWS/inf/Pynix.inf] 
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt  
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\TEMP\Desktop\SDFix.exe[SDFix\apps\Process.exe] 
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\TEMP\Desktop\SmitfraudFix\Process.exe 
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\TEMP\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe] 
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\TEMP\Local Settings\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20050923215629.zip[WINDOWS/inf/Pynix.inf] 
Spyware:Spyware/CommonName Not disinfected C:\Documents and Settings\TEMP\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\94643832-10A2-4018-8728-EDD372\8AB9B36D-BF85-42E0-AD02-EB6BDC[inetsvc.exe] 
Spyware:Spyware/CommonName Not disinfected C:\Documents and Settings\TEMP\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\94643832-10A2-4018-8728-EDD372\8AB9B36D-BF85-42E0-AD02-EB6BDC[inetmgr.exe] 
Spyware:Spyware/CommonName Not disinfected C:\Documents and Settings\TEMP\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\94643832-10A2-4018-8728-EDD372\8AB9B36D-BF85-42E0-AD02-EB6BDC[²=] 
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\tre.KAYLA\Local Settings\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20050923215629.zip[WINDOWS/inf/Pynix.inf] 
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe 
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\Hijackthis\backups\backup-20070126-142301-251.inf 
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe  
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\saxaxbdk.exe.bad 
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\skvjhtig.dll.bad 
Adware:Adware/EliteBar Not disinfected C:\WINDOWS\blocklist.reg 
Spyware:Cookie/Atwola Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt 
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe 
Adware:Adware/ILookup Not disinfected C:\WINDOWS\system32\windec33.dll


----------



## Cookiegal (Aug 27, 2003)

I'm attaching a FixUSMCBUCK3.zip file. Save it to your desktop. Unzip it and double click the FixUSMCBUCK3.reg file and allow it to enter into the registry.


Boot to safe mode and run Killbox on these files:

c:\windows\system32\fiz1 
c:\windows\system32\retpdat32.xml 
c:\windows\system32\sub.dll 
c:\windows\downloaded program files\WildApp.inf 
c:\windows\inf\dm.inf 
c:\windows\GatorHDPlugin.log-old.log 
c:\windows\pcconfig.dat 
c:\windows\system32\FLEOK 
c:\program files\MyWay 
c:\program files\QuickSearch 
C:\Documents and Settings\Owner\Application Data\rawh\ctxad-204.0000
C:\WINDOWS\blocklist.reg
C:\WINDOWS\system32\windec33.dll


Reboot and run another Panda scan and post the results please.


----------



## USMCBUCK10 (Jan 21, 2007)

*Panda Scan Log*

Incident Status Location

Adware:adware/comet Not disinfected c:\windows\inf\dm.PNF 
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{147A976E-EEE1-4377-8EA7-4716E4CDD239} 
Adware:adware/transponder Not disinfected Windows Registry 
Adware:adware/dyfuca Not disinfected Windows Registry 
Adware:adware/wupd Not disinfected Windows Registry 
Adware:adware/iedriver Not disinfected Windows Registry 
Potentially unwanted tool:application/funweb Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} 
Adware:Adware/EliteBar Not disinfected C:\!KillBox\blocklist.reg 
Adware:Adware/PurityScan Not disinfected C:\!KillBox\ctxad-204.0000[NDrv.dll] 
Adware:Adware/WinAntivirus2006 Not disinfected C:\!KillBox\fmhedcys.dll 
Adware:Adware/WebSearch Not disinfected C:\!KillBox\gaopntlj.dll  
Adware:Adware/InstDollars Not disinfected C:\!KillBox\second.awp 
Adware:Adware/WinAntivirus2006 Not disinfected C:\!KillBox\vcunqjpt.dll 
Adware:Adware/WinAntivirus2006 Not disinfected C:\!KillBox\vypcsbqk.dll 
Adware:Adware Program Not disinfected C:\!KillBox\WildApp.inf 
Potentially unwanted tool:Application/Altnet Not disinfected C:\!KillBox\WildMedia.exe[IdmUP.dll] 
Adware:Adware Program Not disinfected C:\!KillBox\WildMedia.exe[Topicks.reg] 
Potentially unwanted tool:Application/Altnet Not disinfected C:\!KillBox\WildMedia.exe[TPReg.dll] 
Adware:Adware Program Not disinfected C:\!KillBox\WildMedia.exe[FileVersions.ini] 
Potentially unwanted tool:Application/Altnet Not disinfected C:\!KillBox\WildMedia.exe[HtCheck2.dll] 
Potentially unwanted tool:Application/Altnet Not disinfected C:\!KillBox\WildMedia.exe[Idhost.exe] 
Adware:Adware/ILookup Not disinfected C:\!KillBox\windec33.dll 
Adware:Adware/WebSearch Not disinfected C:\!KillBox\ynsyjfuf.dll 
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20050923215629.zip[WINDOWS/inf/Pynix.inf] 
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\Owner\Local Settings\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20050923215629.zip[WINDOWS/inf/Pynix.inf] 
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\TEMP\Desktop\SDFix.exe[SDFix\apps\Process.exe] 
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\TEMP\Desktop\SmitfraudFix\Process.exe 
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\TEMP\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe] 
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\TEMP\Local Settings\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20050923215629.zip[WINDOWS/inf/Pynix.inf] 
Spyware:Spyware/CommonName Not disinfected C:\Documents and Settings\TEMP\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\94643832-10A2-4018-8728-EDD372\8AB9B36D-BF85-42E0-AD02-EB6BDC[inetsvc.exe] 
Spyware:Spyware/CommonName Not disinfected C:\Documents and Settings\TEMP\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\94643832-10A2-4018-8728-EDD372\8AB9B36D-BF85-42E0-AD02-EB6BDC[inetmgr.exe] 
Spyware:Spyware/CommonName Not disinfected C:\Documents and Settings\TEMP\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\94643832-10A2-4018-8728-EDD372\8AB9B36D-BF85-42E0-AD02-EB6BDC[²=] 
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\tre.KAYLA\Local Settings\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20050923215629.zip[WINDOWS/inf/Pynix.inf] 
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe 
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\Hijackthis\backups\backup-20070126-142301-251.inf 
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe 
Adware:Adware/WebSearch Not disinfected C:\VundoFix Backups\fuiqvcdn.dll.bad 
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\saxaxbdk.exe.bad 
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\skvjhtig.dll.bad 
Spyware:Cookie/Atwola Not disinfected  C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt 
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe


----------



## Cookiegal (Aug 27, 2003)

I'm attaching FixUSMCBUCK4.zip. I think you know the drill now. 

Reboot to safe mode and run Killbox on this file:

c:\windows\inf\*dm.PNF*

Delete the CounterSpy quarantined files.

Delete this folder: C:\*!Killbox*

Reboot and run Panda again and post the log please.


----------



## USMCBUCK10 (Jan 21, 2007)

*Panda Active Scan*

Incident Status  Location

Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{147A976F-EEE1-4377-8EA7-4716E4CDD239} 
Adware:adware/transponder Not disinfected Windows Registry 
Adware:adware/dyfuca Not disinfected Windows Registry 
Adware:adware/wupd Not disinfected Windows Registry 
Adware:adware/iedriver Not disinfected Windows Registry 
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20050923215629.zip[WINDOWS/inf/Pynix.inf] 
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\Owner\Local Settings\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20050923215629.zip[WINDOWS/inf/Pynix.inf] 
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt  
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][3].txt 
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt  
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt  
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\TEMP\Desktop\SDFix.exe[SDFix\apps\Process.exe] 
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\TEMP\Desktop\SmitfraudFix\Process.exe 
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\TEMP\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe] 
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\TEMP\Local Settings\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20050923215629.zip[WINDOWS/inf/Pynix.inf] 
Spyware:Spyware/CommonName Not disinfected C:\Documents and Settings\TEMP\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\94643832-10A2-4018-8728-EDD372\8AB9B36D-BF85-42E0-AD02-EB6BDC[inetsvc.exe] 
Spyware:Spyware/CommonName Not disinfected C:\Documents and Settings\TEMP\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\94643832-10A2-4018-8728-EDD372\8AB9B36D-BF85-42E0-AD02-EB6BDC[inetmgr.exe] 
Spyware:Spyware/CommonName Not disinfected C:\Documents and Settings\TEMP\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\94643832-10A2-4018-8728-EDD372\8AB9B36D-BF85-42E0-AD02-EB6BDC[²=] 
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\tre.KAYLA\Local Settings\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20050923215629.zip[WINDOWS/inf/Pynix.inf] 
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe 
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\Hijackthis\backups\backup-20070126-142301-251.inf 
Adware:Adware/EliteBar Not disinfected C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc14\blocklist.reg  
Adware:Adware/PurityScan Not disinfected C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc14\ctxad-204.0000[NDrv.dll] 
Adware:Adware/WinAntivirus2006 Not disinfected C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc14\fmhedcys.dll 
Adware:Adware/WebSearch Not disinfected C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc14\gaopntlj.dll 
Adware:Adware/InstDollars Not disinfected C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc14\second.awp 
Adware:Adware/WinAntivirus2006 Not disinfected C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc14\vcunqjpt.dll 
Adware:Adware/WinAntivirus2006 Not disinfected C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc14\vypcsbqk.dll 
Adware:Adware Program Not disinfected C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc14\WildApp.inf 
Potentially unwanted tool:Application/Altnet Not disinfected C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc14\WildMedia.exe[IdmUP.dll] 
Adware:Adware Program Not disinfected C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc14\WildMedia.exe[Topicks.reg] 
Potentially unwanted tool:Application/Altnet Not disinfected C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc14\WildMedia.exe[TPReg.dll] 
Adware:Adware Program Not disinfected C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc14\WildMedia.exe[FileVersions.ini]  
Potentially unwanted tool:Application/Altnet Not disinfected C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc14\WildMedia.exe[HtCheck2.dll] 
Potentially unwanted tool:Application/Altnet Not disinfected C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc14\WildMedia.exe[Idhost.exe] 
Adware:Adware/ILookup Not disinfected C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc14\windec33.dll 
Adware:Adware/WebSearch Not disinfected C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc14\ynsyjfuf.dll 
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe 
Adware:Adware/WebSearch Not disinfected C:\VundoFix Backups\fuiqvcdn.dll.bad 
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\saxaxbdk.exe.bad 
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\skvjhtig.dll.bad 
Spyware:Cookie/Atwola Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt 
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe


----------



## Cookiegal (Aug 27, 2003)

There's just one registry entry that's being stubborn. Are you comfortable editing the registry manually?


