Ave.exe and Links on Google Virus

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Nitsua88

Thread Starter
Joined
Apr 22, 2010
Messages
11
Hello,

I have had a problem with my computer the last month and no matter what I do I can not fix it. I need help please! Randomly a antivirus removal tool will pop up that I don't have, and along with my computer telling me I am at high risk. I have figured out the quick way to get rid of this is to press CTL ALT DEL and end the file ave.exe. This works for a little bit but then it will pop up again. Also I've noticed that when I try to search on google most of the links I click on take me to something I completely didn't want to go to like ads or search pages. If anyone can help I will be greatly happy. Thanks.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:29 AM, on 4/22/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL$SOSHOME22\Binn\sqlservr.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: ezLife browser enhancer mqvcwzno - {4DED0D91-9EC7-4705-B8B6-80EF3942F33F} - C:\WINDOWS\system32\mqvcwzno.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &Search - ?p=ZLfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Search Current News - file://\program files\powershell-xp3\search5.htm
O8 - Extra context menu item: Search Encyclopedia - file://\program files\powershell-xp3\search4.htm
O8 - Extra context menu item: Search for Images - file://\program files\powershell-xp3\search3.htm
O8 - Extra context menu item: Search Newsgroups - file://\program files\powershell-xp3\search2.htm
O8 - Extra context menu item: Search the Web - file://\program files\powershell-xp3\search.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141655441157
O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} (Enlite 2.x Simulation Engine Installer) - http://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by108fd.bay108.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

--
End of file - 6700 bytes
 

NeonFx

Malware Specialist
Joined
Oct 22, 2008
Messages
4,811
Hello there :cool: Welcome to the TSG Forums.
My name is NeonFx. I'll be glad to help you with your computer problems. Logs can take some time to research, so please be patient with me.


Please note the following:
  • The fixes are specific to your problem and should only be used on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clean. Absence of symptoms does not necessarily mean that the system is completely clean.
  • It's often worth reading through these instructions and printing them for ease of reference. I may ask you to boot into Safe Mode where you will be unable to follow my instructions online.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.



Step 1


Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).


Step 2

Download OTS to your Desktop

  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS.exe to start the program.
  • Check the box that says Scan All Users
  • Under Basic Scans please change the radio button under Registry from Safe List to All.
  • Under Additional Scans check the following:
    • Reg - Desktop Components
    • Reg - Disabled MS Config Items
    • Reg - NetSvcs
    • Reg - Shell Spawning
    • Reg - Uninstall List
    • File - Lop Check
    • File - Purity Scan
    • Evnt - EvtViewer (last 10)
  • Please paste the contents of the following codebox into the Custom Scans box at the bottom
Code:
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post. To do so click on the blue "Reply" button or "Go Advanced" and click on the "Manage Attachments" button

Step 3

GMER Rootkit Scanner
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs. Make sure you disable your security programs as well, as they may interfere with the program.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable your security programs when done.


If you have trouble running GMER, please try running it in Safe Mode. To get to Safe Mode you'll need to repeatedly tap the F8 key on your keyboard as you turn your computer on until a black and white menu appears with the option.

If you continue to have trouble with it, try running it without the "Files" scan checked.
 

Nitsua88

Thread Starter
Joined
Apr 22, 2010
Messages
11
Thank you so much for responding and for the help. Well I downloaded the exehelper.exe file to my desktop but when I try to double click on it nothing happens. What do I need to do?
 

NeonFx

Malware Specialist
Joined
Oct 22, 2008
Messages
4,811
Try this instead of exehelper:

Please download and run the following tool to help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Administrator
You only need to get one of them to run, not all of them. If one doesn't work try a different one.

 

Nitsua88

Thread Starter
Joined
Apr 22, 2010
Messages
11
I downloaded each one at a time but when I tried to open the file it said "An Unknown Error Has Occurred. The Program will be terminated".
 

NeonFx

Malware Specialist
Joined
Oct 22, 2008
Messages
4,811
Do me a favor and save exehelper, rkill, OTS and GMER to your desktop and then load your computer into Safe Mode. To do that, you'll need to repeatedly tap the F8 key on your keyboard as you turn your computer on until a black and white menu with the option appears. It should appear before the Windows logo comes up and if it doesn't, you'll need to try again.


Then try running the tools in Safe Mode for me.
 

Nitsua88

Thread Starter
Joined
Apr 22, 2010
Messages
11
Ok well once I started in Safe mode the exehelp file worked! But I forgot to copy the codes for the second step so I had to start back the computer to get online to save a copy of them. I didn't realize that you wanted me to do all the scans on safe mode. I did the first one in safe mode and the second and third I did them normal following all your instructions. Here are all the logs. O and I forgot to tell you that my os is XP Home. Thanks so much. I hope I didn't do anything wrong.

Step 1

exeHelper by Raktor
Build 20100414
Run at 13:29:56 on 04/23/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Deleting file C:\Documents and Settings\Austin\Local Settings\Application Data\ave.exe
Checking for bad registry entries...
Resetting filetype association for .exe
Removing HKCR\secfile
Resetting filetype association for .com
Removing HKCR\secfile
Resetting userinit and shell values...
Resetting policies...
--Finished--

Step 2

Code:
OTS logfile created on: 4/23/2010 1:42:32 PM - Run 1
OTS by OldTimer - Version 3.1.29.0     Folder = C:\Documents and Settings\Austin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 54.74 Gb Free Space | 73.48% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 465.65 Gb Total Space | 432.18 Gb Free Space | 92.81% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: AUSTIN
Current User Name: Austin
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Austin\Desktop\OTS.exe -> [2010/04/21 22:30:19 | 000,638,976 | ---- | M] (OldTimer Tools)
dkservice.exe -> C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -> [2010/04/15 19:01:58 | 001,732,960 | ---- | M] (Diskeeper Corporation)
msmpeng.exe -> C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -> [2009/12/09 19:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation)
mpcmdrun.exe -> C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe -> [2009/12/09 19:02:36 | 000,202,776 | ---- | M] (Microsoft Corporation)
snmp.exe -> C:\WINDOWS\system32\snmp.exe -> [2008/04/13 20:12:36 | 000,033,280 | ---- | M] (Microsoft Corporation)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
sqlservr.exe -> C:\Program Files\Microsoft SQL Server\MSSQL$SOSHOME22\Binn\sqlservr.exe -> [2002/12/17 18:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation)
tcpsvcs.exe -> C:\WINDOWS\system32\tcpsvcs.exe -> [2002/09/03 13:06:31 | 000,019,456 | ---- | M] (Microsoft Corporation)
 
[Modules - Safe List]
ots.exe -> C:\Documents and Settings\Austin\Desktop\OTS.exe -> [2010/04/21 22:30:19 | 000,638,976 | ---- | M] (OldTimer Tools)
 
[Win32 Services - Safe List]
(WMP54Gv4SVC) WMP54Gv4SVC [Disabled | Stopped] ->  -> File not found
(SamSsRDSessMgr) Security Accounts Manager SamSsRDSessMgr [Disabled | Stopped] ->  -> File not found
(Diskeeper) Diskeeper [Auto | Running] -> C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -> [2010/04/15 19:01:58 | 001,732,960 | ---- | M] (Diskeeper Corporation)
(Apple Mobile Device) Apple Mobile Device [Disabled | Stopped] -> C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -> [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.)
(MsMpSvc) Microsoft Antimalware Service [Auto | Running] -> C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -> [2009/12/09 19:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation)
(SNMP) SNMP Service [Auto | Running] -> C:\WINDOWS\system32\snmp.exe -> [2008/04/13 20:12:36 | 000,033,280 | ---- | M] (Microsoft Corporation)
(p2pgasvc) Peer Networking Group Authentication [On_Demand | Stopped] -> C:\WINDOWS\system32\p2pgasvc.dll -> [2008/04/13 20:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation)
(MSSQL$SOSHOME22) MSSQL$SOSHOME22 [Auto | Running] -> C:\Program Files\Microsoft SQL Server\MSSQL$SOSHOME22\Binn\sqlservr.exe -> [2002/12/17 18:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation)
(SQLAgent$SOSHOME22) SQLAgent$SOSHOME22 [On_Demand | Stopped] -> C:\Program Files\Microsoft SQL Server\MSSQL$SOSHOME22\Binn\sqlagent.EXE -> [2002/12/17 18:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation)
(SimpTcp) Simple TCP/IP Services [Auto | Running] -> C:\WINDOWS\system32\tcpsvcs.exe -> [2002/09/03 13:06:31 | 000,019,456 | ---- | M] (Microsoft Corporation)
(LPDSVC) TCP/IP Print Server [On_Demand | Stopped] -> C:\WINDOWS\system32\tcpsvcs.exe -> [2002/09/03 13:06:31 | 000,019,456 | ---- | M] (Microsoft Corporation)
 
[Driver Services - Safe List]
(IPSec) IPSEC driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\ipsec.sys -> [2010/04/22 07:14:08 | 000,075,264 | ---- | M] ()
(DKRtWrt) DKRtWrt [File_System | On_Demand | Running] -> C:\WINDOWS\system32\drivers\DKRtWrt.sys -> [2010/03/10 11:29:24 | 000,042,144 | ---- | M] (Diskeeper Corporation)
(Tcpip6) Microsoft IPv6 Protocol Driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\tcpip6.sys -> [2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation)
(MpFilter) Microsoft Malware Protection Driver [File_System | System | Running] -> C:\WINDOWS\system32\drivers\MpFilter.sys -> [2009/12/02 16:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation)
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\USBAUDIO.sys -> [2008/04/13 15:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation)
(WinUSB) WinUSB [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\winusb.sys -> [2006/11/02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation)
(CO_Mon) CO_Mon [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\CO_Mon.sys -> [2006/10/04 07:17:36 | 000,028,672 | ---- | M] ()
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ati2mtag.sys -> [2006/05/03 12:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.)
(RT61) Linksys Wireless-G PCI Adapter Driver(RT61) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\rt61.sys -> [2005/10/27 15:06:30 | 000,356,096 | ---- | M] (Ralink Technology Inc.)
(P17) Sound Blaster Audigy [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\P17.sys -> [2005/07/07 04:14:30 | 001,389,056 | R--- | M] (Creative Technology Ltd.)
(BCM42RLY) BCM42RLY [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\bcm42rly.sys -> [2005/02/01 18:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation)
(ossrv) Creative OS Services Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ctoss2k.sys -> [2005/01/10 06:15:30 | 000,106,496 | R--- | M] (Creative Technology Ltd.)
(ctsfm2k) Creative SoundFont Management Device Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ctsfm2k.sys -> [2005/01/10 06:15:24 | 000,138,752 | R--- | M] (Creative Technology Ltd)
(BCMModem) BCM V.92 56K Modem [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\BCMSM.sys -> [2003/08/29 05:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation)
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\bcm4sbxp.sys -> [2003/06/30 18:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation)
(NETGEAR_WG311_SERVICE) NETGEAR WG311 Wireless PCI Adapter Service [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\wg311nd5.sys -> [2003/03/17 21:27:50 | 000,307,904 | ---- | M] (Atheros Communications, Inc.)
(AWINDIS5) AWINDIS5 Protocol Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\AWINDIS5.SYS -> [2002/04/11 18:43:44 | 000,016,194 | ---- | M] (AMBIT Microsystems Corporation.)
(OMCI) OMCI [Kernel | System | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -> [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation)
(USRpdA) U.S. Robotics 56K PCI Faxmodem Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\USRpdA.sys -> [2001/08/17 14:28:26 | 000,113,762 | ---- | M] (U.S. Robotics Corporation)
(MODEMCSA) Unimodem Streaming Filter Device [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\MODEMCSA.sys -> [2001/08/17 09:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation)
 