----------



## USMCBUCK10 (Jan 21, 2007)

I'm not sure, how exactly would i do that?


----------



## Cookiegal (Aug 27, 2003)

Go to Start > Run
Type:
*regedit*
Click OK.
On the left side, click to highlight *My Computer* at the top. 
Go up to "*File > Export*"
Make sure in that window there is a tick next to "All" under Export Branch.
Leave the "Save As Type" as "Registration Files".
Under "Filename" put *backup*

Choose to save it to *C:\* or somewhere else safe so that you will remember where you put it (don't put it on the desktop!)
Click save and then go to File > Exit.
This is so the registry can be restored to this point if we need it. It may take a minute. Just let it go until it's done.

Now, expand these keys by clicking on the + to the left:

hkey_classes_root
clsid

Then, under clsid right click on the following key:

*{147A976F-EEE1-4377-8EA7-4716E4CDD239} *

now select "delete".

Close the registry editor.

Reboot and run another Panda scan and post the results please.


----------



## USMCBUCK10 (Jan 21, 2007)

Incident Status Location

Adware:adware/transponder Not disinfected Windows Registry 
Adware:adware/dyfuca Not disinfected Windows Registry 
Adware:adware/wupd Not disinfected Windows Registry 
Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} 
Adware:adware/iedriver Not disinfected Windows Registry 
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20050923215629.zip[WINDOWS/inf/Pynix.inf] 
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\Owner\Local Settings\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20050923215629.zip[WINDOWS/inf/Pynix.inf] 
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][3].txt 
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][3].txt  
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\TEMP\Desktop\SDFix.exe[SDFix\apps\Process.exe] 
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\TEMP\Desktop\SmitfraudFix\Process.exe 
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\TEMP\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe] 
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\TEMP\Local Settings\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20050923215629.zip[WINDOWS/inf/Pynix.inf] 
Spyware:Spyware/CommonName Not disinfected C:\Documents and Settings\TEMP\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\94643832-10A2-4018-8728-EDD372\8AB9B36D-BF85-42E0-AD02-EB6BDC[inetsvc.exe] 
Spyware:Spyware/CommonName Not disinfected C:\Documents and Settings\TEMP\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\94643832-10A2-4018-8728-EDD372\8AB9B36D-BF85-42E0-AD02-EB6BDC[inetmgr.exe] 
Spyware:Spyware/CommonName Not disinfected C:\Documents and Settings\TEMP\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\94643832-10A2-4018-8728-EDD372\8AB9B36D-BF85-42E0-AD02-EB6BDC[²=] 
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\tre.KAYLA\Local Settings\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20050923215629.zip[WINDOWS/inf/Pynix.inf] 
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe  
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\Hijackthis\backups\backup-20070126-142301-251.inf 
Adware:Adware/EliteBar Not disinfected C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc14\blocklist.reg 
Adware:Adware/PurityScan Not disinfected C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc14\ctxad-204.0000[NDrv.dll] 
Adware:Adware/WinAntivirus2006 Not disinfected C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc14\fmhedcys.dll 
Adware:Adware/WebSearch Not disinfected C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc14\gaopntlj.dll 
Adware:Adware/InstDollars Not disinfected C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc14\second.awp 
Adware:Adware/WinAntivirus2006 Not disinfected C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc14\vcunqjpt.dll 
Adware:Adware/WinAntivirus2006 Not disinfected C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc14\vypcsbqk.dll 
Adware:Adware Program Not disinfected C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc14\WildApp.inf 
Potentially unwanted tool:Application/Altnet Not disinfected C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc14\WildMedia.exe[IdmUP.dll] 
Adware:Adware Program Not disinfected C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc14\WildMedia.exe[Topicks.reg] 
Potentially unwanted tool:Application/Altnet Not disinfected C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc14\WildMedia.exe[TPReg.dll] 
Adware:Adware Program Not disinfected C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc14\WildMedia.exe[FileVersions.ini] 
Potentially unwanted tool:Application/Altnet Not disinfected C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc14\WildMedia.exe[HtCheck2.dll] 
Potentially unwanted tool:Application/Altnet Not disinfected C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc14\WildMedia.exe[Idhost.exe] 
Adware:Adware/ILookup Not disinfected C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc14\windec33.dll 
Adware:Adware/WebSearch Not disinfected C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc14\ynsyjfuf.dll 
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe 
Adware:Adware/WebSearch Not disinfected C:\VundoFix Backups\fuiqvcdn.dll.bad 
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\saxaxbdk.exe.bad 
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\skvjhtig.dll.bad 
Spyware:Cookie/Atwola Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt 
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe


----------



## Cookiegal (Aug 27, 2003)

Please follow the same procedure to delete this key (the part in bold only):

HKEY_CURRENT_USER
Software
Microsoft
Windows
CurrentVersion
Ext
Stats
*{07B1 8EAB-A523-4961-B6BB-170DE4475CCA*}

Reboot and run another Panda scan please.


----------



## USMCBUCK10 (Jan 21, 2007)

Incident Status Location

Adware:adware/transponder Not disinfected Windows Registry 
Adware:adware/dyfuca Not disinfected Windows Registry 
Adware:adware/wupd Not disinfected Windows Registry 
Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} 
Adware:adware/iedriver Not disinfected Windows Registry 
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20050923215629.zip[WINDOWS/inf/Pynix.inf] 
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\Owner\Local Settings\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20050923215629.zip[WINDOWS/inf/Pynix.inf] 
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\TEMP\Desktop\SDFix.exe[SDFix\apps\Process.exe] 
Potentially unwanted tool:Application/Processor  Not disinfected C:\Documents and Settings\TEMP\Desktop\SmitfraudFix\Process.exe 
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\TEMP\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe] 
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\TEMP\Local Settings\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20050923215629.zip[WINDOWS/inf/Pynix.inf] 
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\tre.KAYLA\Local Settings\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20050923215629.zip[WINDOWS/inf/Pynix.inf] 
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe 
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\Hijackthis\backups\backup-20070126-142301-251.inf 
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe 
Adware:Adware/WebSearch Not disinfected C:\VundoFix Backups\fuiqvcdn.dll.bad 
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\saxaxbdk.exe.bad 
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\skvjhtig.dll.bad 
Spyware:Cookie/Atwola Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt 
Potentially unwanted tool:Application/Processor  Not disinfected C:\WINDOWS\system32\Process.exe


----------



## USMCBUCK10 (Jan 21, 2007)

bump


----------



## Cookiegal (Aug 27, 2003)

It's still there. Are you sure you deleted it? Did you reboot afterwards?


----------



## USMCBUCK10 (Jan 21, 2007)

Yes, in fact i restarted my computer about 5 times today. I'll try it again.


----------



## USMCBUCK10 (Jan 21, 2007)

I just checked and it's gone. Do you want me to run another Panda Scan?


----------



## Cookiegal (Aug 27, 2003)

Yes please, we want to be sure.


----------



## USMCBUCK10 (Jan 21, 2007)

Incident Status Location

Adware:adware/transponder Not disinfected Windows Registry 
Adware:adware/dyfuca Not disinfected Windows Registry 
Adware:adware/wupd Not disinfected Windows Registry 
Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44cf-8957-5838F569A31D} 
Adware:adware/iedriver Not disinfected Windows Registry 
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20050923215629.zip[WINDOWS/inf/Pynix.inf] 
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\Owner\Local Settings\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20050923215629.zip[WINDOWS/inf/Pynix.inf] 
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\TEMP\Desktop\SDFix.exe[SDFix\apps\Process.exe] 
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\TEMP\Desktop\SmitfraudFix\Process.exe 
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\TEMP\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe] 
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\TEMP\Local Settings\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20050923215629.zip[WINDOWS/inf/Pynix.inf] 
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\tre.KAYLA\Local Settings\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20050923215629.zip[WINDOWS/inf/Pynix.inf] 
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe 
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\Hijackthis\backups\backup-20070126-142301-251.inf 
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe 
Adware:Adware/WebSearch Not disinfected C:\VundoFix Backups\fuiqvcdn.dll.bad 
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\saxaxbdk.exe.bad 
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\skvjhtig.dll.bad 
Spyware:Cookie/Atwola Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt 
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe


----------



## Cookiegal (Aug 27, 2003)

This happens so often, we delete one and a new one crops up but eventually there will be no more. Please check under Add/Remove programs if there's an entry there for MyWebSearch or FunWebProducts and if so, uninstall it from there.

Please delete this one (in bold):

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\*{00A6FAF1-072E-44cf-8957-5838F569A31D}*

Then reboot and run Panda again.


----------



## USMCBUCK10 (Jan 21, 2007)

I couldnt find MyWebSearch or FunWebProducts.