[Registry - All]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  [binary data] -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
HKEY_LOCAL_MACHINE\: "ProxyEnable" -> 0 -> 
HKEY_LOCAL_MACHINE\: "ProxyOverride" -> *.local;<local> -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
HKEY_USERS\S-1-5-19\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\] > -> -> 
HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\: Main\\"Page_Transitions" -> 1 -> 
HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\: Main\\"Start Page" -> about:blank -> 
HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\: URLSearchHooks\\"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" [HKLM] -> C:\WINDOWS\system32\ieframe.dll [Microsoft Url Search Hook] -> [2010/02/25 11:54:36 | 011,070,976 | ---- | M] (Microsoft Corporation)
HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\: "ProxyEnable" -> 0 -> 
HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\: "ProxyOverride" -> <local>;*.local -> 
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Austin\Application Data\Mozilla\FireFox\Profiles\0fhuups1.default\prefs.js -> 
browser.startup.homepage -> "www.google.com" ->
extensions.enabledItems -> {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 ->
extensions.enabledItems -> {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.4.14.1 ->
extensions.enabledItems -> {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9 ->
extensions.enabledItems -> {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3 ->
extensions.enabledItems -> [email protected]:3.6.5 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3] -> [2010/03/31 22:34:42 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/04/21 17:47:20 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/04/23 10:35:31 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Thunderbird\Extensions ->  -> 
< FireFox Extensions [User Folders] > -> 
  -> C:\Documents and Settings\Austin\Application Data\Mozilla\Extensions -> [2010/04/21 17:47:31 | 000,000,000 | ---D | M]
No name found   -> C:\Documents and Settings\Austin\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2010/04/21 17:47:31 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\Austin\Application Data\Mozilla\Extensions\[email protected] -> [2009/04/12 17:16:26 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\0fhuups1.default\extensions -> [2010/04/23 10:21:09 | 000,000,000 | ---D | M]
Forecastfox   -> C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\0fhuups1.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} -> [2010/04/23 09:15:58 | 000,000,000 | ---D | M]
IE Tab 2 (FF 3.6+)   -> C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\0fhuups1.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} -> [2010/04/22 09:35:50 | 000,000,000 | ---D | M]
DownThemAll!   -> C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\0fhuups1.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} -> [2010/04/23 09:15:59 | 000,000,000 | ---D | M]
Greasemonkey   -> C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\0fhuups1.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} -> [2010/04/21 17:49:03 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\0fhuups1.default\extensions\[email protected] -> [2010/04/23 10:12:03 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files\Mozilla Firefox\extensions -> [2010/04/21 17:47:06 | 000,000,000 | ---D | M]
Default   -> C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2010/04/21 17:47:06 | 000,000,000 | ---D | M]
< HOSTS File > ([2010/04/22 21:09:40 | 000,391,989 | R--- | M] - 13590 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
First 25 entries...
Reset Hosts
127.0.0.1 localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{0347C33E-8762-4905-BF09-768834316C61} [HKLM] -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [HP Print Enhancer] -> [2009/10/22 05:29:58 | 000,328,248 | ---- | M] (Hewlett-Packard Co.)
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2010/04/03 19:36:42 | 000,075,200 | ---- | M] (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Browser Helper] -> [2009/02/12 15:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2009/01/14 21:03:38 | 000,320,920 | ---- | M] (Sun Microsystems, Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/01/14 21:03:37 | 000,034,816 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/01/14 21:03:38 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.)
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} [HKLM] -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [HP Smart BHO Class] -> [2009/10/22 05:29:56 | 000,517,688 | ---- | M] (Hewlett-Packard Co.)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" [HKLM] -> C:\WINDOWS\system32\browseui.dll [&Address] -> [2008/04/13 20:11:50 | 001,025,024 | ---- | M] (Microsoft Corporation)
WebBrowser\\"{0E5CBF21-D15F-11D0-8301-00AA005B4383}" [HKLM] -> C:\WINDOWS\system32\shell32.dll [&Links] -> [2008/06/17 15:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation)
WebBrowser\\"{10134636-E7AF-4AC5-A1DC-C7C44BB97D81}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Adobe ARM" -> C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe ["C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"] -> [2010/03/24 14:17:47 | 000,952,768 | ---- | M] (Adobe Systems Incorporated)
"Adobe Reader Speed Launcher" -> C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe ["C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"] -> [2010/04/04 01:42:51 | 000,036,272 | ---- | M] (Adobe Systems Incorporated)
< Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"DWQueuedReporting" -> C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE ["C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t] -> [2008/11/04 01:44:24 | 000,435,096 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"DWQueuedReporting" -> C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE ["C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t] -> [2008/11/04 01:44:24 | 000,435,096 | ---- | M] (Microsoft Corporation)
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> 
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< Austin Startup Folder > -> C:\Documents and Settings\Austin\Start Menu\Programs\Startup -> 
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< Software Policy Settings [HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004] > -> HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel\HomePage
\Control Panel\HomePage\\"" ->  [0] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
\\"NoSetActiveDesktop" ->  [0] -> File not found
\\"NoActiveDesktopChanges" ->  [0] -> File not found
\\"NoFolderOptions" ->  [0] -> File not found
\\"NoRun" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
\\"DisableTaskMgr" ->  [0] -> File not found
\\"DisableRegistryTools" ->  [0] -> File not found
\\"DisableCMD" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\dontdisplaylastusername
\dontdisplaylastusername\\"" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004] > -> HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
\\"NoSetActiveDesktop" ->  [0] -> File not found
\\"NoActiveDesktopChanges" ->  [0] -> File not found
\\"NoFolderOptions" ->  [0] -> File not found
\\"NoRun" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004] > -> HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"DisableTaskMgr" ->  [0] -> File not found
\\"DisableRegistryTools" ->  [0] -> File not found
\\"DisableCMD" ->  [0] -> File not found
HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\DisableRegistryTools
\DisableRegistryTools\\"" ->  [0] -> File not found
HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\DisableRegistryTools\ShowInfoTip
\DisableRegistryTools\ShowInfoTip\\"" ->  [0] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\Software\Microsoft\Internet Explorer\MenuExt\ -> 
&Search ->  [?p=ZLfox000] -> File not found
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000] -> [2010/01/15 01:57:10 | 018,343,272 | ---- | M] (Microsoft Corporation)
Search Current News ->  [file://\program files\powershell-xp3\search5.htm] -> File not found
Search Encyclopedia ->  [file://\program files\powershell-xp3\search4.htm] -> File not found
Search for Images ->  [file://\program files\powershell-xp3\search3.htm] -> File not found
Search Newsgroups ->  [file://\program files\powershell-xp3\search2.htm] -> File not found
Search the Web ->  [file://\program files\powershell-xp3\search.htm] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2009/02/26 19:45:52 | 000,603,040 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2009/02/26 19:45:52 | 000,603,040 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2009/03/06 04:04:56 | 000,039,464 | ---- | M] (Microsoft Corporation)
{DDE87865-83C5-48c4-8357-2F5B1AA84522}:{DDE87865-83C5-48c4-8357-2F5B1AA84522} [HKLM] -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [Button: Show or hide HP Smart Web Printing] -> [2009/10/22 05:29:56 | 000,517,688 | ---- | M] (Hewlett-Packard Co.)
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 000,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 20:12:28 | 001,695,232 | -HS- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 20:12:28 | 001,695,232 | -HS- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 001,695,232 | -HS- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 001,695,232 | -HS- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> C:\WINDOWS\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 19:26:26 | 000,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{2670000A-7350-4f3c-8081-5663EE0C6C49}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Send to OneNote] -> [2009/02/26 19:45:52 | 000,603,040 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2009/03/06 04:04:56 | 000,039,464 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 000,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 001,695,232 | -HS- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6997 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6996 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6996 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7446 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 55 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{0CCA191D-13A6-4E29-B746-314DEE697D83} [HKLM] -> http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab [Facebook Photo Uploader 5 Control] -> 
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://go.microsoft.com/fwlink/?linkid=48835 [Windows Genuine Advantage Validation Tool] -> 
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} [HKLM] -> http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab [Symantec AntiVirus scanner] -> 
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} [HKLM] -> http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab [MSN Photo Upload Tool] -> 
{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} [HKLM] -> http://upload.facebook.com/controls/FacebookPhotoUploader3.cab [Facebook Photo Uploader 4 Control] -> 
{5ED80217-570B-4DA9-BF44-BE107C0EC166} [HKLM] -> http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab [Windows Live Safety Center Base Module] -> 
{5F8469B4-B055-49DD-83F7-62B522420ECC} [HKLM] -> http://upload.facebook.com/controls/FacebookPhotoUploader.cab [Facebook Photo Uploader Control] -> 
{644E432F-49D3-41A1-8DD5-E099162EEEC5} [HKLM] -> http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab [Symantec RuFSI Utility Class] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141655441157 [MUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab [Reg Error: Key error.] -> 
{B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} [HKLM] -> http://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab [Enlite 2.x Simulation Engine Installer] -> 
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab [Reg Error: Key error.] -> 
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab [Reg Error: Key error.] -> 
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab [Java Plug-in 1.5.0_06] -> 
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] -> 
{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} [HKLM] ->  [Reg Error: Value error.] -> 
{F04A8AE2-A59D-11D2-8792-00C04F8EF29D} [HKLM] -> http://by108fd.bay108.hotmail.msn.com/activex/HMAtchmt.ocx [Hotmail Attachments Control] -> 
{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} [HKLM] -> https://secure.logmein.com/activex/ractrl.cab?lmi=100 [Performance Viewer Activex Control] -> 
DirectAnimation Java Classes [HKLM] -> file://C:\WINDOWS\Java\classes\dajava.cab [Reg Error: Key error.] -> 
Microsoft XML Parser for Java [HKLM] -> file://C:\WINDOWS\Java\classes\xmldso.cab [Reg Error: Key error.] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 97.64.180.150 97.64.179.254 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{C2391CA8-EFBF-496A-BC08-1B7F59F0D73D}\\DhcpNameServer -> 97.64.180.150 97.64.179.254   (Linksys Wireless-G PCI Adapter) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> C:\WINDOWS\system32\userinit.exe -> [2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
logonui.exe -> C:\WINDOWS\System32\logonui.exe -> [2008/04/13 20:12:24 | 000,514,560 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> C:\WINDOWS\System32\shell32.dll -> [2008/06/17 15:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation)
Control_RunDLL "sysdm.cpl" -> C:\WINDOWS\System32\sysdm.cpl -> [2008/04/13 20:12:41 | 000,300,544 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
AtiExtEvent -> C:\WINDOWS\System32\ati2evxx.dll -> [2006/05/03 12:44:54 | 000,061,440 | ---- | M] (ATI Technologies Inc.)
crypt32chain -> C:\WINDOWS\System32\crypt32.dll -> [2008/04/13 20:11:51 | 000,599,040 | ---- | M] (Microsoft Corporation)
cryptnet -> C:\WINDOWS\System32\cryptnet.dll -> [2008/04/13 20:11:51 | 000,064,512 | ---- | M] (Microsoft Corporation)
cscdll -> C:\WINDOWS\System32\cscdll.dll -> [2008/04/13 20:11:51 | 000,101,888 | ---- | M] (Microsoft Corporation)
dimsntfy -> C:\WINDOWS\system32\dimsntfy.dll -> [2008/04/13 20:11:52 | 000,019,456 | ---- | M] (Microsoft Corporation)
igfxcui -> C:\WINDOWS\System32\igfxsrvc.dll -> [2005/10/19 09:59:14 | 000,348,160 | ---- | M] (Intel Corporation)
ScCertProp -> C:\WINDOWS\System32\wlnotify.dll -> [2008/04/13 20:12:09 | 000,092,672 | ---- | M] (Microsoft Corporation)
Schedule -> C:\WINDOWS\System32\wlnotify.dll -> [2008/04/13 20:12:09 | 000,092,672 | ---- | M] (Microsoft Corporation)
sclgntfy -> C:\WINDOWS\System32\sclgntfy.dll -> [2008/04/13 20:12:05 | 000,020,480 | ---- | M] (Microsoft Corporation)
SensLogn -> C:\WINDOWS\System32\wlnotify.dll -> [2008/04/13 20:12:09 | 000,092,672 | ---- | M] (Microsoft Corporation)
termsrv -> C:\WINDOWS\System32\wlnotify.dll -> [2008/04/13 20:12:09 | 000,092,672 | ---- | M] (Microsoft Corporation)
WgaLogon -> C:\WINDOWS\System32\WgaLogon.dll -> [2006/06/19 16:20:42 | 000,702,768 | ---- | M] (Microsoft Corporation)
wlballoon -> C:\WINDOWS\System32\wlnotify.dll -> [2008/04/13 20:12:09 | 000,092,672 | ---- | M] (Microsoft Corporation)
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{fbeb8a05-beee-4442-804e-409d6c4515e9}" [HKLM] -> C:\WINDOWS\system32\shell32.dll [CDBurn] -> [2008/06/17 15:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation)
"{7849596a-48ea-486e-8937-a2a3009f31a9}" [HKLM] -> C:\WINDOWS\system32\shell32.dll [PostBootReminder] -> [2008/06/17 15:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation)
"{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKLM] -> C:\WINDOWS\system32\stobject.dll [SysTray] -> [2008/04/13 20:12:07 | 000,121,856 | ---- | M] (Microsoft Corporation)
"{e57ce738-33e8-4c51-8354-bb4de9d215d1}" [HKLM] -> C:\WINDOWS\system32\upnpui.dll [UPnPMonitor] -> [2008/04/13 20:12:08 | 000,239,616 | ---- | M] (Microsoft Corporation)
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> C:\WINDOWS\system32\webcheck.dll [WebCheck] -> [2009/03/08 04:34:48 | 000,236,544 | ---- | M] (Microsoft Corporation)
"{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKLM] -> C:\WINDOWS\system32\WPDShServiceObj.dll [WPDShServiceObj] -> [2006/10/18 22:47:22 | 000,133,632 | ---- | M] (Microsoft Corporation)
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler -> 
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}" [HKLM] -> C:\WINDOWS\system32\browseui.dll [Browseui preloader] -> [2008/04/13 20:11:50 | 001,025,024 | ---- | M] (Microsoft Corporation)
"{8C7461EF-2B13-11d2-BE35-3078302C2030}" [HKLM] -> C:\WINDOWS\system32\browseui.dll [Component Categories cache daemon] -> [2008/04/13 20:11:50 | 001,025,024 | ---- | M] (Microsoft Corporation)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}" [HKLM] -> C:\WINDOWS\System32\shell32.dll [] -> [2008/06/17 15:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation)
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Stub Execution Hook] -> [2009/02/12 15:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation)
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}" [HKLM] -> Reg Error: Key error. [Eudora's Shell Extension] -> File not found
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
msapsspc.dll -> C:\WINDOWS\System32\msapsspc.dll -> [2008/04/13 20:11:58 | 000,086,016 | ---- | M] (Microsoft Corporation)
schannel.dll -> C:\WINDOWS\System32\schannel.dll -> [2009/06/25 04:25:26 | 000,147,456 | ---- | M] (Microsoft Corporation)
digest.dll -> C:\WINDOWS\System32\digest.dll -> [2008/04/13 20:11:52 | 000,068,608 | ---- | M] (Microsoft Corporation)
msnsspc.dll -> C:\WINDOWS\System32\msnsspc.dll -> [2008/04/13 20:12:00 | 000,290,816 | ---- | M] (Microsoft Corporation)
digiwet.dll ->  -> File not found
*MultiFile Done* -> -> 
< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
*LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> C:\WINDOWS\System32\msv1_0.dll -> [2009/09/11 10:18:39 | 000,136,192 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< LSA Security Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
*LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> C:\WINDOWS\System32\kerberos.dll -> [2009/06/25 04:25:26 | 000,301,568 | ---- | M] (Microsoft Corporation)
msv1_0 -> C:\WINDOWS\System32\msv1_0.dll -> [2009/09/11 10:18:39 | 000,136,192 | ---- | M] (Microsoft Corporation)
schannel -> C:\WINDOWS\System32\schannel.dll -> [2009/06/25 04:25:26 | 000,147,456 | ---- | M] (Microsoft Corporation)
wdigest -> C:\WINDOWS\System32\wdigest.dll -> [2009/06/25 04:25:26 | 000,054,272 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 14:53:32 | 000,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 20:12:34 | 000,141,312 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 14:53:32 | 000,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 20:12:34 | 000,141,312 | ---- | M] (Microsoft Corporation)
"C:\Documents and Settings\Austin\Application Data\mjusbsp\magicJack.exe" -> C:\Documents and Settings\Austin\Application Data\mjusbsp\magicJack.exe [C:\Documents and Settings\Austin\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack] -> [2009/08/01 12:13:44 | 012,231,512 | ---- | M] (magicJack L.P.)
"C:\Documents and Settings\Austin\Desktop\uTorrent.exe" -> C:\Documents and Settings\Austin\Desktop\uTorrent.exe [C:\Documents and Settings\Austin\Desktop\uTorrent.exe:*:Enabled:µTorrent] -> File not found
"C:\Documents and Settings\Austin\Local Settings\Temporary Internet Files\Content.IE5\JX7LFDX1\Conquer_v5039_10_BC[1].exe" -> C:\Documents and Settings\Austin\Local Settings\Temporary Internet Files\Content.IE5\JX7LFDX1\Conquer_v5039_10_BC[1].exe [C:\Documents and Settings\Austin\Local Settings\Temporary Internet Files\Content.IE5\JX7LFDX1\Conquer_v5039_10_BC[1].exe:*:Enabled:BitCometLite] -> File not found
"C:\Documents and Settings\Austin\Shared\Microsoft - Age of Empires 3 (Full PC Game)\Empire Earth.exe" -> C:\Documents and Settings\Austin\Shared\Microsoft - Age of Empires 3 (Full PC Game)\Empire Earth.exe [C:\Documents and Settings\Austin\Shared\Microsoft - Age of Empires 3 (Full PC Game)\Empire Earth.exe:*:Disabled:Empire Earth] -> File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2010/02/12 11:46:12 | 000,345,376 | ---- | M] (Apple Inc.)
"C:\Program Files\IncrediMail\bin\ImApp.exe" -> C:\Program Files\IncrediMail\bin\ImApp.exe [C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail] -> File not found
"C:\Program Files\IncrediMail\bin\ImLc.exe" -> C:\Program Files\IncrediMail\bin\ImLc.exe [C:\Program Files\IncrediMail\bin\ImLc.exe:*:Enabled:Letter Creator] -> File not found
"C:\Program Files\IncrediMail\bin\ImLpp.exe" -> C:\Program Files\IncrediMail\bin\ImLpp.exe [C:\Program Files\IncrediMail\bin\ImLpp.exe:*:Enabled:ImLpp] -> File not found
"C:\Program Files\IncrediMail\bin\ImNotfy.exe" -> C:\Program Files\IncrediMail\bin\ImNotfy.exe [C:\Program Files\IncrediMail\bin\ImNotfy.exe:*:Enabled:ImNotfy] -> File not found
"C:\Program Files\IncrediMail\bin\ImPackr.exe" -> C:\Program Files\IncrediMail\bin\ImPackr.exe [C:\Program Files\IncrediMail\bin\ImPackr.exe:*:Enabled:ImPackr] -> File not found
"C:\Program Files\IncrediMail\bin\ImpCnt.exe" -> C:\Program Files\IncrediMail\bin\ImpCnt.exe [C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail] -> File not found
"C:\Program Files\IncrediMail\bin\ImSetup.exe" -> C:\Program Files\IncrediMail\bin\ImSetup.exe [C:\Program Files\IncrediMail\bin\ImSetup.exe:*:Enabled:ImSetup] -> File not found
"C:\Program Files\IncrediMail\bin\IncMail.exe" -> C:\Program Files\IncrediMail\bin\IncMail.exe [C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail] -> File not found
"C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe" -> C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe [C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe:*:Enabled:IncrediMail_Install] -> File not found
"C:\Program Files\Internet Explorer\iexplore.exe" -> C:\Program Files\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer] -> [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2010/03/26 01:09:58 | 010,358,568 | ---- | M] (Apple Inc.)
"C:\Program Files\Java\jre6\bin\javaw.exe" -> C:\Program Files\Java\jre6\bin\javaw.exe [C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary] -> [2009/01/14 21:03:36 | 000,144,792 | ---- | M] (Sun Microsystems, Inc.)
"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" -> C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe [C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe:*:Enabled:Ad-Aware SE Personal] -> File not found
"C:\Program Files\LimeWire\LimeWire.exe" -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire PRO 4.18.8] -> File not found
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" -> C:\Program Files\Microsoft Office\Office12\GROOVE.EXE [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove] -> [2009/02/14 06:03:18 | 000,337,264 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" -> C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> [2009/02/26 15:24:50 | 001,001,840 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> [2009/08/17 22:54:54 | 012,957,536 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox] -> [2010/04/01 13:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" -> C:\Program Files\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> File not found
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [System32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2005/01/17 19:19:51 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
\{5b673ca2-cc98-11de-9ab7-001d7e0e68e9}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5b673ca2-cc98-11de-9ab7-001d7e0e68e9}\Shell\AutoRun
\{5b673ca2-cc98-11de-9ab7-001d7e0e68e9}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5b673ca2-cc98-11de-9ab7-001d7e0e68e9}\Shell\AutoRun\command
\{5b673ca2-cc98-11de-9ab7-001d7e0e68e9}\Shell\AutoRun\command\\"" -> G:\autorun.exe [G:\autorun.exe] -> File not found
\{5b673ca2-cc98-11de-9ab7-001d7e0e68e9}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5b673ca2-cc98-11de-9ab7-001d7e0e68e9}\Shell\phone\command
\{5b673ca2-cc98-11de-9ab7-001d7e0e68e9}\Shell\phone\command\\"" -> G:\autorun.exe [G:\autorun.exe] -> File not found
\{6229fbcb-3d56-11de-9a55-001d7e0e68e9}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6229fbcb-3d56-11de-9a55-001d7e0e68e9}\Shell\AutoRun\command
\{6229fbcb-3d56-11de-9a55-001d7e0e68e9}\Shell\AutoRun\command\\"" -> F:\StartPortableApps.exe [F:\StartPortableApps.exe] -> File not found
\{6ef4fbdd-4d53-11dd-99f6-000bdbb6235b}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ef4fbdd-4d53-11dd-99f6-000bdbb6235b}\Shell\AutoRun\command
\{6ef4fbdd-4d53-11dd-99f6-000bdbb6235b}\Shell\AutoRun\command\\"" -> F:\rcaeasyrip_setup.exe [F:\rcaeasyrip_setup.exe] -> File not found
\{6ef4fbdd-4d53-11dd-99f6-000bdbb6235b}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ef4fbdd-4d53-11dd-99f6-000bdbb6235b}\Shell\install\command
\{6ef4fbdd-4d53-11dd-99f6-000bdbb6235b}\Shell\install\command\\"" -> F:\rcaeasyrip_setup.exe [F:\rcaeasyrip_setup.exe] -> File not found
\{6ef4fbdd-4d53-11dd-99f6-000bdbb6235b}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ef4fbdd-4d53-11dd-99f6-000bdbb6235b}\Shell\usermanualEnglish\command
\{6ef4fbdd-4d53-11dd-99f6-000bdbb6235b}\Shell\usermanualEnglish\command\\"" -> F:\rcaeasyrip_setup.exe [F:\rcaeasyrip_setup.exe /pdf_English] -> File not found
\{6ef4fbdd-4d53-11dd-99f6-000bdbb6235b}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ef4fbdd-4d53-11dd-99f6-000bdbb6235b}\Shell\usermanualFrench\command
\{6ef4fbdd-4d53-11dd-99f6-000bdbb6235b}\Shell\usermanualFrench\command\\"" -> F:\rcaeasyrip_setup.exe [F:\rcaeasyrip_setup.exe /pdf_French] -> File not found
\{6ef4fbdd-4d53-11dd-99f6-000bdbb6235b}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ef4fbdd-4d53-11dd-99f6-000bdbb6235b}\Shell\usermanualSpanish\command
\{6ef4fbdd-4d53-11dd-99f6-000bdbb6235b}\Shell\usermanualSpanish\command\\"" -> F:\rcaeasyrip_setup.exe [F:\rcaeasyrip_setup.exe /pdf_Spanish] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\SOFTWARE\Classes\<extension>\ -> 
.exe [@ = exefile] -> Reg Error: Key error. -> File not found
 
[Registry - Additional Scans - Safe List]
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ -> 
0 -> [Key] -> 
0 -> FriendlyName = My Current Home Page -> 
0 -> Source = About:Home -> 
0 -> SubscribedURL = About:Home -> 
< Desktop WallPaper > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General -> 
WallPaper -> C:\Documents and Settings\Austin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp -> 
BackupWallPaper -> C:\Documents and Settings\Austin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp -> 
< Disabled MSConfig Services [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services -> 
"Apple Mobile Device" -> -> 
"Ati HotKey Poller" -> -> 
"ATI Smart" -> -> 
"avg8wd" -> -> 
"Bonjour Service" -> -> 
"Creative Service for CDROM Access" -> -> 
"gusvc" -> -> 
"IDriverT" -> -> 
"iPod Service" -> -> 
"JavaQuickStarterService" -> -> 
"Microsoft Office Groove Audit Service" -> -> 
"odserv" -> -> 
"ose" -> -> 
"SamSsRDSessMgr" -> -> 
"WMP54Gv4SVC" -> -> 
"WMPNetworkSvc" -> -> 
"ZuneNetworkSvc" -> -> 
< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ -> 
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk -> C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE -> File not found
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe -> [2007/10/14 20:38:52 | 000,214,360 | ---- | M] (Hewlett-Packard Co.)
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk -> C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe -> [2002/12/17 18:23:32 | 000,074,308 | ---- | M] (Microsoft Corporation)
C:^Documents and Settings^Austin^Start Menu^Programs^Startup^Disk Cleaner.lnk -> C:\Program Files\Disk Cleaner\dclean.exe -> [2005/01/28 10:05:12 | 000,209,920 | ---- | M] ()
C:^Documents and Settings^Austin^Start Menu^Programs^Startup^LimeWire On Startup.lnk -> C:\PROGRA~1\LimeWire\LimeWire.exe -> File not found
C:^Documents and Settings^Austin^Start Menu^Programs^Startup^Palm Registration.lnk -> C:\Program Files\Palm\register.exe -> [2006/11/09 18:31:25 | 002,494,464 | ---- | M] (Palm/Leader Technologies)
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> 
AS00_Netgear hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe -> [2003/05/16 14:59:24 | 000,389,120 | ---- | M] ()
ATICCC hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\ATI Technologies\ATI.ACE\cli.exe -> [2006/01/02 16:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.)
ATIPTA hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe -> File not found
AVG7_CC hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe -> File not found
AVG7_EMC hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe -> File not found
AVG8_TRAY hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\PROGRA~1\AVG\AVG8\avgtray.exe -> File not found
BCMSMMSG hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\WINDOWS\BCMSMMSG.exe -> [2003/08/29 05:59:24 | 000,122,880 | ---- | M] (Broadcom Corporation)
cdloader hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Documents and Settings\Austin\Application Data\mjusbsp\cdloader2.exe -> [2009/08/01 12:11:28 | 000,050,520 | ---- | M] (magicJack L.P.)
ctfmon.exe hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
CTSysVol hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe -> File not found
Easy Dock hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
ezLife hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
gcasServ hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Microsoft AntiSpyware\gcasServ.exe -> File not found
GrooveMonitor hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe -> [2008/10/25 11:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation)
HotKeysCmds hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
HP Software Update hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\HP\HP Software Update\hpwuSchd2.exe -> [2007/10/14 21:17:32 | 000,049,152 | ---- | M] (Hewlett-Packard)
hpqSRMon hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe -> [2008/08/20 10:54:08 | 000,150,016 | ---- | M] (Hewlett-Packard)
HydraVisionDesktopManager hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe -> File not found
IgfxTray hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
IntelliPoint hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Microsoft IntelliPoint\ipoint.exe -> [2007/02/05 19:52:10 | 000,849,280 | ---- | M] (Microsoft Corporation)
iTunesHelper hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\iTunes\iTunesHelper.exe -> [2010/03/26 01:10:02 | 000,142,120 | ---- | M] (Apple Inc.)
MSSE hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Microsoft Security Essentials\msseces.exe -> [2010/02/21 06:03:12 | 001,093,208 | ---- | M] (Microsoft Corporation)
NapsterShell hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Napster\napster.exe -> File not found
P17Helper hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
PromoReg hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\WINDOWS\Temp\wpv771242765100.exe -> File not found
QuickTime Task hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\QuickTime\qttask.exe -> [2010/03/17 21:53:36 | 000,421,888 | ---- | M] (Apple Inc.)
SunJavaUpdateSched hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Java\jre6\bin\jusched.exe -> [2009/01/14 21:03:37 | 000,136,600 | ---- | M] (Sun Microsystems, Inc.)
sysldtray hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\windows\ld08.exe -> File not found
TkBellExe hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\Real\Update_OB\realsched.exe -> [2005/07/09 13:36:38 | 000,180,269 | ---- | M] (RealNetworks, Inc.)
UpdReg hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\WINDOWS\Updreg.EXE -> [2000/05/11 02:00:00 | 000,090,112 | ---- | M] (Creative Technology Ltd.)
USRpdA hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
WMPNSCFG hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Windows Media Player\wmpnscfg.exe -> [2006/10/18 21:05:26 | 000,204,288 | ---- | M] (Microsoft Corporation)
Zune Launcher hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> c:\Program Files\Zune\ZuneLauncher.exe -> File not found
< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> 
"bootini" -> 0 -> 
"services" -> 2 -> 
"startup" -> 2 -> 
"system.ini" -> 0 -> 
"win.ini" -> 0 -> 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
6to4 ->  -> File not found
Ias -> C:\WINDOWS\system32\ias -> [2005/01/17 19:19:27 | 000,000,000 | ---D | M]
Iprip -> C:\WINDOWS\system32\iprip.dll -> [2008/04/13 20:11:55 | 000,035,328 | ---- | M] (Microsoft Corporation)
Irmon ->  -> File not found
NWCWorkstation ->  -> File not found
Nwsapagent ->  -> File not found
Wmi -> C:\WINDOWS\system32\wmi.dll -> [2008/04/13 20:11:15 | 000,005,632 | ---- | M] (Microsoft Corporation)
WmdmPmSp ->  -> File not found
*MultiFile Done* -> -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
batfile [open] -> "%1" %* -> 
cmdfile [open] -> "%1" %* -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
htmlfile [edit] -> "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 -> [2008/11/10 10:50:30 | 000,068,472 | ---- | M] (Microsoft Corporation)
htmlfile [print] -> "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 -> [2008/11/10 10:50:30 | 000,068,472 | ---- | M] (Microsoft Corporation)
piffile [open] -> "%1" %* -> 
scrfile [config] -> "%1" -> 
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2008/04/13 20:12:41 | 000,135,168 | ---- | M] (Microsoft Corporation)
scrfile [open] -> "%1" /S -> 
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> 
Directory [Backup this Folder] -> xcopy %1 /e /i /h /y \PowerShell-XP3-Backups -> [2008/04/13 20:12:41 | 000,030,720 | ---- | M] (Microsoft Corporation)
Directory [Dos Prompt] -> cmd.exe /k cd %1 -> [2008/04/13 20:12:14 | 000,389,120 | ---- | M] (Microsoft Corporation)
Directory [find] -> %SystemRoot%\Explorer.exe -> [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
Directory [OneNote.Open] -> C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" -> [2009/02/26 15:24:50 | 001,001,840 | ---- | M] (Microsoft Corporation)
Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
Drive [find] -> %SystemRoot%\Explorer.exe -> [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} -> Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
{0CE5F45E-F6CC-4638-B0DD-BB7F6EF56713} -> HP Deskjet D1500 Printer Driver Software 10.0 Rel .3
{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9} -> Microsoft IntelliPoint 6.1
{0F7C2E47-089E-4d23-B9F7-39BE00100776} -> Toolbox
{11B83AD3-7A46-4C2E-A568-9505981D4C6F} -> HP Update
{18669FF9-C8FE-407a-9F70-E674896B1DB4} -> GPBaseService
{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5} -> Sound Blaster Audigy
{205A5182-EFC8-4C25-B61D-C164F8FF4048} -> BlackBerry Desktop Software 5.0.1
{26A24AE4-039D-4CA4-87B4-2F83216011FF} -> Java(TM) 6 Update 11
{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD} -> QuickTime
{305468A6-DE2D-43ba-A168-2F45A97A89DA} -> DJ_SF_03_D1500_Software_Min
{3248F0A8-6813-11D6-A77B-00B0D0150020} -> J2SE Runtime Environment 5.0 Update 2
{3248F0A8-6813-11D6-A77B-00B0D0150050} -> J2SE Runtime Environment 5.0 Update 5
{3248F0A8-6813-11D6-A77B-00B0D0150060} -> J2SE Runtime Environment 5.0 Update 6
{34BFB099-07B2-4E95-A673-7362D60866A2} -> PSSWCORE
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP
{3700194C-C5DD-439A-BE06-A66960CA4C70} -> MSVCSetup
{38436888-9EAA-4cec-A56F-65B73D9D423C} -> D1500
{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4} -> SolutionCenter
{4DDC3BED-CC68-44AA-B435-D727B620CA5B} -> Linksys Wireless-G PCI Adapter
{52504CE6-E909-4113-B232-4AFEC6543A61} -> Broadcom 440x 10/100 Integrated Controller
{52A69E11-7CEB-4a7d-9607-68BA4F39A89B} -> DeviceDiscovery
{553255F3-78FD-40F1-A6F8-6882140265FE} -> Apple Application Support
{5ACE69F0-A3E8-44eb-88C1-0A841E700180} -> TrayApp
{63569CE9-FA00-469C-AF5C-E5D4D93ACF91} -> Windows Genuine Advantage v1.3.0254.0
{63FF21C9-A810-464F-B60A-3111747B1A6D} -> GPBaseService2
{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8} -> eSupportQFolder
{681B698F-C997-42C3-B184-B489C6CA24C9} -> HPPhotoSmartDiscLabelContent1
{687FEF8A-8597-40b4-832C-297EA3F35817} -> BufferChm
{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314} -> BlackBerry® Media Sync
{6956856F-B6B3-4BE0-BA0B-8F495BE32033} -> Apple Software Update
{6AA134D3-1B9F-448C-8AED-353F14E2C6A1} -> WinWay Resume Deluxe
{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15} -> CustomerResearchQFolder
{7299052b-02a4-4627-81f2-1818da5d550d} -> Microsoft Visual C++ 2005 Redistributable
{76BC2442-0002-47FA-9617-43BAD82BEF4C} -> Bonjour
{770657D0-A123-3C07-8E44-1C83EC895118} -> Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90} -> WebEx Support Manager for Internet Explorer
{82C113AD-486F-4bd5-A2EA-2383AF57D084} -> D1500_Help
{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} -> Microsoft Silverlight
{8A3AD1DE-FC3D-4005-9D96-AC3E598129BE} -> DFX 8 for Windows Media Player
{8A708DD8-A5E6-11D4-A706-000629E95E20} -> Intel(R) Extreme Graphics Driver
{8A85DEAD-7C1F-4368-881C-72AC74CB2E91} -> UnloadSupport
{8B0DE76D-7663-40DA-9926-D61152E6DC74} -> BlackBerry Device Software v5.0.0 for the BlackBerry 9630 smartphone
{8B8240B3-891D-4965-AA51-8799622D44FF} -> DJ_SF_03_D1500_ProductContext
{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A} -> SmartWebPrinting
{90120000-0010-0409-0000-0000000FF1CE} -> Microsoft Software Update for Web Folders  (English) 12
{90120000-0015-0409-0000-0000000FF1CE} -> Microsoft Office Access MUI (English) 2007
{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0016-0409-0000-0000000FF1CE} -> Microsoft Office Excel MUI (English) 2007
{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0018-0409-0000-0000000FF1CE} -> Microsoft Office PowerPoint MUI (English) 2007
{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0019-0409-0000-0000000FF1CE} -> Microsoft Office Publisher MUI (English) 2007
{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-001A-0409-0000-0000000FF1CE} -> Microsoft Office Outlook MUI (English) 2007
{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-001B-0409-0000-0000000FF1CE} -> Microsoft Office Word MUI (English) 2007
{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-001F-0409-0000-0000000FF1CE} -> Microsoft Office Proof (English) 2007
{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045} -> Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
{90120000-001F-040C-0000-0000000FF1CE} -> Microsoft Office Proof (French) 2007
{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787} -> Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
{90120000-001F-0C0A-0000-0000000FF1CE} -> Microsoft Office Proof (Spanish) 2007
{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9} -> Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
{90120000-002C-0409-0000-0000000FF1CE} -> Microsoft Office Proofing (English) 2007
{90120000-0030-0000-0000-0000000FF1CE} -> Microsoft Office Enterprise 2007
{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF} -> Security Update for Microsoft Office system 2007 (972581)
{90120000-0044-0409-0000-0000000FF1CE} -> Microsoft Office InfoPath MUI (English) 2007
{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-006E-0409-0000-0000000FF1CE} -> Microsoft Office Shared MUI (English) 2007
{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-00A1-0409-0000-0000000FF1CE} -> Microsoft Office OneNote MUI (English) 2007
{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-00BA-0409-0000-0000000FF1CE} -> Microsoft Office Groove MUI (English) 2007
{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0114-0409-0000-0000000FF1CE} -> Microsoft Office Groove Setup Metadata MUI (English) 2007
{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0115-0409-0000-0000000FF1CE} -> Microsoft Office Shared Setup Metadata MUI (English) 2007
{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0117-0409-0000-0000000FF1CE} -> Microsoft Office Access Setup Metadata MUI (English) 2007
{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{9077253B-FBE9-416A-8D7A-9A58C2E83B39} -> NETGEAR Wireless PCI Adapter
{930439A1-B49E-4A54-A499-31BDC1A91DE5} -> Shockwave Player
{95120000-00B9-0409-0000-0000000FF1CE} -> Microsoft Application Error Reporting
{95120000-0122-0409-0000-0000000FF1CE} -> Microsoft Office Outlook Connector
{996A2FAA-7514-4628-9D12-A8FC34A0016E} -> iTunes
{9A25302D-30C0-39D9-BD6F-21E6EC160475} -> Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81} -> Status
{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} -> Microsoft .NET Framework 3.0 Service Pack 2
{AB5D51AE-EBC3-438D-872C-705C7C2084B0} -> DeviceManagementQFolder
{AC76BA86-7AD7-1033-7B44-A93000000001} -> Adobe Reader 9.3.2
{B1421599-A42D-47ef-B512-B9B0317BD599} -> DJ_SF_03_D1500_Software
{B37C842A-B624-46B8-A727-654E72F1C91A} -> Calculator Powertoy for Windows XP
{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 -> Spybot - Search & Destroy
{B5C3B892-0849-476C-9F46-B12F84819D57} -> Apple Mobile Device Support
{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF} -> HPSSupply
{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD} -> Creative MediaSource 5
{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} -> Microsoft .NET Framework 2.0 Service Pack 2
{C43326F5-F135-4551-8270-7F7ABA0462E1} -> HPProductAssistant
{C4C843CE-5851-41BC-A17B-E158B996B50D} -> Diskeeper 2010 Pro Premier
{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1
{CCB9B81A-167F-4832-B305-D2A0430840B3} -> WebReg
{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} -> Microsoft .NET Framework 3.5 SP1
{D2E0F0CC-6BE0-490b-B08B-9267083E34C9} -> MarketResearch
{D78653C3-A8FF-415F-92E6-D774E634FF2D} -> Dell ResourceCD
{D79113E7-274C-470B-BD46-01B10219DF6A} -> HPPhotosmartEssential
{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC} -> VideoToolkit01
{E09B48B5-E141-427A-AB0C-D3605127224A} -> Microsoft SQL Server Desktop Engine (SOSHOME22)
{E3E71D07-CD27-46CB-8448-16D4FB29AA13} -> Microsoft WSE 3.0 Runtime
{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01} -> Microsoft Antimalware
{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B} -> ATI Catalyst Control Center
{EF98A02A-1748-4762-9B7D-5ED1600520D5} -> Microsoft Security Essentials
{F0A37341-D692-11D4-A984-009027EC0A9C} -> SoundMAX
{F251B999-08A9-4704-999C-9962F0DFD88E} -> Virtual Desktop Manager Powertoy for Windows XP
{F333A33D-125C-32A2-8DCE-5C5D14231E27} -> Visual C++ 2008 x86 Runtime - (v9.0.30729)
{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01 -> Visual C++ 2008 x86 Runtime - v9.0.30729.01
{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B} -> Windows Media Connect
{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F} -> HighMAT Extension to Microsoft Windows XP CD Writing Wizard
Adobe Flash Player ActiveX -> Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin -> Adobe Flash Player 10 Plugin
All ATI Software -> ATI - Software Uninstall Utility
ATI Display Driver -> ATI Display Driver
AVI Codec Pack -> AVI Codec Pack
BCM V.92 56K Modem -> BCM V.92 56K Modem
BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048} -> BlackBerry Desktop Software 5.0.1
CCleaner -> CCleaner
COREDOC 3.1 -> Remove COREDOC 3.1
Creative Software AutoUpdate -> Creative Software AutoUpdate
daqyepiicmdulgdq -> RON Too1 Gooochi
Digital Copy -> Digital Copy
DiskCleaner -> Disk Cleaner (remove only)
DriverAgent.exe -> DriverAgent by eSupport.com
ENTERPRISE -> Microsoft Office Enterprise 2007
ezLife -> ezLife browser enhancer
G-Force -> G-Force
HijackThis -> HijackThis 2.0.2
HP Imaging Device Functions -> HP Imaging Device Functions 10.0
HP Photosmart Essential -> HP Photosmart Essential 3.5
HP Smart Web Printing -> HP Smart Web Printing 4.60
HP Solution Center & Imaging Support Tools -> HP Solution Center 13.0
HPExtendedCapabilities -> HP Customer Participation Program 10.0
IDNMitigationAPIs -> Microsoft Internationalized Domain Names Mitigation APIs
ie7 -> Windows Internet Explorer 7
ie8 -> Windows Internet Explorer 8
InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61} -> Broadcom 440x 10/100 Integrated Controller
InterActual Player -> InterActual Player
Microsoft .NET Framework 1.1  (1033) -> Microsoft .NET Framework 1.1
Microsoft .NET Framework 3.5 SP1 -> Microsoft .NET Framework 3.5 SP1
Microsoft Security Essentials -> Microsoft Security Essentials
Mozilla Firefox (3.6.3) -> Mozilla Firefox (3.6.3)
MP3 Rocket -> MP3 Rocket
MSCompPackV1 -> Microsoft Compression Client Pack 1.0 for Windows XP
NLSDownlevelMapping -> Microsoft National Language Support Downlevel APIs
PowerShell-XP3 -> PowerShell-XP3
RealPlayer 6.0 -> RealPlayer
Shop for HP Supplies -> Shop for HP Supplies
Smart-Ads-Solutions -> SmartAds browser enhancer
SysInfo -> Creative System Information
VLC media player -> VideoLAN VLC media player 0.8.6d
Wdf01007 -> Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Windows Live Safety Scanner -> Windows Live Safety Scanner
Windows Media Connect -> Windows Media Connect
Windows Media Format Runtime -> Windows Media Format 11 runtime
Windows Media Player -> Windows Media Player 11
Windows XP Service Pack -> Windows XP Service Pack 3
WinRAR archiver -> WinRAR archiver
winusb0100 -> Microsoft WinUsb 1.0
WMFDist11 -> Windows Media Format 11 runtime
wmp11 -> Windows Media Player 11
Wudf01007 -> Microsoft User-Mode Driver Framework Feature Pack 1.7
< Uninstall List [HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
Confidence Online EE -> Confidence Online(tm) for Web Applications
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 4/22/2010 3:14:22 PM Computer Name = AUSTIN | Source = MSSQL$SOSHOME22 | ID = 19011 -> Description = 
Application [ Error ] 4/22/2010 4:12:21 PM Computer Name = AUSTIN | Source = MSSQL$SOSHOME22 | ID = 19011 -> Description = 
Application [ Error ] 4/22/2010 4:22:43 PM Computer Name = AUSTIN | Source = MSSQL$SOSHOME22 | ID = 19011 -> Description = 
Application [ Error ] 4/22/2010 4:39:01 PM Computer Name = AUSTIN | Source = MSSQL$SOSHOME22 | ID = 19011 -> Description = 
Application [ Error ] 4/23/2010 8:03:55 AM Computer Name = AUSTIN | Source = MSSQL$SOSHOME22 | ID = 19011 -> Description = 
Application [ Error ] 4/23/2010 9:10:21 AM Computer Name = AUSTIN | Source = Application Hang | ID = 1002 -> Description = Hanging application firefox.exe, version 1.9.2.3743, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 4/23/2010 10:17:22 AM Computer Name = AUSTIN | Source = Application Hang | ID = 1002 -> Description = Hanging application firefox.exe, version 1.9.2.3743, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 4/23/2010 10:37:58 AM Computer Name = AUSTIN | Source = MSSQL$SOSHOME22 | ID = 19011 -> Description = 
Application [ Error ] 4/23/2010 11:30:37 AM Computer Name = AUSTIN | Source = MSSQL$SOSHOME22 | ID = 19011 -> Description = 
Application [ Error ] 4/23/2010 1:37:12 PM Computer Name = AUSTIN | Source = MSSQL$SOSHOME22 | ID = 19011 -> Description = 
OSession [ Error ] 8/4/2009 8:56:24 PM Computer Name = AUSTIN | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 19 seconds with 0 seconds of active time.  This session ended with a crash.
System [ Error ] 4/23/2010 1:29:56 PM Computer Name = AUSTIN | Source = Service Control Manager | ID = 7001 -> Description = The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:   %%31
System [ Error ] 4/23/2010 1:29:56 PM Computer Name = AUSTIN | Source = Service Control Manager | ID = 7001 -> Description = The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error:   %%31
System [ Error ] 4/23/2010 1:29:56 PM Computer Name = AUSTIN | Source = Service Control Manager | ID = 7001 -> Description = The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:   %%31
System [ Error ] 4/23/2010 1:29:56 PM Computer Name = AUSTIN | Source = Service Control Manager | ID = 7001 -> Description = The Simple TCP/IP Services service depends on the AFD Networking Support Environment service which failed to start because of the following error:   %%31
System [ Error ] 4/23/2010 1:29:56 PM Computer Name = AUSTIN | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load:   AFD  Fips  intelppm  IPSec  MpFilter  MRxSmb  NetBIOS  NetBT  OMCI  RasAcd  Rdbss  Tcpip  Tcpip6  WS2IFSL
System [ Error ] 4/23/2010 1:30:13 PM Computer Name = AUSTIN | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service netman with arguments ""  in order to run the server:  {BA126AE5-2166-11D1-B1D0-00805FC1270E}
System [ Error ] 4/23/2010 1:30:14 PM Computer Name = AUSTIN | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service netman with arguments ""  in order to run the server:  {BA126AE5-2166-11D1-B1D0-00805FC1270E}
System [ Error ] 4/23/2010 1:35:09 PM Computer Name = AUSTIN | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
System [ Error ] 4/23/2010 1:37:25 PM Computer Name = AUSTIN | Source = Service Control Manager | ID = 7000 -> Description = The Zune Bus Enumerator Driver service failed to start due to the following error:   %%2
System [ Error ] 4/23/2010 1:38:47 PM Computer Name = AUSTIN | Source = Service Control Manager | ID = 7022 -> Description = The HP CUE DeviceDiscovery Service service hung on starting.
 