----------



## USMCBUCK10 (Jan 21, 2007)

Incident Status Location

Adware:adware/transponder Not disinfected Windows Registry 
Adware:adware/dyfuca Not disinfected Windows Registry 
Adware:adware/wupd Not disinfected Windows Registry 
Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} 
Adware:adware/iedriver Not disinfected Windows Registry 
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20050923215629.zip[WINDOWS/inf/Pynix.inf] 
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\Owner\Local Settings\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20050923215629.zip[WINDOWS/inf/Pynix.inf] 
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt  
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt  
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][3].txt 
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\TEMP\Desktop\SDFix.exe[SDFix\apps\Process.exe] 
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\TEMP\Desktop\SmitfraudFix\Process.exe 
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\TEMP\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe]  
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\TEMP\Local Settings\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20050923215629.zip[WINDOWS/inf/Pynix.inf] 
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\tre.KAYLA\Local Settings\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20050923215629.zip[WINDOWS/inf/Pynix.inf] 
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe 
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\Hijackthis\backups\backup-20070126-142301-251.inf 
Spyware:Cookie/Adrevolver Not disinfected C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc29.txt 
Spyware:Cookie/Advertising Not disinfected C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc31.txt 
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc33.txt 
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc34.txt 
Spyware:Cookie/FastClick Not disinfected C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc35.txt 
Spyware:Cookie/Adrevolver Not disinfected C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc37.txt 
Spyware:Cookie/Mediaplex Not disinfected C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc38.txt  
Spyware:Cookie/Statcounter Not disinfected C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc43.txt 
Spyware:Cookie/2o7 Not disinfected C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc45.txt 
Spyware:Cookie/Valueclick Not disinfected C:\RECYCLER\S-1-5-21-2942328611-156640315-1538417202-1003\Dc47.txt 
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe 
Adware:Adware/WebSearch Not disinfected C:\VundoFix Backups\fuiqvcdn.dll.bad 
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\saxaxbdk.exe.bad 
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\skvjhtig.dll.bad 
Spyware:Cookie/Atwola Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt 
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe


----------



## Cookiegal (Aug 27, 2003)

Delete this one in bold please:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\*{07B18EA9-A523-4961-B6BB-170DE4475CCA} *

Let's hope it's the last one.


----------



## USMCBUCK10 (Jan 21, 2007)

Incident Status Location

Adware:adware/transponder Not disinfected Windows Registry 
Adware:adware/dyfuca Not disinfected Windows Registry 
Adware:adware/wupd Not disinfected Windows Registry 
Adware:adware/iedriver  Not disinfected Windows Registry 
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20050923215629.zip[WINDOWS/inf/Pynix.inf] 
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\Owner\Local Settings\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20050923215629.zip[WINDOWS/inf/Pynix.inf] 
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Spyware:Cookie/FastClick  Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt 
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt 
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\TEMP\Desktop\SDFix.exe[SDFix\apps\Process.exe] 
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\TEMP\Desktop\SmitfraudFix\Process.exe 
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\TEMP\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe] 
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\TEMP\Local Settings\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20050923215629.zip[WINDOWS/inf/Pynix.inf] 
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\tre.KAYLA\Local Settings\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20050923215629.zip[WINDOWS/inf/Pynix.inf] 
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe 
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\Hijackthis\backups\backup-20070126-142301-251.inf 
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe 
Adware:Adware/WebSearch Not disinfected C:\VundoFix Backups\fuiqvcdn.dll.bad 
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\saxaxbdk.exe.bad 
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\skvjhtig.dll.bad 
Spyware:Cookie/Atwola Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt 
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe


----------



## Cookiegal (Aug 27, 2003)

Alright. They're all gone. :up: 

How are things running now?


----------



## USMCBUCK10 (Jan 21, 2007)

Good, everythings running pretty smoothly.


----------



## USMCBUCK10 (Jan 21, 2007)

Anything else i need to remove?


----------



## USMCBUCK10 (Jan 21, 2007)

I dont know if this is a direct problem from all the stuff ive deleted but now I cant turn off Windows Firewall to use a different one.


----------



## Cookiegal (Aug 27, 2003)

Is that the McAfee firewall you're trying to use or another one?

Please post a new WinpFind log with the same two add-ons as before.


----------



## USMCBUCK10 (Jan 21, 2007)

I'm trying to use the AOL Firewall thats apart of my AOL Safety and Security Center, i'm pretty sure it uses the McAfee firewall though.


----------



## USMCBUCK10 (Jan 21, 2007)

*Win P Find Log*

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 2/3/2007 10:59:21 AM
WinPFind v1.5.0	Folder = C:\Documents and Settings\TEMP\Desktop\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
WSUD 9/20/2004 3:20:44 PM 16121856 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
aspack 3/18/2005 4:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll (Microsoft Corporation)
aspack 5/26/2005 2:34:52 PM 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll (Microsoft Corporation)
aspack 7/22/2005 6:59:04 PM 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll (Microsoft Corporation)
aspack 12/5/2005 5:09:18 PM 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll (Microsoft Corporation)
aspack 2/3/2006 7:43:16 AM 2332368 C:\WINDOWS\SYSTEM32\d3dx9_29.dll (Microsoft Corporation)
aspack 3/31/2006 11:40:58 AM 2388176 C:\WINDOWS\SYSTEM32\d3dx9_30.dll (Microsoft Corporation)
PEC2 8/18/2001 7:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
UPX! 4/11/2000 8:44:56 PM 85504 C:\WINDOWS\SYSTEM32\lame_enc.dll ()
PTech 6/19/2006 3:19:42 PM 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll (Microsoft Corporation)
PECompact2 1/2/2007 6:19:44 PM 10980776 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 1/2/2007 6:19:44 PM 10980776 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 8/4/2004 2:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
WSUD 8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
aspack 3/26/2004 1:06:40 AM 2316336 C:\WINDOWS\SYSTEM32\NY Nights.scr (Axialis Software)
Umonitor 8/4/2004 2:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
UPX! 4/27/2006 4:49:30 PM 288417 C:\WINDOWS\SYSTEM32\SrchSTS.exe (S!Ri)
UPX! 8/29/2006 6:43:54 PM 135168 C:\WINDOWS\SYSTEM32\swreg.exe (SteelWerX)
UPX! 1/9/2006 9:36:06 AM 40960 C:\WINDOWS\SYSTEM32\swsc.exe ()
UPX! 12/1/2006 5:20:34 AM 79360 C:\WINDOWS\SYSTEM32\swxcacls.exe (SteelWerX)
UPX! 10/22/2004 4:46:50 AM 33280 C:\WINDOWS\SYSTEM32\tasklist.exe (Microsoft Corporation)
winsync 8/18/2001 7:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
PTech 6/19/2006 3:19:26 PM 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe (Microsoft Corporation)

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 12:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys (Smart Link)

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\HOSTS

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
2/3/2007 2:51:18 AM S 2048 C:\WINDOWS\bootstat.dat ()
1/31/2007 6:40:36 PM HS 6320 C:\WINDOWS\system32\KGyGaAvL.sys ()
12/7/2006 8:30:20 PM S 9057 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923689.cat ()
12/22/2006 11:53:02 AM S 7894 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB929969.cat ()
2/3/2007 10:02:40 AM H 1024 C:\WINDOWS\system32\config\default.LOG ()
2/3/2007 2:51:30 AM H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
2/3/2007 9:51:40 AM H 1024 C:\WINDOWS\system32\config\SECURITY.LOG ()
2/3/2007 11:13:08 AM H 1024 C:\WINDOWS\system32\config\software.LOG ()
2/3/2007 11:12:30 AM H 1024 C:\WINDOWS\system32\config\system.LOG ()
1/31/2007 10:32:26 PM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG ()
2/2/2007 8:24:32 AM S 600 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\526CE89193F110F750D34080932D5D62 ()
2/2/2007 8:22:46 AM S 2226 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\C85D71887265E283EC5EBF46764A2A28 ()
1/7/2007 1:26:00 AM S 1039 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\CFC456E7E410D69E2C6F3E2DB75C7DB3 ()
2/2/2007 8:24:32 AM S 216 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\526CE89193F110F750D34080932D5D62 ()
2/2/2007 8:22:46 AM S 110 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\C85D71887265E283EC5EBF46764A2A28 ()
1/7/2007 1:26:00 AM S 126 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\CFC456E7E410D69E2C6F3E2DB75C7DB3 ()
1/17/2007 7:04:18 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\1d577e61-58b0-4558-bbd6-d93be246bc3d ()
1/17/2007 7:04:18 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
2/3/2007 2:51:20 AM H 6 C:\WINDOWS\Tasks\SA.DAT ()

Checking for CPL files...
8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
9/20/2004 3:20:44 PM 16121856 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
4/26/2002 6:33:40 PM 183808 C:\WINDOWS\SYSTEM32\bdeadmin.cpl ()
8/4/2004 2:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
5/15/2002 5:24:56 AM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl (Intel Corporation)
10/17/2006 12:05:48 PM 1817088 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
6/10/2005 10:43:18 AM 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl (InstallShield Software Corporation)
8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
11/9/2006 3:07:28 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
8/18/2001 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
8/18/2001 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
7/28/2003 1:19:00 PM 143360 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl (NVIDIA Corporation)
8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
3/3/1999 2:10:02 AM 49152 C:\WINDOWS\SYSTEM32\speech.cpl (Microsoft)
8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
8/18/2001 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
10/17/2006 12:05:48 PM 1817088 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl (Microsoft Corporation)
8/18/2001 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
8/18/2001 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
8/18/2001 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)
5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)
5/15/2002 5:24:56 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0004\DriverFiles\igfxcpl.cpl (Intel Corporation)
6/20/2002 1:58:44 AM 629248 C:\WINDOWS\SYSTEM32\ReinstallBackups\0011\DriverFiles\ALSNDMGR.CPL (Avance Logic, Inc.)