[Files/Folders - Created Within 30 Days]
 OTS.exe -> C:\Documents and Settings\Austin\Desktop\OTS.exe -> [2010/04/23 13:19:06 | 000,638,976 | ---- | C] (OldTimer Tools)
 PIF -> C:\WINDOWS\PIF -> [2010/04/23 13:09:44 | 000,000,000 | -H-D | C]
 Recent -> C:\Documents and Settings\Austin\Recent -> [2010/04/23 13:06:36 | 000,000,000 | RH-D | C]
 CCleaner -> C:\Program Files\CCleaner -> [2010/04/23 12:19:46 | 000,000,000 | ---D | C]
 Backups -> C:\Documents and Settings\Austin\My Documents\Backups -> [2010/04/23 10:54:16 | 000,000,000 | ---D | C]
 NOS -> C:\Documents and Settings\All Users\Application Data\NOS -> [2010/04/23 10:15:39 | 000,000,000 | ---D | C]
 stepup -> C:\stepup -> [2010/04/23 08:10:46 | 000,000,000 | ---D | C]
 Diskeeper -> C:\Diskeeper -> [2010/04/22 14:29:32 | 000,000,000 | -HSD | C]
 DKRtWrt.sys -> C:\WINDOWS\System32\drivers\DKRtWrt.sys -> [2010/04/22 14:25:59 | 000,042,144 | ---- | C] (Diskeeper Corporation)
 Diskeeper Corporation -> C:\Program Files\Common Files\Diskeeper Corporation -> [2010/04/22 14:25:50 | 000,000,000 | ---D | C]
 Diskeeper Corporation -> C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation -> [2010/04/22 14:25:49 | 000,000,000 | ---D | C]
 Windows Home Server -> C:\Program Files\Windows Home Server -> [2010/04/22 14:25:44 | 000,000,000 | ---D | C]
 Diskeeper Corporation -> C:\Program Files\Diskeeper Corporation -> [2010/04/22 14:25:44 | 000,000,000 | ---D | C]
 Computer Tweaks and Tips -> C:\Documents and Settings\Austin\My Documents\Computer Tweaks and Tips -> [2010/04/22 12:42:47 | 000,000,000 | ---D | C]
 ATI -> C:\Documents and Settings\Austin\Application Data\ATI -> [2010/04/22 12:25:31 | 000,000,000 | ---D | C]
 ATI -> C:\Documents and Settings\Austin\Local Settings\Application Data\ATI -> [2010/04/22 12:25:30 | 000,000,000 | ---D | C]
 ATI Technologies -> C:\Program Files\ATI Technologies -> [2010/04/22 12:14:00 | 000,000,000 | ---D | C]
 Trend Micro -> C:\Program Files\Trend Micro -> [2010/04/22 00:07:39 | 000,000,000 | ---D | C]
 Lavasoft -> C:\Documents and Settings\All Users\Application Data\Lavasoft -> [2010/04/21 22:11:52 | 000,000,000 | ---D | C]
 avG -> C:\Documents and Settings\Austin\Local Settings\Application Data\avG -> [2010/04/21 03:02:50 | 000,000,000 | ---D | C]
 avG -> C:\Documents and Settings\All Users\Application Data\avG -> [2010/04/21 03:02:50 | 000,000,000 | ---D | C]
 Real -> C:\Documents and Settings\NetworkService\Application Data\Real -> [2010/04/17 03:03:06 | 000,000,000 | ---D | C]
 Adobe -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe -> [2010/04/16 10:56:29 | 000,000,000 | ---D | C]
 Macromedia -> C:\Documents and Settings\NetworkService\Application Data\Macromedia -> [2010/04/16 00:12:27 | 000,000,000 | ---D | C]
 Adobe -> C:\Documents and Settings\NetworkService\Application Data\Adobe -> [2010/04/16 00:12:22 | 000,000,000 | ---D | C]
 TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2010/04/01 20:06:00 | 000,000,000 | ---D | C]
 WinWay -> C:\Documents and Settings\Austin\Application Data\WinWay -> [2010/04/01 16:45:41 | 000,000,000 | ---D | C]
 HPAppData -> C:\Documents and Settings\Austin\Application Data\HPAppData -> [2010/03/31 22:47:40 | 000,000,000 | ---D | C]
 HP Product Assistant -> C:\Documents and Settings\All Users\Application Data\HP Product Assistant -> [2010/03/31 22:26:32 | 000,000,000 | ---D | C]
 iPod -> C:\Program Files\iPod -> [2010/03/31 12:24:57 | 000,000,000 | ---D | C]
 iTunes -> C:\Program Files\iTunes -> [2010/03/31 12:24:50 | 000,000,000 | ---D | C]
 {429CAD59-35B1-4DBC-BB6D-1DB246563521} -> C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} -> [2010/03/31 12:24:50 | 000,000,000 | ---D | C]
 Bonjour -> C:\Program Files\Bonjour -> [2010/03/31 12:13:50 | 000,000,000 | ---D | C]
 Resume -> C:\Documents and Settings\Austin\My Documents\Resume -> [2010/03/29 14:34:24 | 000,000,000 | ---D | C]
 bckgzm.exe -> C:\WINDOWS\System32\dllcache\bckgzm.exe -> [2010/03/26 16:10:05 | 000,042,577 | ---- | C] (Microsoft Corporation)
 shvlres.dll -> C:\WINDOWS\System32\dllcache\shvlres.dll -> [2010/03/26 16:10:04 | 002,178,131 | ---- | C] (Microsoft Corporation)
 bckgres.dll -> C:\WINDOWS\System32\dllcache\bckgres.dll -> [2010/03/26 16:10:04 | 001,817,687 | ---- | C] (Microsoft Corporation)
 chkrres.dll -> C:\WINDOWS\System32\dllcache\chkrres.dll -> [2010/03/26 16:10:04 | 000,780,885 | ---- | C] (Microsoft Corporation)
 rvseres.dll -> C:\WINDOWS\System32\dllcache\rvseres.dll -> [2010/03/26 16:10:04 | 000,753,236 | ---- | C] (Microsoft Corporation)
 bckg.dll -> C:\WINDOWS\System32\dllcache\bckg.dll -> [2010/03/26 16:10:04 | 000,082,501 | ---- | C] (Microsoft Corporation)
 shvl.dll -> C:\WINDOWS\System32\dllcache\shvl.dll -> [2010/03/26 16:10:04 | 000,066,113 | ---- | C] (Microsoft Corporation)
 rvse.dll -> C:\WINDOWS\System32\dllcache\rvse.dll -> [2010/03/26 16:10:04 | 000,048,706 | ---- | C] (Microsoft Corporation)
 chkrzm.exe -> C:\WINDOWS\System32\dllcache\chkrzm.exe -> [2010/03/26 16:10:04 | 000,042,575 | ---- | C] (Microsoft Corporation)
 rvsezm.exe -> C:\WINDOWS\System32\dllcache\rvsezm.exe -> [2010/03/26 16:10:04 | 000,042,574 | ---- | C] (Microsoft Corporation)
 shvlzm.exe -> C:\WINDOWS\System32\dllcache\shvlzm.exe -> [2010/03/26 16:10:04 | 000,042,573 | ---- | C] (Microsoft Corporation)
 chkr.dll -> C:\WINDOWS\System32\dllcache\chkr.dll -> [2010/03/26 16:10:04 | 000,040,515 | ---- | C] (Microsoft Corporation)
 hrtzres.dll -> C:\WINDOWS\System32\dllcache\hrtzres.dll -> [2010/03/26 16:10:03 | 001,175,635 | ---- | C] (Microsoft Corporation)
 cmnresm.dll -> C:\WINDOWS\System32\dllcache\cmnresm.dll -> [2010/03/26 16:10:03 | 001,039,955 | ---- | C] (Microsoft Corporation)
 hrtz.dll -> C:\WINDOWS\System32\dllcache\hrtz.dll -> [2010/03/26 16:10:03 | 000,057,409 | ---- | C] (Microsoft Corporation)
 hrtzzm.exe -> C:\WINDOWS\System32\dllcache\hrtzzm.exe -> [2010/03/26 16:10:03 | 000,042,573 | ---- | C] (Microsoft Corporation)
 zcorem.dll -> C:\WINDOWS\System32\dllcache\zcorem.dll -> [2010/03/26 16:10:03 | 000,041,029 | ---- | C] (Microsoft Corporation)
 uniansi.dll -> C:\WINDOWS\System32\dllcache\uniansi.dll -> [2010/03/26 16:10:03 | 000,032,339 | ---- | C] (Microsoft Corporation)
 zonelibm.dll -> C:\WINDOWS\System32\dllcache\zonelibm.dll -> [2010/03/26 16:10:03 | 000,013,894 | ---- | C] (Microsoft Corporation)
 zeeverm.dll -> C:\WINDOWS\System32\dllcache\zeeverm.dll -> [2010/03/26 16:10:03 | 000,004,677 | ---- | C] (Microsoft Corporation)
 cmnclim.dll -> C:\WINDOWS\System32\dllcache\cmnclim.dll -> [2010/03/26 16:10:02 | 000,217,160 | ---- | C] (Microsoft Corporation)
 zoneclim.dll -> C:\WINDOWS\System32\dllcache\zoneclim.dll -> [2010/03/26 16:10:02 | 000,113,222 | ---- | C] (Microsoft Corporation)
 zclientm.exe -> C:\WINDOWS\System32\dllcache\zclientm.exe -> [2010/03/26 16:10:02 | 000,036,937 | ---- | C] (Microsoft Corporation)
 znetm.dll -> C:\WINDOWS\System32\dllcache\znetm.dll -> [2010/03/26 16:10:02 | 000,029,760 | ---- | C] (Microsoft Corporation)
 write.exe -> C:\WINDOWS\System32\write.exe -> [2010/03/26 16:10:02 | 000,005,632 | ---- | C] (Microsoft Corporation)
 write.exe -> C:\WINDOWS\System32\dllcache\write.exe -> [2010/03/26 16:10:02 | 000,005,632 | ---- | C] (Microsoft Corporation)
 avtapi.dll -> C:\WINDOWS\System32\dllcache\avtapi.dll -> [2010/03/26 16:09:53 | 000,227,840 | ---- | C] (Microsoft Corporation)
 avtapi.dll -> C:\WINDOWS\System32\avtapi.dll -> [2010/03/26 16:09:53 | 000,227,840 | ---- | C] (Microsoft Corporation)
 sndvol32.exe -> C:\WINDOWS\System32\sndvol32.exe -> [2010/03/26 16:09:53 | 000,138,752 | ---- | C] (Microsoft Corporation)
 sndvol32.exe -> C:\WINDOWS\System32\dllcache\sndvol32.exe -> [2010/03/26 16:09:53 | 000,138,752 | ---- | C] (Microsoft Corporation)
 avwav.dll -> C:\WINDOWS\System32\dllcache\avwav.dll -> [2010/03/26 16:09:53 | 000,073,216 | ---- | C] (Microsoft Corporation)
 avwav.dll -> C:\WINDOWS\System32\avwav.dll -> [2010/03/26 16:09:53 | 000,073,216 | ---- | C] (Microsoft Corporation)
 hticons.dll -> C:\WINDOWS\System32\hticons.dll -> [2010/03/26 16:09:53 | 000,044,544 | ---- | C] (Hilgraeve, Inc.)
 avmeter.dll -> C:\WINDOWS\System32\dllcache\avmeter.dll -> [2010/03/26 16:09:53 | 000,016,384 | ---- | C] (Microsoft Corporation)
 avmeter.dll -> C:\WINDOWS\System32\avmeter.dll -> [2010/03/26 16:09:53 | 000,016,384 | ---- | C] (Microsoft Corporation)
 htrn_jis.dll -> C:\WINDOWS\System32\dllcache\htrn_jis.dll -> [2010/03/26 16:09:53 | 000,013,312 | ---- | C] (Hilgraeve, Inc.)
 winchat.exe -> C:\WINDOWS\System32\winchat.exe -> [2010/03/26 16:09:52 | 000,035,328 | ---- | C] (Microsoft Corporation)
 winchat.exe -> C:\WINDOWS\System32\dllcache\winchat.exe -> [2010/03/26 16:09:52 | 000,035,328 | ---- | C] (Microsoft Corporation)
 getuname.dll -> C:\WINDOWS\System32\getuname.dll -> [2010/03/26 16:09:46 | 000,605,696 | ---- | C] (Microsoft Corporation)
 getuname.dll -> C:\WINDOWS\System32\dllcache\getuname.dll -> [2010/03/26 16:09:46 | 000,605,696 | ---- | C] (Microsoft Corporation)
 charmap.exe -> C:\WINDOWS\System32\dllcache\charmap.exe -> [2010/03/26 16:09:46 | 000,080,384 | ---- | C] (Microsoft Corporation)
 charmap.exe -> C:\WINDOWS\System32\charmap.exe -> [2010/03/26 16:09:46 | 000,080,384 | ---- | C] (Microsoft Corporation)
 mshearts.exe -> C:\WINDOWS\System32\mshearts.exe -> [2010/03/26 16:09:45 | 000,126,976 | ---- | C] (Microsoft Corporation)
 mshearts.exe -> C:\WINDOWS\System32\dllcache\mshearts.exe -> [2010/03/26 16:09:45 | 000,126,976 | ---- | C] (Microsoft Corporation)
 winmine.exe -> C:\WINDOWS\System32\winmine.exe -> [2010/03/26 16:09:45 | 000,119,808 | ---- | C] (Microsoft Corporation)
 winmine.exe -> C:\WINDOWS\System32\dllcache\winmine.exe -> [2010/03/26 16:09:45 | 000,119,808 | ---- | C] (Microsoft Corporation)
 calc.exe -> C:\WINDOWS\System32\dllcache\calc.exe -> [2010/03/26 16:09:45 | 000,114,688 | ---- | C] (Microsoft Corporation)
 calc.exe -> C:\WINDOWS\System32\calc.exe -> [2010/03/26 16:09:45 | 000,114,688 | ---- | C] (Microsoft Corporation)
 sol.exe -> C:\WINDOWS\System32\sol.exe -> [2010/03/26 16:09:45 | 000,056,832 | ---- | C] (Microsoft Corporation)
 sol.exe -> C:\WINDOWS\System32\dllcache\sol.exe -> [2010/03/26 16:09:45 | 000,056,832 | ---- | C] (Microsoft Corporation)
 freecell.exe -> C:\WINDOWS\System32\freecell.exe -> [2010/03/26 16:09:42 | 000,055,296 | ---- | C] (Microsoft Corporation)
 freecell.exe -> C:\WINDOWS\System32\dllcache\freecell.exe -> [2010/03/26 16:09:42 | 000,055,296 | ---- | C] (Microsoft Corporation)
 A3d.dll -> C:\WINDOWS\System32\A3d.dll -> [2005/01/18 08:09:04 | 000,065,536 | R--- | C] ( )
 5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 
[Files/Folders - Modified Within 30 Days]
 SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010/04/23 13:36:18 | 000,000,006 | -H-- | M] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/04/23 13:35:57 | 000,002,048 | --S- | M] ()
 NTUSER.DAT -> C:\Documents and Settings\Austin\NTUSER.DAT -> [2010/04/23 13:35:11 | 011,272,192 | ---- | M] ()
 ntuser.ini -> C:\Documents and Settings\Austin\ntuser.ini -> [2010/04/23 13:35:11 | 000,000,178 | -HS- | M] ()
 IconCache.db -> C:\Documents and Settings\Austin\Local Settings\Application Data\IconCache.db -> [2010/04/23 13:35:08 | 003,712,744 | -H-- | M] ()
 4xspcjvn.exe -> C:\Documents and Settings\Austin\Desktop\4xspcjvn.exe -> [2010/04/23 13:19:39 | 000,293,376 | ---- | M] ()
 wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010/04/23 10:47:08 | 000,002,206 | ---- | M] ()
 hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2010/04/22 21:09:40 | 000,391,989 | R--- | M] ()
 rkill.scr -> C:\Documents and Settings\Austin\Desktop\rkill.scr -> [2010/04/22 18:50:58 | 000,363,520 | ---- | M] ()
 rkill.pif -> C:\Documents and Settings\Austin\Desktop\rkill.pif -> [2010/04/22 18:50:58 | 000,363,520 | ---- | M] ()
 rkill.exe -> C:\Documents and Settings\Austin\Desktop\rkill.exe -> [2010/04/22 18:50:58 | 000,363,520 | ---- | M] ()
 rkill.com -> C:\Documents and Settings\Austin\Desktop\rkill.com -> [2010/04/22 18:50:58 | 000,363,520 | ---- | M] ()
 at60K0 -> C:\Documents and Settings\Austin\Local Settings\Application Data\at60K0 -> [2010/04/22 18:06:45 | 000,013,668 | -HS- | M] ()
 at60K0 -> C:\Documents and Settings\All Users\Application Data\at60K0 -> [2010/04/22 18:06:45 | 000,013,668 | -HS- | M] ()
 win.ini -> C:\WINDOWS\win.ini -> [2010/04/22 12:56:57 | 000,000,914 | ---- | M] ()
 SYSTEM.INI -> C:\WINDOWS\SYSTEM.INI -> [2010/04/22 12:56:57 | 000,000,227 | ---- | M] ()
 boot.ini -> C:\boot.ini -> [2010/04/22 12:56:57 | 000,000,211 | RHS- | M] ()
 wininit.ini -> C:\WINDOWS\wininit.ini -> [2010/04/22 11:34:20 | 000,000,076 | ---- | M] ()
 PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2010/04/22 11:12:03 | 000,559,548 | ---- | M] ()
 perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2010/04/22 11:12:03 | 000,481,030 | ---- | M] ()
 perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2010/04/22 11:12:03 | 000,087,672 | ---- | M] ()
 ipsec.sys -> C:\WINDOWS\System32\drivers\ipsec.sys -> [2010/04/22 07:14:08 | 000,075,264 | ---- | M] ()
 HijackThis.lnk -> C:\Documents and Settings\Austin\Desktop\HijackThis.lnk -> [2010/04/22 00:07:39 | 000,001,734 | ---- | M] ()
 OTS.exe -> C:\Documents and Settings\Austin\Desktop\OTS.exe -> [2010/04/21 22:30:19 | 000,638,976 | ---- | M] (OldTimer Tools)
 Mozilla Firefox.lnk -> C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk -> [2010/04/21 17:47:10 | 000,001,602 | ---- | M] ()
 hosts.20100422-210939.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20100422-210939.backup -> [2010/04/21 17:40:40 | 000,391,989 | R--- | M] ()
 LqB0St6ge8 -> C:\Documents and Settings\Austin\Local Settings\Application Data\LqB0St6ge8 -> [2010/04/21 17:32:33 | 000,020,320 | -HS- | M] ()
 LqB0St6ge8 -> C:\Documents and Settings\All Users\Application Data\LqB0St6ge8 -> [2010/04/21 17:32:33 | 000,020,320 | -HS- | M] ()
 Spybot - Search & Destroy.lnk -> C:\Documents and Settings\Austin\Desktop\Spybot - Search & Destroy.lnk -> [2010/04/21 17:16:35 | 000,000,933 | ---- | M] ()
 RJAhr0NY5OVC -> C:\Documents and Settings\Austin\Local Settings\Application Data\RJAhr0NY5OVC -> [2010/04/21 07:00:53 | 000,016,112 | -HS- | M] ()
 RJAhr0NY5OVC -> C:\Documents and Settings\All Users\Application Data\RJAhr0NY5OVC -> [2010/04/21 07:00:53 | 000,016,112 | -HS- | M] ()
 t62kNvy -> C:\Documents and Settings\All Users\Application Data\t62kNvy -> [2010/04/20 10:48:33 | 000,019,332 | -HS- | M] ()
 AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2010/04/19 14:36:02 | 000,000,284 | ---- | M] ()
 t35517xJLuG -> C:\Documents and Settings\Austin\Local Settings\Application Data\t35517xJLuG -> [2010/04/18 13:46:42 | 000,013,992 | -HS- | M] ()
 t35517xJLuG -> C:\Documents and Settings\All Users\Application Data\t35517xJLuG -> [2010/04/18 13:46:42 | 000,013,992 | -HS- | M] ()
 S3BtOWUBpf5 -> C:\Documents and Settings\All Users\Application Data\S3BtOWUBpf5 -> [2010/04/18 07:24:57 | 000,019,042 | -HS- | M] ()
 JH40y5L -> C:\Documents and Settings\All Users\Application Data\JH40y5L -> [2010/04/17 20:40:53 | 000,016,652 | -HS- | M] ()
 Travian Farms.docx -> C:\Documents and Settings\Austin\My Documents\Travian Farms.docx -> [2010/04/17 02:14:40 | 000,011,912 | ---- | M] ()
 exeHelper.com -> C:\Documents and Settings\Austin\Desktop\exeHelper.com -> [2010/04/14 08:41:11 | 000,294,400 | ---- | M] ()
 iTunes.lnk -> C:\Documents and Settings\All Users\Desktop\iTunes.lnk -> [2010/04/06 22:28:58 | 000,002,137 | ---- | M] ()
 K6sEH5Ir2Is -> C:\Documents and Settings\Austin\Local Settings\Application Data\K6sEH5Ir2Is -> [2010/04/06 00:33:22 | 000,005,256 | -HS- | M] ()
 K6sEH5Ir2Is -> C:\Documents and Settings\All Users\Application Data\K6sEH5Ir2Is -> [2010/04/06 00:33:22 | 000,005,256 | -HS- | M] ()
 1585116398.dll -> C:\Documents and Settings\Austin\Local Settings\Application Data\1585116398.dll -> [2010/04/06 00:31:49 | 000,196,096 | -HS- | M] ()
 8Cq4r -> C:\Documents and Settings\Austin\Local Settings\Application Data\8Cq4r -> [2010/04/01 20:49:28 | 000,001,450 | -HS- | M] ()
 8Cq4r -> C:\Documents and Settings\All Users\Application Data\8Cq4r -> [2010/04/01 20:49:28 | 000,001,450 | -HS- | M] ()
 1360466830.dll -> C:\Documents and Settings\Austin\Local Settings\Application Data\1360466830.dll -> [2010/04/01 20:41:58 | 000,184,320 | -HS- | M] ()
 GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\Austin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2010/03/31 22:46:30 | 000,070,384 | ---- | M] ()
 FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2010/03/31 22:44:56 | 000,270,984 | ---- | M] ()
 hpqins15.dat -> C:\WINDOWS\hpqins15.dat -> [2010/03/31 22:35:43 | 000,023,111 | ---- | M] ()
 hpqins05.dat -> C:\WINDOWS\hpqins05.dat -> [2010/03/31 22:27:36 | 000,077,350 | ---- | M] ()
 pool.bin -> C:\WINDOWS\System32\pool.bin -> [2010/03/30 12:10:10 | 000,000,256 | ---- | M] ()
 LoaderBackup-(2010-03-30).ipd -> C:\Documents and Settings\Austin\My Documents\LoaderBackup-(2010-03-30).ipd -> [2010/03/30 11:30:34 | 002,936,293 | ---- | M] ()
 pool.bin -> C:\Documents and Settings\Austin\pool.bin -> [2010/03/30 11:26:15 | 000,000,256 | ---- | M] ()
 5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 
[Files - No Company Name]
 rkill.com -> C:\Documents and Settings\Austin\Desktop\rkill.com -> [2010/04/23 13:20:30 | 000,363,520 | ---- | C] ()
 rkill.exe -> C:\Documents and Settings\Austin\Desktop\rkill.exe -> [2010/04/23 13:20:20 | 000,363,520 | ---- | C] ()
 rkill.pif -> C:\Documents and Settings\Austin\Desktop\rkill.pif -> [2010/04/23 13:20:11 | 000,363,520 | ---- | C] ()
 rkill.scr -> C:\Documents and Settings\Austin\Desktop\rkill.scr -> [2010/04/23 13:20:03 | 000,363,520 | ---- | C] ()
 4xspcjvn.exe -> C:\Documents and Settings\Austin\Desktop\4xspcjvn.exe -> [2010/04/23 13:19:40 | 000,293,376 | ---- | C] ()
 exeHelper.com -> C:\Documents and Settings\Austin\Desktop\exeHelper.com -> [2010/04/23 13:18:46 | 000,294,400 | ---- | C] ()
 at60K0 -> C:\Documents and Settings\Austin\Local Settings\Application Data\at60K0 -> [2010/04/22 17:58:34 | 000,013,668 | -HS- | C] ()
 ati2sgag.exe -> C:\WINDOWS\System32\ati2sgag.exe -> [2010/04/22 12:14:31 | 000,520,192 | ---- | C] ()
 HijackThis.lnk -> C:\Documents and Settings\Austin\Desktop\HijackThis.lnk -> [2010/04/22 00:07:39 | 000,001,734 | ---- | C] ()
 Mozilla Firefox.lnk -> C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk -> [2010/04/21 17:47:10 | 000,001,602 | ---- | C] ()
 Spybot - Search & Destroy.lnk -> C:\Documents and Settings\Austin\Desktop\Spybot - Search & Destroy.lnk -> [2010/04/21 17:16:35 | 000,000,933 | ---- | C] ()
 LqB0St6ge8 -> C:\Documents and Settings\Austin\Local Settings\Application Data\LqB0St6ge8 -> [2010/04/21 17:02:50 | 000,020,320 | -HS- | C] ()
 LqB0St6ge8 -> C:\Documents and Settings\All Users\Application Data\LqB0St6ge8 -> [2010/04/21 17:02:50 | 000,020,320 | -HS- | C] ()
 RJAhr0NY5OVC -> C:\Documents and Settings\Austin\Local Settings\Application Data\RJAhr0NY5OVC -> [2010/04/21 03:00:14 | 000,016,112 | -HS- | C] ()
 RJAhr0NY5OVC -> C:\Documents and Settings\All Users\Application Data\RJAhr0NY5OVC -> [2010/04/21 03:00:14 | 000,016,112 | -HS- | C] ()
 at60K0 -> C:\Documents and Settings\All Users\Application Data\at60K0 -> [2010/04/20 17:22:38 | 000,013,668 | -HS- | C] ()
 at60K0 -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\at60K0 -> [2010/04/20 17:22:38 | 000,001,786 | -HS- | C] ()
 t62kNvy -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\t62kNvy -> [2010/04/18 14:59:55 | 000,019,332 | -HS- | C] ()
 t62kNvy -> C:\Documents and Settings\All Users\Application Data\t62kNvy -> [2010/04/18 14:59:55 | 000,019,332 | -HS- | C] ()
 t35517xJLuG -> C:\Documents and Settings\Austin\Local Settings\Application Data\t35517xJLuG -> [2010/04/18 13:42:21 | 000,013,992 | -HS- | C] ()
 t35517xJLuG -> C:\Documents and Settings\All Users\Application Data\t35517xJLuG -> [2010/04/18 13:42:21 | 000,013,992 | -HS- | C] ()
 S3BtOWUBpf5 -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\S3BtOWUBpf5 -> [2010/04/18 04:24:28 | 000,019,042 | -HS- | C] ()
 S3BtOWUBpf5 -> C:\Documents and Settings\All Users\Application Data\S3BtOWUBpf5 -> [2010/04/18 04:24:28 | 000,019,042 | -HS- | C] ()
 JH40y5L -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\JH40y5L -> [2010/04/17 15:37:09 | 000,016,652 | -HS- | C] ()
 JH40y5L -> C:\Documents and Settings\All Users\Application Data\JH40y5L -> [2010/04/17 15:37:09 | 000,016,652 | -HS- | C] ()
 Travian Farms.docx -> C:\Documents and Settings\Austin\My Documents\Travian Farms.docx -> [2010/04/17 02:14:40 | 000,011,912 | ---- | C] ()
 1585116398.dll -> C:\Documents and Settings\Austin\Local Settings\Application Data\1585116398.dll -> [2010/04/06 00:31:49 | 000,196,096 | -HS- | C] ()
 K6sEH5Ir2Is -> C:\Documents and Settings\Austin\Local Settings\Application Data\K6sEH5Ir2Is -> [2010/04/06 00:31:24 | 000,005,256 | -HS- | C] ()
 K6sEH5Ir2Is -> C:\Documents and Settings\All Users\Application Data\K6sEH5Ir2Is -> [2010/04/06 00:31:24 | 000,005,256 | -HS- | C] ()
 1360466830.dll -> C:\Documents and Settings\Austin\Local Settings\Application Data\1360466830.dll -> [2010/04/01 19:35:00 | 000,184,320 | -HS- | C] ()
 8Cq4r -> C:\Documents and Settings\Austin\Local Settings\Application Data\8Cq4r -> [2010/04/01 19:30:29 | 000,001,450 | -HS- | C] ()
 8Cq4r -> C:\Documents and Settings\All Users\Application Data\8Cq4r -> [2010/04/01 19:30:29 | 000,001,450 | -HS- | C] ()
 hpqins15.dat -> C:\WINDOWS\hpqins15.dat -> [2010/03/31 22:31:55 | 000,023,111 | ---- | C] ()
 hpqins05.dat -> C:\WINDOWS\hpqins05.dat -> [2010/03/31 22:18:58 | 000,077,350 | ---- | C] ()
 iTunes.lnk -> C:\Documents and Settings\All Users\Desktop\iTunes.lnk -> [2010/03/31 12:26:07 | 000,002,137 | ---- | C] ()
 LoaderBackup-(2010-03-30).ipd -> C:\Documents and Settings\Austin\My Documents\LoaderBackup-(2010-03-30).ipd -> [2010/03/30 11:30:34 | 002,936,293 | ---- | C] ()
 Santa Fe Stucco.bmp -> C:\WINDOWS\Santa Fe Stucco.bmp -> [2010/03/26 16:09:48 | 000,065,832 | ---- | C] ()
 River Sumida.bmp -> C:\WINDOWS\River Sumida.bmp -> [2010/03/26 16:09:48 | 000,026,680 | ---- | C] ()
 Rhododendron.bmp -> C:\WINDOWS\Rhododendron.bmp -> [2010/03/26 16:09:48 | 000,017,362 | ---- | C] ()
 Zapotec.bmp -> C:\WINDOWS\Zapotec.bmp -> [2010/03/26 16:09:48 | 000,009,522 | ---- | C] ()
 Soap Bubbles.bmp -> C:\WINDOWS\Soap Bubbles.bmp -> [2010/03/26 16:09:47 | 000,065,978 | ---- | C] ()
 Prairie Wind.bmp -> C:\WINDOWS\Prairie Wind.bmp -> [2010/03/26 16:09:47 | 000,065,954 | ---- | C] ()
 Greenstone.bmp -> C:\WINDOWS\Greenstone.bmp -> [2010/03/26 16:09:47 | 000,026,582 | ---- | C] ()
 Gone Fishing.bmp -> C:\WINDOWS\Gone Fishing.bmp -> [2010/03/26 16:09:47 | 000,017,336 | ---- | C] ()
 Coffee Bean.bmp -> C:\WINDOWS\Coffee Bean.bmp -> [2010/03/26 16:09:47 | 000,017,062 | ---- | C] ()
 FeatherTexture.bmp -> C:\WINDOWS\FeatherTexture.bmp -> [2010/03/26 16:09:47 | 000,016,730 | ---- | C] ()
 Blue Lace 16.bmp -> C:\WINDOWS\Blue Lace 16.bmp -> [2010/03/26 16:09:47 | 000,001,272 | ---- | C] ()
 subrange.uce -> C:\WINDOWS\System32\subrange.uce -> [2010/03/26 16:09:46 | 000,093,702 | ---- | C] ()
 ideograf.uce -> C:\WINDOWS\System32\ideograf.uce -> [2010/03/26 16:09:46 | 000,060,458 | ---- | C] ()
 gb2312.uce -> C:\WINDOWS\System32\gb2312.uce -> [2010/03/26 16:09:46 | 000,024,006 | ---- | C] ()
 bopomofo.uce -> C:\WINDOWS\System32\bopomofo.uce -> [2010/03/26 16:09:46 | 000,022,984 | ---- | C] ()
 shiftjis.uce -> C:\WINDOWS\System32\shiftjis.uce -> [2010/03/26 16:09:46 | 000,016,740 | ---- | C] ()
 korean.uce -> C:\WINDOWS\System32\korean.uce -> [2010/03/26 16:09:46 | 000,012,876 | ---- | C] ()
 kanji_2.uce -> C:\WINDOWS\System32\kanji_2.uce -> [2010/03/26 16:09:46 | 000,008,484 | ---- | C] ()
 kanji_1.uce -> C:\WINDOWS\System32\kanji_1.uce -> [2010/03/26 16:09:46 | 000,006,948 | ---- | C] ()
 jbezgrvs.dll -> C:\WINDOWS\System32\jbezgrvs.dll -> [2010/03/08 05:00:16 | 000,297,984 | ---- | C] ()
 mqvcwzno.dll -> C:\WINDOWS\System32\mqvcwzno.dll -> [2010/03/08 04:59:46 | 000,315,392 | ---- | C] ()
 lzeisyhh.dll -> C:\WINDOWS\System32\lzeisyhh.dll -> [2010/02/03 07:31:18 | 000,256,000 | ---- | C] ()
 phwchcez.dll -> C:\WINDOWS\System32\phwchcez.dll -> [2010/02/03 07:30:48 | 000,290,816 | ---- | C] ()
 sniduyejdscua.dll -> C:\WINDOWS\System32\sniduyejdscua.dll -> [2010/01/26 21:14:34 | 000,557,056 | ---- | C] ()
 wininit.ini -> C:\WINDOWS\wininit.ini -> [2009/07/16 21:48:16 | 000,000,076 | ---- | C] ()
 ractrlkeyhook.dll -> C:\WINDOWS\System32\ractrlkeyhook.dll -> [2009/05/14 14:29:30 | 000,008,520 | ---- | C] ()
 mkghj.dll -> C:\WINDOWS\System32\mkghj.dll -> [2008/04/13 17:59:01 | 000,000,006 | ---- | C] ()
 GTW32N50.dll -> C:\WINDOWS\System32\GTW32N50.dll -> [2008/04/02 23:02:50 | 000,094,208 | ---- | C] ()
 WLAN.INI -> C:\WINDOWS\System32\WLAN.INI -> [2008/04/02 23:02:32 | 000,000,920 | ---- | C] ()
 Ludap17.ini -> C:\WINDOWS\System32\Ludap17.ini -> [2007/12/22 03:06:07 | 000,005,627 | R--- | C] ()
 ctzapxx.ini -> C:\WINDOWS\System32\ctzapxx.ini -> [2007/12/22 03:06:07 | 000,000,039 | R--- | C] ()
 CO_Mon.sys -> C:\WINDOWS\System32\drivers\CO_Mon.sys -> [2006/10/04 07:17:36 | 000,028,672 | ---- | C] ()
 QTW.INI -> C:\WINDOWS\QTW.INI -> [2006/09/27 08:51:40 | 000,000,306 | ---- | C] ()
 wordpad.INI -> C:\WINDOWS\wordpad.INI -> [2006/09/20 11:06:27 | 000,000,754 | ---- | C] ()
 SOS.SYS -> C:\WINDOWS\SOS.SYS -> [2006/09/05 07:42:29 | 000,000,076 | ---- | C] ()
 hegames.ini -> C:\WINDOWS\hegames.ini -> [2006/07/24 08:51:07 | 000,000,503 | ---- | C] ()
 GlobalUserInterface.CompositeFont -> C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont -> [2006/06/29 14:58:52 | 000,030,808 | ---- | C] ()
 GlobalSansSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont -> [2006/06/29 14:53:56 | 000,026,489 | ---- | C] ()
 QuickInstall.INI -> C:\WINDOWS\QuickInstall.INI -> [2006/05/27 23:11:38 | 000,000,000 | ---- | C] ()
 iPlayer.INI -> C:\WINDOWS\iPlayer.INI -> [2006/05/22 20:55:43 | 000,000,000 | ---- | C] ()
 GlobalSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSerif.CompositeFont -> [2006/04/18 15:39:28 | 000,029,779 | ---- | C] ()
 GlobalMonospace.CompositeFont -> C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont -> [2006/04/18 15:39:28 | 000,026,040 | ---- | C] ()
 NemuAudio08.ini -> C:\WINDOWS\System32\NemuAudio08.ini -> [2005/10/20 08:56:06 | 000,000,126 | ---- | C] ()
 NemuVideo.ini -> C:\WINDOWS\System32\NemuVideo.ini -> [2005/10/20 08:54:40 | 000,000,065 | ---- | C] ()
 progman.ini -> C:\WINDOWS\progman.ini -> [2005/08/04 20:23:06 | 000,000,021 | ---- | C] ()
 liveup.ini -> C:\WINDOWS\liveup.ini -> [2005/07/12 15:01:54 | 000,000,044 | ---- | C] ()
 ALBUM.INI -> C:\WINDOWS\ALBUM.INI -> [2005/07/01 20:48:42 | 000,000,101 | ---- | C] ()
 P17.dll -> C:\WINDOWS\System32\P17.dll -> [2005/05/03 07:38:42 | 000,064,512 | R--- | C] ()
 tefview.ini -> C:\WINDOWS\tefview.ini -> [2005/05/02 20:47:50 | 000,001,886 | ---- | C] ()
 WinYlg10.ini -> C:\WINDOWS\WinYlg10.ini -> [2005/03/31 20:45:45 | 000,000,015 | ---- | C] ()
 MsYlg10.ini -> C:\WINDOWS\MsYlg10.ini -> [2005/03/31 20:45:18 | 000,000,008 | ---- | C] ()
 fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2005/01/31 20:45:58 | 000,001,793 | ---- | C] ()
 Eudcedit.ini -> C:\WINDOWS\Eudcedit.ini -> [2005/01/27 23:04:52 | 000,000,144 | ---- | C] ()
 ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2005/01/17 21:16:05 | 000,000,207 | ---- | C] ()
 psisdecd.dll -> C:\WINDOWS\System32\psisdecd.dll -> [2005/01/17 19:37:45 | 000,363,520 | ---- | C] ()
 xvidvfw.dll -> C:\WINDOWS\System32\xvidvfw.dll -> [2004/12/19 09:29:40 | 000,106,496 | ---- | C] ()
 xvidcore.dll -> C:\WINDOWS\System32\xvidcore.dll -> [2004/12/19 09:17:10 | 000,614,400 | ---- | C] ()
 SDelete.dll -> C:\WINDOWS\System32\SDelete.dll -> [2004/06/30 16:04:46 | 000,040,960 | ---- | C] ()
 openports.dll -> C:\WINDOWS\System32\openports.dll -> [2004/03/07 14:51:00 | 000,024,924 | ---- | C] ()
 P17CPI.dll -> C:\WINDOWS\System32\P17CPI.dll -> [2003/10/02 06:48:18 | 000,053,248 | R--- | C] ()
 OggDS.dll -> C:\WINDOWS\System32\OggDS.dll -> [2002/10/06 14:42:57 | 000,237,568 | ---- | C] ()
 VorbisEnc.dll -> C:\WINDOWS\System32\VorbisEnc.dll -> [2002/10/04 19:04:25 | 000,921,600 | ---- | C] ()
 vorbis.dll -> C:\WINDOWS\System32\vorbis.dll -> [2002/10/04 19:04:24 | 000,188,416 | ---- | C] ()
 ogg.dll -> C:\WINDOWS\System32\ogg.dll -> [2002/10/04 19:04:17 | 000,045,056 | ---- | C] ()
 ipsec.sys -> C:\WINDOWS\System32\drivers\ipsec.sys -> [2002/09/03 12:35:40 | 000,075,264 | ---- | C] ()
 mp4fil32.dll -> C:\WINDOWS\System32\mp4fil32.dll -> [2002/05/15 19:38:40 | 000,091,136 | ---- | C] ()
 msvdm.dll -> C:\WINDOWS\System32\msvdm.dll -> [2002/03/19 17:30:00 | 000,141,824 | ---- | C] ()
 vidx16.dll -> C:\WINDOWS\System32\vidx16.dll -> [1997/11/17 17:13:16 | 000,010,240 | ---- | C] ()
 giveio.sys -> C:\WINDOWS\System32\giveio.sys -> [1996/04/03 15:33:26 | 000,005,248 | ---- | C] ()
 