Checking for Downloaded Program Files...
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - QuickTime Object - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab
{11260943-421B-11D0-8EAC-0000C07D88CF} - iPIX ActiveX Control - CodeBase = http://www.ipix.com/viewers/ipixx.cab
{166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://active.macromedia.com/director/cabs/sw.cab
{17492023-C23A-453E-A040-C7C580BBF700} - Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204
{2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} - DownloadManager Control - CodeBase = http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll
{406B5949-7190-4245-91A9-30A17DE16AD0} - Snapfish Activia - CodeBase = http://www1.snapfish.com/SnapfishActivia.cab
{4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - - CodeBase = http://aolcc.aol.com/computercheckup/qdiagcc.cab
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - - CodeBase = http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
{639658F3-B141-4D6B-B936-226F75A5EAC3} - CPlayFirstDinerDash2Control Object - CodeBase = http://aolsvc.aol.com/onlinegames/trydinerdash2/DinerDash2.1.0.0.67.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab
{B9191F79-5613-4C76-AA2A-398534BB8999} - - CodeBase = http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
{BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} - CPlayFirstddfotgControl Object - CodeBase = http://aolsvc.aol.com/onlinegames/free-trial-diner-dash-flo-on-the-go/ddfotg.1.0.0.33.cab
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - - CodeBase = http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - Java Plug-in 1.5.0_02 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - Java Plug-in 1.5.0_04 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
{D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} - Invoke Solutions Participant Control(MR) - CodeBase = http://online.invokesolutions.com/events/bin/media/5.1.2.1427-3.0.0.7207/MILive.cab
{DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - CPlayFirstDinerDashControl Object - CodeBase = http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.93.cab
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - McFreeScan Class - CodeBase = http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4955/mcfscan.cab
Microsoft XML Parser for Java - - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
7/24/2002 2:18:36 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
7/23/2002 7:10:30 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()
1/20/2007 1:39:46 AM 1132112 C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe ()
12/16/2006 5:22:22 PM 1353 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache ()

Checking files in %USERPROFILE%\Startup folder...
7/24/2002 2:18:36 AM HS 84 C:\Documents and Settings\TEMP\Start Menu\Programs\Startup\desktop.ini ()

Checking files in %USERPROFILE%\Application Data folder...
10/20/2004 5:59:30 PM 12358 C:\Documents and Settings\TEMP\Application Data\PFP100JCM.{PB ()
10/20/2004 5:59:30 PM 61678 C:\Documents and Settings\TEMP\Application Data\PFP100JPR.{PB ()

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

>>> Internet Explorer Settings <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.yahoo.com
\\Search Bar - http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
\\Search Page - http://go.microsoft.com/fwlink/?LinkId=54896
\\Default_Page_URL - http://www.yahoo.com
\\Default_Search_URL - http://go.microsoft.com/fwlink/?LinkId=54896
\\Local Page - %SystemRoot%\system32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.aol.com/
\\Search Page - http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
\\Local Page - C:\WINDOWS\system32\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
\\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - AOLTBSearch Class = C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = ()
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - Yahoo! IE Services Button = C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)
\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - AOL Toolbar Launcher = C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - = ()
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
\{8F4902B6-6C04-4ade-8052-AA58578A21BD} - hp toolkit = C:\WINDOWS\System32\Shdocvw.dll (Microsoft Corporation)
\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - Real.com = C:\WINDOWS\System32\Shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{30D02401-6A81-11D0-8274-00C04FD5AE38} - IE Search Band = C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
\{32683183-48a0-441b-a342-7c2a440a9478} - = ()
\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - = ()
\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} - History Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - hp toolkit = C:\HP\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
\\{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar = C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
\\{0BF43445-2F28-4351-9252-17FE6E806AA0} - = ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - hp toolkit = C:\HP\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()
\ShellBrowser\\{50EC13F9-D1F6-4012-A076-F73088D8241C} - The College Toolbar = C:\Program Files\The College Toolbar\collegetoolbar.dll ()
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = ()
\WebBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - hp toolkit = C:\HP\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()
\WebBrowser\\{40D41A8B-D79B-43D7-99A7-9EE0F344C385} - AIM Search = C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - = ()
\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar = C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
\WebBrowser\\{50EC13F9-D1F6-4012-A076-F73088D8241C} - The College Toolbar = C:\Program Files\The College Toolbar\collegetoolbar.dll ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - 8192 = 
\\NEXTID - 8202
\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8193 = Sun Java Console
\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - 8195 = 
\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - 8196 = 
\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 8197 = 
\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - 8198 = 
\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8199 = Windows Messenger
\\{3369AF0D-62E9-4bda-8103-B4C75499B578} - 8200 = 
\\{e2e2dd38-d088-4134-82b7-f2ba38496583} - 8201 = @xpsp3res.dll,-20001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\CmdMapping - MenuText: = ()
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)(HKCU CLSID)
\{3369AF0D-62E9-4bda-8103-B4C75499B578} - ButtonText: AOL Toolbar = 
\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - ButtonText: Yahoo! Services = 
\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - ButtonText: AIM = C:\Program Files\AIM\aim.exe (America Online, Inc.)
\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - ButtonText: Real.com = 
\{e2e2dd38-d088-4134-82b7-f2ba38496583} - MenuText: @xpsp3res.dll,-20001 = ()
\{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
\\{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
\\{1CDB2949-8F65-4355-8456-263E7C208A5D} - Desktop Explorer = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
\\{1E9B04FB-F9E5-4718-997B-B8DA88302A47} - Desktop Explorer Menu = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
\\{5CA3D70E-1895-11CF-8E15-001234567890} - DriveLetterAccess = C:\WINDOWS\system32\dla\tfswshx.dll (VERITAS Software, Inc.)
\\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = ()
\\{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = C:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc.)
\\{5464D816-CF16-4784-B9F3-75C0DB52B499} - Yahoo! Mail = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll (Yahoo! Inc.)
\\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ()
\\{A70C977A-BF00-412C-90B7-034C51DA2439} - NvCpl DesktopContext Class = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)
\\{1E9B04FB-F9E5-4718-997B-B8DA88302A48} - nView Desktop Context Menu = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
\\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.)


----------



## USMCBUCK10 (Jan 21, 2007)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\Yahoo! Mail - {5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll (Yahoo! Inc.)

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]
\00nView - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
\igfxcui - {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} = C:\WINDOWS\System32\igfxpph.dll (Intel Corporation)
\NvCplDesktopContext - {A70C977A-BF00-412C-90B7-034C51DA2439} = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
hpsysdrv - c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
NvCplDaemon - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll ()
nwiz - C:\WINDOWS\SYSTEM32\nwiz.exe (NVIDIA Corporation)
CamMonitor - c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe ()
KBD - C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
StorageGuard - C:\Program Files\VERITAS Software\Update Manager\sgtray.exe (VERITAS Software, Inc.)
dla - C:\WINDOWS\system32\dla\tfswctrl.exe (VERITAS Software, Inc.)
Recguard - C:\WINDOWS\SMINST\RECGUARD.EXE ()
IgfxTray - C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
HotKeysCmds - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
PS2 - C:\WINDOWS\system32\ps2.exe ()
HostManager - C:\Program Files\Common Files\AOL\1106867256\ee\AOLSoftware.exe (America Online, Inc.)
rDM - C:\windows\system32\rDM.exe ()
ISUSPM Startup - C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
ISUSScheduler - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
NvMediaCenter - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll ()
SsAAD.exe - C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe ()
ASM - C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe (AOL LLC)
TkBellExe - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
QuickTime Task - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
AOLSPScheduler - C:\Program Files\Common Files\AOL\1106867256\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe (AOL LLC)
sscRun - C:\Program Files\Common Files\AOL\1106867256\ee\SSCRun.exe (AOL LLC)
OASClnt - C:\Program Files\mcafee.com\antivirus\oasclnt.exe (McAfee, Inc.)
EmailScan - C:\Program Files\mcafee.com\antivirus\mcvsescn.exe (McAfee, Inc.)
MPFExe - C:\Program Files\mcafee.com\personal firewall\MPfTray.exe (McAfee Security)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
Yahoo! Pager - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
AOL Fast Start - C:\Program Files\America Online 9.0a\AOL.EXE (America Online, Inc.)
ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
EA Core - C:\Program Files\Electronic Arts\EA Link\Core.exe (Electronic Arts)
Aim6 - Reg Data missing or invalid ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\TEMP\Start Menu\Programs\Startup\desktop.ini ()

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
\\{664A7BBA-92C4-4086-8B63-D029A149629E} - = ()
\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.)

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\userinit.exe,
\\Shell = Explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\igfxcui - igfxsrvc.dll = (Intel Corporation)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\WgaLogon - WgaLogon.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)

>>> DNS Name Servers <<<
{070E907D-9EC7-419C-BCDB-6BB1F0656C4B} - ()
{2F84A874-8445-4F31-B901-FB97629E9204} - (Realtek RTL8139 Family PCI Fast Ethernet NIC)
{60382598-025F-419D-9D2B-1D0AB7AD2246} - (1394 Net Adapter)

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000017\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\ipp - ()
\msdaipp - ()

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

>>> Selected AddOn's <<<

>>>>Output for AddOn file Policies.def<<<<
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} - 1
policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} - 1073741857
policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - 32
policies\system\\dontdisplaylastusername - 0
policies\system\\legalnoticecaption - 
policies\system\\legalnoticetext - 
policies\system\\shutdownwithoutlogon - 1
policies\system\\undockwithoutlogon - 1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
policies\Explorer\\NoDriveTypeAutoRun - 145
policies\System\\DisableRegistryTools - 0

>>>>Output for AddOn file Security.def<<<<
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
Security Center\\AntiVirusDisableNotify - 0
Security Center\\FirewallDisableNotify - 0
Security Center\\UpdatesDisableNotify - 0
Security Center\\AntiVirusOverride - 0
Security Center\\FirewallOverride - 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS]
BITS\\Type - 32
BITS\\Start - 3
BITS\\ErrorControl - 1
BITS\\ImagePath - %SystemRoot%\System32\svchost.exe -k netsvcs
BITS\\DisplayName - Background Intelligent Transfer Service
BITS\\DependOnService - Rpcss;
BITS\\DependOnGroup - 
BITS\\ObjectName - LocalSystem
BITS\\Description - Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
BITS\\FailureActions - 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 68 E3 0C 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 
BITS\Parameters\\ServiceDll - C:\WINDOWS\System32\qmgr.dll
BITS\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 
BITS\Enum\\0 - Root\LEGACY_BITS\0000
BITS\Enum\\Count - 1
BITS\Enum\\NextInstance - 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
SharedAccess\\Type - 32
SharedAccess\\Start - 2
SharedAccess\\ErrorControl - 1
SharedAccess\\ImagePath - %SystemRoot%\System32\svchost.exe -k netsvcs
SharedAccess\\DisplayName - Windows Firewall/Internet Connection Sharing (ICS)
SharedAccess\\DependOnService - Netman;WinMgmt;
SharedAccess\\DependOnGroup - 
SharedAccess\\ObjectName - LocalSystem
SharedAccess\\Description - Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
SharedAccess\Epoch\\Epoch - 267362
SharedAccess\Parameters\\ServiceDll - %SystemRoot%\System32\ipnathlp.dll
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe - %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0b\waol.exe - C:\Program Files\America Online 9.0b\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0c\waol.exe - C:\Program Files\America Online 9.0c\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0e\waol.exe - C:\Program Files\America Online 9.0e\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe - C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe - C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106867256\EE\AOLServiceHost.exe - C:\Program Files\Common Files\AOL\1106867256\EE\AOLServiceHost.exe:*:Enabled:AOL Services
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\AIM\aim.exe - C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe - %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000
SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP - 139:TCP:*:Enabledxpsp2res.dll,-22004
SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP - 445:TCP:*:Enabledxpsp2res.dll,-22005
SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP - 137:UDP:*:Enabledxpsp2res.dll,-22001
SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP - 138:UDP:*:Enabledxpsp2res.dll,-22002
SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall - 0
SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions - 1
SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications - 0
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe - %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YPager.exe - C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe - C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0k\waol.exe - C:\Program Files\America Online 9.0k\waol.exe:*:Enabled:America Online 9.0k
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0f\waol.exe - C:\Program Files\America Online 9.0f\waol.exe:*:Enabled:America Online 9.0f
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe - C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0m\waol.exe - C:\Program Files\America Online 9.0m\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106303724\EE\AOLServiceHost.exe - C:\Program Files\Common Files\AOL\1106303724\EE\AOLServiceHost.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\System Information\sinf.exe - C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe - C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe - C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe - C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0a\waol.exe - C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\WinMX\WinMX.exe - C:\Program Files\WinMX\WinMX.exe:*:Enabled:WinMX Application
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0b\waol.exe - C:\Program Files\America Online 9.0b\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Kazaa\kazaa.exe - C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106867256\EE\AOLHostManager.exe - C:\Program Files\Common Files\AOL\1106867256\EE\AOLHostManager.exe:*isabled:AOLHostManager Service
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0c\waol.exe - C:\Program Files\America Online 9.0c\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0d\waol.exe - C:\Program Files\America Online 9.0d\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MusicNetOnAOL\client\bin\AOLMN.exe - C:\Program Files\MusicNetOnAOL\client\bin\AOLMN.exe:*:Enabled:MusicNet on AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\McAfee.com\agent\mcagent.exe - C:\Program Files\McAfee.com\agent\mcagent.exe:*isabled:McAfee SecurityCenter Agent
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0e\waol.exe - C:\Program Files\America Online 9.0e\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe - C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Java\jre1.5.0_02\bin\javaw.exe - C:\Program Files\Java\jre1.5.0_02\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Kiwi Alpha\KiwiAlpha.exe - C:\Program Files\Kiwi Alpha\KiwiAlpha.exe:*:Enabled:KiwiAlpha
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe - C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe - C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\StubInstaller.exe - C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106867256\EE\aolsoftware.exe - C:\Program Files\Common Files\AOL\1106867256\EE\aolsoftware.exe:*:Enabled:AOL Services
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106867256\EE\aim6.exe - C:\Program Files\Common Files\AOL\1106867256\EE\aim6.exe:*:Enabled:AIM
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe - C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106867256\ee\aolservicehost.exe - C:\Program Files\Common Files\AOL\1106867256\ee\aolservicehost.exe:*:Enabled:AOL Services
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe - C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM\aim.exe - C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe - %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe - C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106867256\EE\AOLOpenRide.exe - C:\Program Files\Common Files\AOL\1106867256\EE\AOLOpenRide.exe:*:Enabled:AOL OpenRide
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP - 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP - 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP - 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP - 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3389:TCP - 3389:TCP:*:Enabledxpsp2res.dll,-22009
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP - 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP - 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
SharedAccess\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 
SharedAccess\Setup\\ServiceUpgrade - 1
SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{86E02BD3-50CC-48B1-94C1-4CDAFCE1BBC7} - 1
SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{2F84A874-8445-4F31-B901-FB97629E9204} - 1
SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{60382598-025F-419D-9D2B-1D0AB7AD2246} - 1
SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{070E907D-9EC7-419C-BCDB-6BB1F0656C4B} - 1
SharedAccess\Enum\\0 - Root\LEGACY_SHAREDACCESS\0000
SharedAccess\Enum\\Count - 1
SharedAccess\Enum\\NextInstance - 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
wuauserv\\Type - 32
wuauserv\\Start - 2
wuauserv\\ErrorControl - 1
wuauserv\\ImagePath - %systemroot%\system32\svchost.exe -k netsvcs
wuauserv\\DisplayName - Automatic Updates
wuauserv\\ObjectName - LocalSystem
wuauserv\\Description - Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
wuauserv\Parameters\\ServiceDll - C:\WINDOWS\system32\wuauserv.dll
wuauserv\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 
wuauserv\Enum\\0 - Root\LEGACY_WUAUSERV\0000
wuauserv\Enum\\Count - 1
wuauserv\Enum\\NextInstance - 1

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


----------



## Cookiegal (Aug 27, 2003)

I'm attaching a FixUSMC.zip file. Save it to your desktop. Unzip it and double click the FixUSMC.reg file and allow it to enter into the registry.


Reboot and then see if you can turn the Windows firewall off please.


----------



## USMCBUCK10 (Jan 21, 2007)

It didnt work.


----------



## Cookiegal (Aug 27, 2003)

One more to try please.


----------



## USMCBUCK10 (Jan 21, 2007)

Ok, it's working now.


----------



## Cookiegal (Aug 27, 2003)

That's good. :up:

Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

To turn off system restore, on the Desktop, right click on *My Computer* and click on *Properties.*
Click the *System Restore* tab.
Check *Turn off System Restore.*
Click Apply and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a new restore point, click on *Start*  *All Programs*  *Accessories*  *System Tools* and then select *System Restore*.

In the System Restore wizard, select *Create a restore point* and click the Next button.

Type a name for your new restore point then click on Create.

I also recommend downloading  *SPYWAREBLASTER* for added protection.

*Read here* for info on how to tighten your security.

*Delete your temporary files:*

In safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit - Select All then Edit - Delete to delete the entire contents of the Temp folder.

Go to Start - Run and type *%temp%* in the Run box. The Temp folder will open. Click *Edit - Select All* then hit *Delete* to delete the entire contents of the Temp folder.

Finally go to Control Panel - Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK (this option does not exist in IE7). Click Apply then OK.

*Empty the recycle bin*.

***

You should trim down your start-ups as there are too many running. You can research them at these sites and if they arent required at start-up then you can uncheck them in msconfig via Start - Run - type msconfig click OK and then click on the start-up tab.

http://castlecops.com/StartupList.html
http://www.bleepingcomputer.com/startups/
http://www.windowsstartup.com/wso/index.php


----------



## USMCBUCK10 (Jan 21, 2007)

I cant find out what rDM or issch are. Should i remove them from my starup anyways?


----------



## USMCBUCK10 (Jan 21, 2007)

Thank you and Byteman for all the help. It has been greatly appreciated.


----------



## Cookiegal (Aug 27, 2003)

issch.exe is for the InstallShield Update Service Scheduler and it's not necessary for it to run at startup so you can disable it via msconfig.

As for rdm.exe, it does look suspicious so we should investigate further.

Go to Start > Search and under "More advanced search options". 
Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"

Next click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"

Now, go to the following link and upload each of the following files for analysis and let me know what the results are please:

http://virusscan.jotti.org/

*C:\WINDOWS\System32\rDM.exe*

Also, please do this:

Open HijackThis and click on the "Open the Misc Tools Section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" botton. Copy and paste that list here please.


----------



## USMCBUCK10 (Jan 21, 2007)

It's the file that was 0 bytes. I got this error message.