[File - Lop Check]
 AOP -> C:\Documents and Settings\All Users\Application Data\AOP -> [2005/01/19 08:48:11 | 000,000,000 | ---D | M]
 avG -> C:\Documents and Settings\All Users\Application Data\avG -> [2010/04/21 03:02:50 | 000,000,000 | ---D | M]
 CA -> C:\Documents and Settings\All Users\Application Data\CA -> [2008/09/23 22:50:08 | 000,000,000 | ---D | M]
 DFX -> C:\Documents and Settings\All Users\Application Data\DFX -> [2008/04/13 18:43:09 | 000,000,000 | ---D | M]
 Diskeeper Corporation -> C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation -> [2010/04/22 14:25:49 | 000,000,000 | ---D | M]
 HotSync -> C:\Documents and Settings\All Users\Application Data\HotSync -> [2006/05/27 21:57:16 | 000,000,000 | ---D | M]
 IM -> C:\Documents and Settings\All Users\Application Data\IM -> [2008/09/26 16:24:55 | 000,000,000 | ---D | M]
 IncrediMail -> C:\Documents and Settings\All Users\Application Data\IncrediMail -> [2008/09/26 16:23:23 | 000,000,000 | ---D | M]
 myitlab -> C:\Documents and Settings\All Users\Application Data\myitlab -> [2009/05/06 22:41:46 | 000,000,000 | ---D | M]
 Napster -> C:\Documents and Settings\All Users\Application Data\Napster -> [2009/05/29 16:26:09 | 000,000,000 | ---D | M]
 NFS Underground -> C:\Documents and Settings\All Users\Application Data\NFS Underground -> [2005/10/21 19:23:10 | 000,000,000 | ---D | M]
 Research In Motion -> C:\Documents and Settings\All Users\Application Data\Research In Motion -> [2010/01/13 14:33:57 | 000,000,000 | ---D | M]
 SITEguard -> C:\Documents and Settings\All Users\Application Data\SITEguard -> [2010/02/28 15:37:59 | 000,000,000 | ---D | M]
 STOPzilla! -> C:\Documents and Settings\All Users\Application Data\STOPzilla! -> [2010/02/28 19:41:58 | 000,000,000 | ---D | M]
 TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2010/04/01 20:06:00 | 000,000,000 | ---D | M]
 TuneUp Software -> C:\Documents and Settings\All Users\Application Data\TuneUp Software -> [2007/10/01 00:50:11 | 000,000,000 | ---D | M]
 {00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} -> C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} -> [2009/03/27 19:23:30 | 000,000,000 | ---D | M]
 {429CAD59-35B1-4DBC-BB6D-1DB246563521} -> C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} -> [2010/03/31 12:26:04 | 000,000,000 | ---D | M]
 {755AC846-7372-4AC8-8550-C52491DAA8BD} -> C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} -> [2009/11/08 11:49:57 | 000,000,000 | ---D | M]
 {8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} -> C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} -> [2009/04/06 16:27:52 | 000,000,000 | ---D | M]
 ezLife -> C:\Documents and Settings\Austin\Application Data\ezLife -> [2010/02/28 02:16:11 | 000,000,000 | ---D | M]
 HotSync -> C:\Documents and Settings\Austin\Application Data\HotSync -> [2006/05/27 21:56:05 | 000,000,000 | ---D | M]
 Leadertech -> C:\Documents and Settings\Austin\Application Data\Leadertech -> [2006/05/27 21:59:53 | 000,000,000 | ---D | M]
 LimeWire -> C:\Documents and Settings\Austin\Application Data\LimeWire -> [2009/11/11 16:56:03 | 000,000,000 | ---D | M]
 Messenger -> C:\Documents and Settings\Austin\Application Data\Messenger -> [2010/02/28 02:15:50 | 000,000,000 | ---D | M]
 mjusbsp -> C:\Documents and Settings\Austin\Application Data\mjusbsp -> [2009/11/08 15:02:26 | 000,000,000 | ---D | M]
 MP3Rocket -> C:\Documents and Settings\Austin\Application Data\MP3Rocket -> [2009/03/29 18:44:01 | 000,000,000 | ---D | M]
 Qualcomm -> C:\Documents and Settings\Austin\Application Data\Qualcomm -> [2005/04/22 21:29:08 | 000,000,000 | ---D | M]
 Research In Motion -> C:\Documents and Settings\Austin\Application Data\Research In Motion -> [2009/12/13 13:59:02 | 000,000,000 | ---D | M]
 Smart-Ads-Solutions -> C:\Documents and Settings\Austin\Application Data\Smart-Ads-Solutions -> [2010/02/28 02:16:08 | 000,000,000 | ---D | M]
 Thunderbird -> C:\Documents and Settings\Austin\Application Data\Thunderbird -> [2005/03/08 08:37:51 | 000,000,000 | ---D | M]
 TuneUp Software -> C:\Documents and Settings\Austin\Application Data\TuneUp Software -> [2007/01/08 12:40:03 | 000,000,000 | ---D | M]
 Uniblue -> C:\Documents and Settings\Austin\Application Data\Uniblue -> [2009/11/15 05:17:22 | 000,000,000 | ---D | M]
 Utherverse -> C:\Documents and Settings\Austin\Application Data\Utherverse -> [2009/11/02 23:00:56 | 000,000,000 | ---D | M]
 Vso -> C:\Documents and Settings\Austin\Application Data\Vso -> [2009/07/23 17:18:10 | 000,000,000 | ---D | M]
 WholeSecurity -> C:\Documents and Settings\Austin\Application Data\WholeSecurity -> [2006/10/04 07:17:29 | 000,000,000 | ---D | M]
 Windows Live Safety Center -> C:\Documents and Settings\Austin\Application Data\Windows Live Safety Center -> [2006/10/04 07:08:29 | 000,000,000 | ---D | M]
 WinWay -> C:\Documents and Settings\Austin\Application Data\WinWay -> [2010/04/01 16:45:41 | 000,000,000 | ---D | M]
 CallingID -> C:\Documents and Settings\LocalService\Application Data\CallingID -> [2008/09/11 21:20:23 | 000,000,000 | ---D | M]
 PeerNetworking -> C:\Documents and Settings\LocalService\Application Data\PeerNetworking -> [2009/10/04 23:40:01 | 000,000,000 | ---D | M]
 