The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file


----------



## USMCBUCK10 (Jan 21, 2007)

Active Security Monitor 1.0.0.278
Ad-Aware SE Personal
Adobe Acrobat 5.0
AIM 6.0
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Deskbar
AOL Instant Messenger
AOL One-click Fix service
AOL Registration
AOL Toolbar 2.0
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apple Software Update
ArcSoft Software Suite
Atomic Pop
AVG Anti-Spyware 7.5
Betty Bad
Blackhawk Striker
Blasterball 2
Blasterball Wild
CA Pest Patrol Realtime Protection
CEP - Color Enable Package
Corel Paint Shop Pro X
Corel Photo Album 6
Dark Orbit
Detto IntelliMover Demo
Diner Dash - Flo on the Go (remove only)
Disney's Lilo and Stitch Pinball
DLA
EA Link
GemMaster 2
Google Earth
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
hp center
HP Instant Support
HP Memories Disc
HP Photo and Imaging 1.1 - Photosmart Cameras
hp toolkit
IE Host
Inactive HP Printer Drivers (Remove only)
Intel(R) 845G Chipset Graphics Driver Software
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Jasc Paint Shop Pro 8
KBD
Keynote Connector
Kublox
Learn2 Player (Uninstall Only)
LimeWire 4.12.3
LiveReg (Symantec Corporation)
LiveUpdate 1.7 (Symantec Corporation)
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Mozilla Firefox (2.0.0.1)
MSXML 4.0 SP2 (KB927978)
Network Play System (Patching)
NVIDIA Drivers
NVIDIA Windows 2000/XP Display Drivers
OpenMG Limited Patch 4.2-05-07-27-01
OpenMG Secure Module 4.2.00
P2P Networking3
Panda ActiveScan
PC-Doctor for Windows
PigPen
Pure Networks Port Magic
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickTime
RealArcade
RealPlayer
RecordNow Update Manager
RelevantKnowledge
S3Display
S3Gamma2
S3Info2
S3Overlay
SabreWing 2
Safety and Security Center Uninstaller
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Sims2Pack Clean Installer 
Snowboard Extreme
SonicStage 3.2
Space Rocks
Speedway
SpywareBlaster v3.5.1
System Requirements Lab
The College Toolbar
The Sims 2
The Sims 2 Family Fun Stuff
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 University
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Viewpoint Media Player
Virtual Warfare
WebSearch Tools
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885295
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
WordPerfect Productivity Pack
WordPerfect Productivity Pack
Yahoo! Browser Services
Yahoo! Internet Mail
Yahoo! Messenger


----------



## USMCBUCK10 (Jan 21, 2007)

Also, I guess I was wrong about the Firewall. It is still saying my Windows Firewall is on and it still wont turn off even when I click off in the Manage Security Settings.


----------



## Cookiegal (Aug 27, 2003)

Go to Control Panel - Add/Remove programs and remove these, if there:

*J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
P2P Networking3
RelevantKnowledge
The College Toolbar (I believe you said you didn't want this anymore)
Viewpoint Media Player
WebSearch Tools*

Now go *here* and install the latest version of Java.

I suspect the rdm.exe file may belong to Real Player but let's see if we can trick your system into allowing it to be uploaded.

Locate the file:

C:\Windows\System32\*rdm.exe*

Right click on it and select "copy" and then "paste" it to your desktop. Try to upload the copy that's on your desktop to Jotti's please.

Also, can you reinstall your AOL/McAfee firewall? It should automatically override the Windows one.


----------



## USMCBUCK10 (Jan 21, 2007)

It says C:\Windows\System32\rdm.exe cant be found.

And i've unintsalled the AOL Firewall twice now and reinstalled and the same thing happens. It works for a minute then the next it is no longer working because the Windows firewall is on.


----------



## Cookiegal (Aug 27, 2003)

I need you to do this fix manually in the registry.

Go to Start > Run
Type:
*regedit*
Click OK.
On the left side, click to highlight *My Computer* at the top. 
Go up to "*File > Export*"
Make sure in that window there is a tick next to "All" under Export Branch.
Leave the "Save As Type" as "Registration Files".
Under "Filename" put *backup*

Choose to save it to *C:\* or somewhere else safe so that you will remember where you put it (don't put it on the desktop!)
Click save and then go to File > Exit.
This is so the registry can be restored to this point if we need it. It may take a minute. Just let it go until it's done.

Expand the following registry keys/sub-keys by clicking on the + to their left:

HKEY_LOCAL_MACHINE
SYSTEM
CurrentControlSet
Services
SharedAccess
Parameters
FirewallPolicy
StandardProfile
AuthorizedApplications

Then click on the *List *key and you will see options open up in the right-hand pane. You should see one that looks like this under the heading "name":

*C:\Program Files\McAfee.com\agent\mcagent.exe*

Double click on that and a box will open up with the title "edit string".

In the dialogue box you will see this line:

*C:\Program Files\McAfee.com\agent\mcagent.exe:*isabled:McAfee SecurityCenter Agent*

Leave the text there and just change *Dis*abled to *En*able leaving it to look like this:

*C:\Program Files\McAfee.com\agent\mcagent.exe:*:Enabled:McAfee SecurityCenter Agent*

Click OK and exit the registry editor.

Reboot and let me know if that fixes the firewall problem.

Also, when you return, please post a new HijackThis log.


----------



## USMCBUCK10 (Jan 21, 2007)

Cookiegal said:


> Then click on the *List *key and you will see options open up in the right-hand pane. You should see one that looks like this under the heading "name":
> 
> *C:\Program Files\McAfee.com\agent\mcagent.exe*
> 
> ...


Ok, after doing the steps before that after i click into "Name", i dont see any file like that. There are two:

*(Default)*

and

*%windr%\system32\sessmgr.exe*


----------



## Cookiegal (Aug 27, 2003)

Please post a new WinpFind log with the same two add-ons.


----------



## USMCBUCK10 (Jan 21, 2007)

*WinP Log*

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 2/4/2007 9:03:34 PM
WinPFind v1.5.0	Folder = C:\Documents and Settings\TEMP\Desktop\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
WSUD 9/20/2004 3:20:44 PM 16121856 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
aspack 3/18/2005 4:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll (Microsoft Corporation)
aspack 5/26/2005 2:34:52 PM 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll (Microsoft Corporation)
aspack 7/22/2005 6:59:04 PM 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll (Microsoft Corporation)
aspack 12/5/2005 5:09:18 PM 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll (Microsoft Corporation)
aspack 2/3/2006 7:43:16 AM 2332368 C:\WINDOWS\SYSTEM32\d3dx9_29.dll (Microsoft Corporation)
aspack 3/31/2006 11:40:58 AM 2388176 C:\WINDOWS\SYSTEM32\d3dx9_30.dll (Microsoft Corporation)
PEC2 8/18/2001 7:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
UPX! 4/11/2000 8:44:56 PM 85504 C:\WINDOWS\SYSTEM32\lame_enc.dll ()
PTech 6/19/2006 3:19:42 PM 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll (Microsoft Corporation)
PECompact2 1/2/2007 6:19:44 PM 10980776 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 1/2/2007 6:19:44 PM 10980776 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 8/4/2004 2:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
WSUD 8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
aspack 3/26/2004 1:06:40 AM 2316336 C:\WINDOWS\SYSTEM32\NY Nights.scr (Axialis Software)
Umonitor 8/4/2004 2:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
UPX! 4/27/2006 4:49:30 PM 288417 C:\WINDOWS\SYSTEM32\SrchSTS.exe (S!Ri)
UPX! 8/29/2006 6:43:54 PM 135168 C:\WINDOWS\SYSTEM32\swreg.exe (SteelWerX)
UPX! 1/9/2006 9:36:06 AM 40960 C:\WINDOWS\SYSTEM32\swsc.exe ()
UPX! 12/1/2006 5:20:34 AM 79360 C:\WINDOWS\SYSTEM32\swxcacls.exe (SteelWerX)
UPX! 10/22/2004 4:46:50 AM 33280 C:\WINDOWS\SYSTEM32\tasklist.exe (Microsoft Corporation)
winsync 8/18/2001 7:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
PTech 6/19/2006 3:19:26 PM 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe (Microsoft Corporation)

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 12:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys (Smart Link)

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\HOSTS

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
2/4/2007 1:31:30 PM S 2048 C:\WINDOWS\bootstat.dat ()
2/4/2007 4:30:54 AM H 54156 C:\WINDOWS\QTFont.qfn ()
1/31/2007 6:40:36 PM HS 6320 C:\WINDOWS\system32\KGyGaAvL.sys ()
12/7/2006 8:30:20 PM S 9057 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923689.cat ()
12/22/2006 11:53:02 AM S 7894 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB929969.cat ()
2/4/2007 2:10:34 PM H 1024 C:\WINDOWS\system32\config\default.LOG ()
2/4/2007 1:31:40 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
2/4/2007 6:31:48 PM H 1024 C:\WINDOWS\system32\config\SECURITY.LOG ()
2/4/2007 9:18:06 PM H 1024 C:\WINDOWS\system32\config\software.LOG ()
2/4/2007 9:18:08 PM H 1024 C:\WINDOWS\system32\config\system.LOG ()
1/31/2007 10:32:26 PM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG ()
2/2/2007 8:24:32 AM S 600 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\526CE89193F110F750D34080932D5D62 ()
2/2/2007 8:22:46 AM S 2226 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\C85D71887265E283EC5EBF46764A2A28 ()
1/7/2007 1:26:00 AM S 1039 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\CFC456E7E410D69E2C6F3E2DB75C7DB3 ()
2/2/2007 8:24:32 AM S 216 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\526CE89193F110F750D34080932D5D62 ()
2/2/2007 8:22:46 AM S 110 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\C85D71887265E283EC5EBF46764A2A28 ()
1/7/2007 1:26:00 AM S 126 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\CFC456E7E410D69E2C6F3E2DB75C7DB3 ()
2/4/2007 5:28:24 PM H 1024 C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG ()
1/17/2007 7:04:18 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\1d577e61-58b0-4558-bbd6-d93be246bc3d ()
1/17/2007 7:04:18 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
2/4/2007 1:31:34 PM H 6 C:\WINDOWS\Tasks\SA.DAT ()

Checking for CPL files...
9/20/2004 3:20:44 PM 16121856 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
4/26/2002 6:33:40 PM 183808 C:\WINDOWS\SYSTEM32\bdeadmin.cpl ()
8/4/2004 2:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
5/15/2002 5:24:56 AM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl (Intel Corporation)
10/17/2006 12:05:48 PM 1817088 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
6/10/2005 10:43:18 AM 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl (InstallShield Software Corporation)
2/4/2007 5:58:20 PM 69632 C:\WINDOWS\SYSTEM32\javacpl.cpl (Sun Microsystems, Inc.)
8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
8/18/2001 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
8/18/2001 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
7/28/2003 1:19:00 PM 143360 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl (NVIDIA Corporation)
8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
3/3/1999 2:10:02 AM 49152 C:\WINDOWS\SYSTEM32\speech.cpl (Microsoft)
8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
8/18/2001 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
10/17/2006 12:05:48 PM 1817088 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl (Microsoft Corporation)
8/18/2001 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
8/18/2001 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
8/18/2001 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)
5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)
5/15/2002 5:24:56 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0004\DriverFiles\igfxcpl.cpl (Intel Corporation)
6/20/2002 1:58:44 AM 629248 C:\WINDOWS\SYSTEM32\ReinstallBackups\0011\DriverFiles\ALSNDMGR.CPL (Avance Logic, Inc.)