[File - Purity Scan]
 
[Custom Scans]
< %SYSTEMDRIVE%\*.exe >
 cdw31.exe -> C:\cdw31.exe -> [2002/01/28 12:44:14 | 013,910,413 | R--- | M] ()
< MD5 Scans Start>
< %systemdrive%\AGP440.SYS  /md5 /s >
 AGP440.sys : .cab file  -> C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys -> [2005/01/17 22:05:05 | 022,245,337 | ---- | M] ()
 AGP440.sys : .cab file  -> C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys -> [2008/09/17 19:18:17 | 023,852,652 | ---- | M] ()
 AGP440.sys : .cab file  -> C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys -> [2005/01/17 22:05:05 | 022,245,337 | ---- | M] ()
 AGP440.sys : .cab file  -> C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys -> [2008/09/17 19:18:17 | 023,852,652 | ---- | M] ()
 agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7 -> C:\WINDOWS\ServicePackFiles\i386\agp440.sys -> [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation)
 agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7 -> C:\WINDOWS\system32\drivers\agp440.sys -> [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation)
 agp440.sys : MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -> C:\WINDOWS\$NtServicePackUninstall$\agp440.sys -> [2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation)
< %systemdrive%\ATAPI.SYS  /md5 /s >
 atapi.sys : .cab file  -> C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys -> [2002/09/03 13:04:09 | 010,158,890 | ---- | M] ()
 atapi.sys : .cab file  -> C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys -> [2005/01/17 22:05:05 | 022,245,337 | ---- | M] ()
 atapi.sys : .cab file  -> C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys -> [2008/09/17 19:18:17 | 023,852,652 | ---- | M] ()
 atapi.sys : .cab file  -> C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys -> [2005/01/17 22:05:05 | 022,245,337 | ---- | M] ()
 atapi.sys : .cab file  -> C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys -> [2008/09/17 19:18:17 | 023,852,652 | ---- | M] ()
 atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674 -> C:\WINDOWS\ServicePackFiles\i386\atapi.sys -> [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation)
 atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674 -> C:\WINDOWS\system32\drivers\atapi.sys -> [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation)
 atapi.sys : MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -> C:\WINDOWS\$NtServicePackUninstall$\atapi.sys -> [2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation)
< %systemdrive%\EVENTLOG.DLL  /md5 /s >
 eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656 -> C:\WINDOWS\ServicePackFiles\i386\eventlog.dll -> [2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation)
 eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656 -> C:\WINDOWS\system32\eventlog.dll -> [2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation)
 eventlog.dll : MD5=82B24CB70E5944E6E34662205A2A5B78 -> C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll -> [2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation)
< %systemdrive%\NETLOGON.DLL  /md5 /s >
 netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550 -> C:\WINDOWS\ServicePackFiles\i386\netlogon.dll -> [2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation)
 netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550 -> C:\WINDOWS\system32\netlogon.dll -> [2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation)
 netlogon.dll : MD5=96353FCECBA774BB8DA74A1C6507015A -> C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll -> [2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation)
< %systemdrive%\SCECLI.DLL  /md5 /s >
 scecli.dll : MD5=0F78E27F563F2AAF74B91A49E2ABF19A -> C:\WINDOWS\$NtServicePackUninstall$\scecli.dll -> [2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation)
 scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -> C:\WINDOWS\ServicePackFiles\i386\scecli.dll -> [2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation)
 scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -> C:\WINDOWS\system32\scecli.dll -> [2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation)
< MD5 Scans End>
< %systemroot%\*. /mp /s >
Restore point Set: OTS Restore Point (0)
< %systemroot%\system32\*.dll /lockedfiles >
 5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> 
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
 default.sav -> C:\WINDOWS\system32\config\default.sav -> [2005/01/17 13:55:10 | 000,094,208 | ---- | M] ()
 software.sav -> C:\WINDOWS\system32\config\software.sav -> [2005/01/17 13:55:10 | 000,602,112 | ---- | M] ()
 system.sav -> C:\WINDOWS\system32\config\system.sav -> [2005/01/17 13:55:10 | 000,393,216 | ---- | M] ()
< End of report >
Step 3