Checking for Downloaded Program Files...
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - QuickTime Object - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab
{11260943-421B-11D0-8EAC-0000C07D88CF} - iPIX ActiveX Control - CodeBase = http://www.ipix.com/viewers/ipixx.cab
{166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://active.macromedia.com/director/cabs/sw.cab
{17492023-C23A-453E-A040-C7C580BBF700} - Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204
{2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} - DownloadManager Control - CodeBase = http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll
{406B5949-7190-4245-91A9-30A17DE16AD0} - Snapfish Activia - CodeBase = http://www1.snapfish.com/SnapfishActivia.cab
{49232000-16E4-426C-A231-62846947304B} - SysData Class - CodeBase = http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
{4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - - CodeBase = http://aolcc.aol.com/computercheckup/qdiagcc.cab
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - - CodeBase = http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
{639658F3-B141-4D6B-B936-226F75A5EAC3} - CPlayFirstDinerDash2Control Object - CodeBase = http://aolsvc.aol.com/onlinegames/trydinerdash2/DinerDash2.1.0.0.67.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.6.0 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab
{B9191F79-5613-4C76-AA2A-398534BB8999} - - CodeBase = http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
{BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} - CPlayFirstddfotgControl Object - CodeBase = http://aolsvc.aol.com/onlinegames/free-trial-diner-dash-flo-on-the-go/ddfotg.1.0.0.33.cab
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - - CodeBase = http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - Java Plug-in 1.6.0 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.6.0 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
{D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} - Invoke Solutions Participant Control(MR) - CodeBase = http://online.invokesolutions.com/events/bin/media/5.1.2.1427-3.0.0.7207/MILive.cab
{DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - CPlayFirstDinerDashControl Object - CodeBase = http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.93.cab
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - McFreeScan Class - CodeBase = http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4955/mcfscan.cab
Microsoft XML Parser for Java - - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
7/24/2002 2:18:36 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
7/23/2002 7:10:30 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()
1/20/2007 1:39:46 AM 1132112 C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe ()
12/16/2006 5:22:22 PM 1353 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache ()

Checking files in %USERPROFILE%\Startup folder...
7/24/2002 2:18:36 AM HS 84 C:\Documents and Settings\TEMP\Start Menu\Programs\Startup\desktop.ini ()

Checking files in %USERPROFILE%\Application Data folder...
10/20/2004 5:59:30 PM 12358 C:\Documents and Settings\TEMP\Application Data\PFP100JCM.{PB ()
10/20/2004 5:59:30 PM 61678 C:\Documents and Settings\TEMP\Application Data\PFP100JPR.{PB ()

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

>>> Internet Explorer Settings <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.yahoo.com
\\Search Bar - http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
\\Search Page - http://go.microsoft.com/fwlink/?LinkId=54896
\\Default_Page_URL - http://www.yahoo.com
\\Default_Search_URL - http://go.microsoft.com/fwlink/?LinkId=54896
\\Local Page - %SystemRoot%\system32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.aol.com/
\\Search Page - http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
\\Local Page - C:\WINDOWS\system32\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
\\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - AOLTBSearch Class = C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = ()
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - Yahoo! IE Services Button = C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - AOL Toolbar Launcher = C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - = ()
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
\{8F4902B6-6C04-4ade-8052-AA58578A21BD} - hp toolkit = C:\WINDOWS\System32\Shdocvw.dll (Microsoft Corporation)
\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - Real.com = C:\WINDOWS\System32\Shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{30D02401-6A81-11D0-8274-00C04FD5AE38} - IE Search Band = C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
\{32683183-48a0-441b-a342-7c2a440a9478} - = ()
\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - = ()
\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} - History Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - hp toolkit = C:\HP\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
\\{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar = C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
\\{0BF43445-2F28-4351-9252-17FE6E806AA0} - = ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - hp toolkit = C:\HP\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()
\ShellBrowser\\{50EC13F9-D1F6-4012-A076-F73088D8241C} - The College Toolbar = C:\Program Files\The College Toolbar\collegetoolbar.dll ()
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = ()
\WebBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - hp toolkit = C:\HP\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()
\WebBrowser\\{40D41A8B-D79B-43D7-99A7-9EE0F344C385} - AIM Search = C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - = ()
\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar = C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
\WebBrowser\\{50EC13F9-D1F6-4012-A076-F73088D8241C} - The College Toolbar = C:\Program Files\The College Toolbar\collegetoolbar.dll ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - 8192 = 
\\NEXTID - 8202
\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8193 = Sun Java Console
\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - 8195 = 
\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - 8196 = 
\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 8197 = 
\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - 8198 = 
\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8199 = Windows Messenger
\\{3369AF0D-62E9-4bda-8103-B4C75499B578} - 8200 = 
\\{e2e2dd38-d088-4134-82b7-f2ba38496583} - 8201 = @xpsp3res.dll,-20001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\CmdMapping - MenuText: =  ()
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = ()
\{3369AF0D-62E9-4bda-8103-B4C75499B578} - ButtonText: AOL Toolbar = 
\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - ButtonText: Yahoo! Services = 
\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - ButtonText: AIM = C:\Program Files\AIM\aim.exe (America Online, Inc.)
\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - ButtonText: Real.com = 
\{e2e2dd38-d088-4134-82b7-f2ba38496583} - MenuText: @xpsp3res.dll,-20001 = ()
\{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll ()
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
\\{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
\\{1CDB2949-8F65-4355-8456-263E7C208A5D} - Desktop Explorer = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
\\{1E9B04FB-F9E5-4718-997B-B8DA88302A47} - Desktop Explorer Menu = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
\\{5CA3D70E-1895-11CF-8E15-001234567890} - DriveLetterAccess = C:\WINDOWS\system32\dla\tfswshx.dll (VERITAS Software, Inc.)
\\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = ()
\\{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = C:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc.)
\\{5464D816-CF16-4784-B9F3-75C0DB52B499} - Yahoo! Mail = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll (Yahoo! Inc.)
\\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ()
\\{A70C977A-BF00-412C-90B7-034C51DA2439} - NvCpl DesktopContext Class = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)
\\{1E9B04FB-F9E5-4718-997B-B8DA88302A48} - nView Desktop Context Menu = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
\\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\Yahoo! Mail - {5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll (Yahoo! Inc.)

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]
\00nView - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
\igfxcui - {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} = C:\WINDOWS\System32\igfxpph.dll (Intel Corporation)
\NvCplDesktopContext - {A70C977A-BF00-412C-90B7-034C51DA2439} = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
hpsysdrv - c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
NvCplDaemon - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll ()
CamMonitor - c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe ()
KBD - C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
StorageGuard - C:\Program Files\VERITAS Software\Update Manager\sgtray.exe (VERITAS Software, Inc.)
dla - C:\WINDOWS\system32\dla\tfswctrl.exe (VERITAS Software, Inc.)
Recguard - C:\WINDOWS\SMINST\RECGUARD.EXE ()
IgfxTray - C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
HotKeysCmds - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
PS2 - C:\WINDOWS\system32\ps2.exe ()
HostManager - C:\Program Files\Common Files\AOL\1106867256\ee\AOLSoftware.exe (America Online, Inc.)
rDM - C:\windows\system32\rDM.exe ()
ISUSPM Startup - C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
NvMediaCenter - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll ()
SsAAD.exe - C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe ()
iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
AOLSPScheduler - C:\Program Files\Common Files\AOL\1106867256\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe (AOL LLC)
sscRun - C:\Program Files\Common Files\AOL\1106867256\ee\SSCRun.exe (AOL LLC)
OASClnt - C:\Program Files\mcafee.com\antivirus\oasclnt.exe (McAfee, Inc.)
EmailScan - C:\Program Files\mcafee.com\antivirus\mcvsescn.exe (McAfee, Inc.)
MPFExe - C:\Program Files\mcafee.com\personal firewall\MPfTray.exe (McAfee Security)
SunJavaUpdateSched - C:\Program Files\Java\jre1.6.0\bin\jusched.exe (Sun Microsystems, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
AOL Fast Start - C:\Program Files\America Online 9.0a\AOL.EXE (America Online, Inc.)
ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
Aim6 - Reg Data missing or invalid ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\TEMP\Start Menu\Programs\Startup\desktop.ini ()

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASM
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	ASMonitor
hkey	HKLM
command	"C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe"
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EA Core
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	Core
hkey	HKCU
command	"C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent
inimapping	0


----------



## USMCBUCK10 (Jan 21, 2007)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSScheduler
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	issch
hkey	HKLM
command	"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	msmsgs
hkey	HKCU
command	"C:\Program Files\Messenger\msmsgs.exe" /background
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\nwiz
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	nwiz
hkey	HKLM
command	nwiz.exe /install
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	qttask
hkey	HKLM
command	"C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	realsched
hkey	HKLM
command	"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Pager
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	YahooMessenger
hkey	HKCU
command	"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini	0
win.ini	0
bootini	0
services	0
startup	2

[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
\\{664A7BBA-92C4-4086-8B63-D029A149629E} - = ()
\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.)

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\userinit.exe,
\\Shell = Explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\igfxcui - igfxsrvc.dll = (Intel Corporation)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\WgaLogon - WgaLogon.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)

>>> DNS Name Servers <<<
{070E907D-9EC7-419C-BCDB-6BB1F0656C4B} - ()
{2F84A874-8445-4F31-B901-FB97629E9204} - (Realtek RTL8139 Family PCI Fast Ethernet NIC)
{60382598-025F-419D-9D2B-1D0AB7AD2246} - (1394 Net Adapter)

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000017\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\ipp - ()
\msdaipp - ()

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

>>> Selected AddOn's <<<

>>>>Output for AddOn file Policies.def<<<<
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} - 1
policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} - 1073741857
policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - 32
policies\system\\dontdisplaylastusername - 0
policies\system\\legalnoticecaption - 
policies\system\\legalnoticetext - 
policies\system\\shutdownwithoutlogon - 1
policies\system\\undockwithoutlogon - 1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
policies\Explorer\\NoDriveTypeAutoRun - 145
policies\System\\DisableRegistryTools - 0

>>>>Output for AddOn file Security.def<<<<
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
Security Center\\AntiVirusDisableNotify - 0
Security Center\\FirewallDisableNotify - 0
Security Center\\UpdatesDisableNotify - 0
Security Center\\AntiVirusOverride - 1
Security Center\\FirewallOverride - 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS]
BITS\\Type - 32
BITS\\Start - 3
BITS\\ErrorControl - 1
BITS\\ImagePath - %SystemRoot%\System32\svchost.exe -k netsvcs
BITS\\DisplayName - Background Intelligent Transfer Service
BITS\\DependOnService - Rpcss;
BITS\\DependOnGroup - 
BITS\\ObjectName - LocalSystem
BITS\\Description - Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
BITS\\FailureActions - 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 68 E3 0C 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 
BITS\Parameters\\ServiceDll - C:\WINDOWS\System32\qmgr.dll
BITS\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 
BITS\Enum\\0 - Root\LEGACY_BITS\0000
BITS\Enum\\Count - 1
BITS\Enum\\NextInstance - 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
SharedAccess\\Type - 32
SharedAccess\\Start - 2
SharedAccess\\ErrorControl - 1
SharedAccess\\ImagePath - %SystemRoot%\System32\svchost.exe -k netsvcs
SharedAccess\\DisplayName - Windows Firewall/Internet Connection Sharing (ICS)
SharedAccess\\DependOnService - Netman;WinMgmt;
SharedAccess\\DependOnGroup - 
SharedAccess\\ObjectName - LocalSystem
SharedAccess\\Description - Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
SharedAccess\Epoch\\Epoch - 268068
SharedAccess\Parameters\\ServiceDll - %SystemRoot%\System32\ipnathlp.dll
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe - %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019
SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall - 0
SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions - 0
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe - %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP - 1900:UDP:LocalSubNetisabledxpsp2res.dll,-22007
SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP - 2869:TCP:LocalSubNetisabledxpsp2res.dll,-22008
SharedAccess\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 
SharedAccess\Setup\\ServiceUpgrade - 1
SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{86E02BD3-50CC-48B1-94C1-4CDAFCE1BBC7} - 1
SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{2F84A874-8445-4F31-B901-FB97629E9204} - 1
SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{60382598-025F-419D-9D2B-1D0AB7AD2246} - 1
SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{070E907D-9EC7-419C-BCDB-6BB1F0656C4B} - 1
SharedAccess\Enum\\0 - Root\LEGACY_SHAREDACCESS\0000
SharedAccess\Enum\\Count - 1
SharedAccess\Enum\\NextInstance - 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
wuauserv\\Type - 32
wuauserv\\Start - 2
wuauserv\\ErrorControl - 1
wuauserv\\ImagePath - %systemroot%\system32\svchost.exe -k netsvcs
wuauserv\\DisplayName - Automatic Updates
wuauserv\\ObjectName - LocalSystem
wuauserv\\Description - Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
wuauserv\Parameters\\ServiceDll - C:\WINDOWS\system32\wuauserv.dll
wuauserv\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 
wuauserv\Enum\\0 - Root\LEGACY_WUAUSERV\0000
wuauserv\Enum\\Count - 1
wuauserv\Enum\\NextInstance - 1

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


----------



## Cookiegal (Aug 27, 2003)

Go to Start > Run
Type:
*regedit*
Click OK.
On the left side, click to highlight *My Computer* at the top. 
Go up to "*File > Export*"
Make sure in that window there is a tick next to "All" under Export Branch.
Leave the "Save As Type" as "Registration Files".
Under "Filename" put *backup*

Choose to save it to *C:\* or somewhere else safe so that you will remember where you put it (don't put it on the desktop!)
Click save and then go to File > Exit.
This is so the registry can be restored to this point if we need it. It may take a minute. Just let it go until it's done.

I'm attaching FixUSMC3.zip so please run the regfix it contains.

Then boot to safe mode and run Killbox on this file:

*C:\Windows\System32\rdm.exe*

Let me know how that goes please.


----------



## USMCBUCK10 (Jan 21, 2007)

It says the file doesnt exist.


----------



## Cookiegal (Aug 27, 2003)

OK. What is the status of the firewall situation now?


----------



## USMCBUCK10 (Jan 21, 2007)

It is now working.


----------



## Cookiegal (Aug 27, 2003)

That's good. May I see one more HjackThis log please?


----------



## USMCBUCK10 (Jan 21, 2007)

*HJT Log*

Logfile of HijackThis v1.99.1
Scan saved at 4:48:39 PM, on 2/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1106867256\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\1106867256\ee\AOLSoftware.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1106867256\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\AOL\1106867256\ee\SSCEvtHdlr.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\Common Files\AOL\1106867256\ee\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Common Files\AOL\1106867256\ee\aolsoftware.exe
C:\Program Files\America Online 9.0a\shellmon.exe
c:\program files\common files\aol\1106867256\ee\aolssc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1106867256\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [rDM] C:\windows\system32\rDM.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1106867256\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1106867256\ee\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://aolsvc.aol.com/onlinegames/trydinerdash2/DinerDash2.1.0.0.67.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://aolsvc.aol.com/onlinegames/free-trial-diner-dash-flo-on-the-go/ddfotg.1.0.0.33.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://online.invokesolutions.com/events/bin/media/5.1.2.1427-3.0.0.7207/MILive.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.93.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4955/mcfscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1106867256\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


----------



## Cookiegal (Aug 27, 2003)

That file is still showing under the run key so we will take it out with another regfix.

Please run the attached FixUSMC4.zip file as you have the others.


Reboot and post a new HijackThis log please.


----------



## USMCBUCK10 (Jan 21, 2007)

Logfile of HijackThis v1.99.1
Scan saved at 10:52:11 PM, on 2/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\AOL\1106867256\ee\AOLSoftware.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1106867256\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\1106867256\ee\SSCEvtHdlr.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\1106867256\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\AOL\1106867256\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\1106867256\ee\aolsoftware.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1106867256\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1106867256\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1106867256\ee\SSCRun.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://aolsvc.aol.com/onlinegames/trydinerdash2/DinerDash2.1.0.0.67.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://aolsvc.aol.com/onlinegames/free-trial-diner-dash-flo-on-the-go/ddfotg.1.0.0.33.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://online.invokesolutions.com/events/bin/media/5.1.2.1427-3.0.0.7207/MILive.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.93.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4955/mcfscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1106867256\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


----------



## Cookiegal (Aug 27, 2003)

Just to tidy up, rescan with HijackThis and fix this entry. The rest looks good.

*O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)*

Is everything running smoothly now?


----------



## USMCBUCK10 (Jan 21, 2007)

Yes everything is running great now. Could you recommend a good anti virus program?


----------



## Cookiegal (Aug 27, 2003)

In my opinion, the best anti-virus programs are Nod32 and Kaspersky. 

Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

To turn off system restore, on the Desktop, right click on *My Computer* and click on *Properties.*
Click the *System Restore* tab.
Check *Turn off System Restore.*
Click Apply and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a new restore point, click on *Start*  *All Programs*  *Accessories*  *System Tools* and then select *System Restore*.

In the System Restore wizard, select *Create a restore point* and click the Next button.

Type a name for your new restore point then click on Create.

I also recommend downloading  *SPYWAREBLASTER* for added protection.

*Read here* for info on how to tighten your security.

*Delete your temporary files:*

In safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit - Select All then Edit - Delete to delete the entire contents of the Temp folder.

Go to Start - Run and type *%temp%* in the Run box. The Temp folder will open. Click *Edit - Select All* then hit *Delete* to delete the entire contents of the Temp folder.

Finally go to Control Panel - Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK (this option does not exist in IE7). Click Apply then OK.

*Empty the recycle bin*.


----------



## USMCBUCK10 (Jan 21, 2007)

Thank you for all your help.


----------



## Cookiegal (Aug 27, 2003)

It's my pleasure.


----------