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-23 16:55:48
Windows 5.1.2600 Service Pack 3
Running: 4xspcjvn.exe; Driver: C:\DOCUME~1\Austin\LOCALS~1\Temp\pxtdrpow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
 

NeonFx

Malware Specialist
Joined
Oct 22, 2008
Messages
4,811
You did everything just fine. Normal Mode is better :)

In the future though, please attach results that are really long using the instructions I gave you earlier so that we don't have to scroll so far down the page.


Let's do the following in Normal Mode:



NOTE: ComboFix should NOT be used without supervision by someone trained in its use. It does a whole lot more to a system than just remove infected files.

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop



  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Disabling Security Programs
  • Double click on ComboFix.exe & follow the prompts.

    Note: Combofix will run without the Recovery Console installed.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you please let me know. A increasing number of infections are spreading using Autoplay and leaving it disabled is a good idea.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
 

NeonFx

Malware Specialist
Joined
Oct 22, 2008
Messages
4,811
It seems the reason why we couldn't run exeHelper in normal mode was because one of your security programs was preventing it. It's a false positive by Microsoft's Security Essentials.


Please do the following:

1. Close any open open programs before running the fix.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open Notepad (Start > Programs > Accessories) and copy/paste the text in the codebox below into it:

Code:
KillAll::

Suspect::
c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe

Collect::
c:\windows\system32\jbezgrvs.dll
c:\windows\system32\drivers\kgpcpy.cfg
c:\windows\system32\daqyepiicmdulgdq.exe
c:\windows\system32\sniduyejdscua.dll
c:\windows\system32\lzeisyhh.dll
c:\program files\cdw31.exe
c:\program files\mozilla firefox\components\adproFfx.dll
c:\program files\mozilla firefox\components\ffxShot.dll
c:\windows\system32\drivers\abravkty.sys 
c:\windows\system32\drivers\axhazwgn.sys 
c:\windows\system32\drivers\blmvggbe.sys 
c:\windows\system32\drivers\buitlibu.sys 
c:\windows\system32\drivers\cfkurtmo.sys 
c:\windows\system32\drivers\cjhirmlx.sys 
c:\windows\system32\drivers\cmllclvr.sys 
c:\windows\system32\drivers\dnbozivw.sys 
c:\windows\system32\drivers\ecvorbxf.sys 
c:\windows\system32\drivers\eotiswsj.sys 
c:\windows\system32\drivers\fptqcpft.sys 
c:\windows\system32\drivers\fvczvxgf.sys 
c:\windows\system32\drivers\ghouagsr.sys 
c:\windows\system32\drivers\gpubelcq.sys 
c:\windows\system32\drivers\heohxcof.sys 
c:\windows\system32\drivers\hhdfbuok.sys 
c:\windows\system32\drivers\htbyokvi.sys 
c:\windows\system32\drivers\iooizzrn.sys 
c:\windows\system32\drivers\isjgbujy.sys 
c:\windows\system32\drivers\kfkvedfq.sys 
c:\windows\system32\drivers\kpfdmdkd.sys 
c:\windows\system32\drivers\kqkgfijx.sys 
c:\windows\system32\drivers\lzjwnros.sys 
c:\windows\system32\drivers\mfyqetyg.sys 
c:\windows\system32\drivers\msrmotcq.sys 
c:\windows\system32\drivers\mtslodhu.sys 
c:\windows\system32\drivers\odxoclpa.sys 
c:\windows\system32\drivers\oftzhnyu.sys 
c:\windows\system32\drivers\orocczee.sys 
c:\windows\system32\drivers\pecsotjw.sys 
c:\windows\system32\drivers\pkmxtsdk.sys 
c:\windows\system32\drivers\ptkffagf.sys 
c:\windows\system32\drivers\qaugseww.sys 
c:\windows\system32\drivers\qypzrnsz.sys 
c:\windows\system32\drivers\rrnjoobg.sys 
c:\windows\system32\drivers\rtcmraiz.sys 
c:\windows\system32\drivers\rugdmnkj.sys 
c:\windows\system32\drivers\tqjubgez.sys 
c:\windows\system32\drivers\ujddvplb.sys 
c:\windows\system32\drivers\unlgufma.sys 
c:\windows\system32\drivers\wizyusmp.sys 
c:\windows\system32\drivers\xaleehuy.sys 
c:\windows\system32\drivers\xqtdjpvo.sys 

Driver::
abravkty
axhazwgn
blmvggbe
buitlibu
cfkurtmo
cjhirmlx
cmllclvr
dnbozivw
ecvorbxf
eotiswsj
fptqcpft
fvczvxgf
ghouagsr
gpubelcq
heohxcof
hhdfbuok
htbyokvi
iooizzrn
isjgbujy
kfkvedfq
kpfdmdkd
kqkgfijx
lzjwnros
mfyqetyg
msrmotcq
mtslodhu
odxoclpa
oftzhnyu
orocczee
pecsotjw
pkmxtsdk
ptkffagf
qaugseww
qypzrnsz
rrnjoobg
rtcmraiz
rugdmnkj
tqjubgez
ujddvplb
unlgufma
wizyusmp
xaleehuy
xqtdjpvo

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=dword:00000001
"DisableNotifications"=dword:00000000
NOTE: Make sure WordWrap is unchecked in Notepad by clicking on the "Format" menu icon.

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.





After doing that, please do the following:


Please run Malwarebytes' Anti-Malware
  • Update it by clicking on the Update tab and then on the button.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan. Scan all of your harddrives.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
 

Nitsua88

Thread Starter
Joined
Apr 22, 2010
Messages
11
I did the two scans and here are the results. It appears that I had a bunch of things wrong on my computer! Thanks!

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4028

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/23/2010 9:36:51 PM
mbam-log-2010-04-23 (21-36-51).txt

Scan type: Full scan (C:\|G:\|)
Objects scanned: 211408
Time elapsed: 1 hour(s), 25 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 25

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{a9722a0d-365f-47d2-b70b-37d046316d99} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{d8c0508c-e235-4d9e-a27e-c8bb5f527dc9} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2e54ac53-efa4-4831-a3f6-b47b1a1937cf} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MessengerUpdateProject.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MsgU_pdate (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adhlpr.adhlpr (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adhlpr.adhlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Austin\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\Documents and Settings\Austin\Application Data\Messenger\Drivers\Aud32\msgasst84.dll.vir (Adware.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Austin\Application Data\Messenger\Drivers\Aud32\msgutil84.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Austin\Application Data\Messenger\Sys\mu.dll.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\ezLife\ezLife\1.3.6.0\uninstall.exe.vir (Adware.EZlife) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\ezLife\ezLife\1.4.1.0\uninstall.exe.vir (Adware.EZlife) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\Smart-Ads-Solutions\SmartAds\1.3.6.0\SmartAdsxtra.dll.vir (Adware.SmartAdsSolutions) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\Smart-Ads-Solutions\SmartAds\1.3.6.0\uninstall.exe.vir (Adware.EZlife) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\Smart-Ads-Solutions\SmartAds\1.4.1.0\uninstall.exe.vir (Adware.EZlife) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\mqvcwzno.dll.vir (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\phwchcez.dll.vir (Adware.EzLife) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E3B77607-7730-4143-9B32-58E4F8A56F5D}\RP1852\A0208831.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E3B77607-7730-4143-9B32-58E4F8A56F5D}\RP1852\A0208832.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E3B77607-7730-4143-9B32-58E4F8A56F5D}\RP1852\A0208837.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E3B77607-7730-4143-9B32-58E4F8A56F5D}\RP1852\A0208838.exe (Adware.EZlife) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E3B77607-7730-4143-9B32-58E4F8A56F5D}\RP1852\A0208839.exe (Adware.EZlife) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E3B77607-7730-4143-9B32-58E4F8A56F5D}\RP1852\A0208841.exe (Adware.EZlife) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E3B77607-7730-4143-9B32-58E4F8A56F5D}\RP1852\A0208842.exe (Adware.EZlife) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E3B77607-7730-4143-9B32-58E4F8A56F5D}\RP1852\A0208844.dll (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E3B77607-7730-4143-9B32-58E4F8A56F5D}\RP1852\A0208845.dll (Adware.EzLife) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E3B77607-7730-4143-9B32-58E4F8A56F5D}\RP1852\A0208840.dll (Adware.SmartAdsSolutions) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\components\nsFFxSHot.xpt (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\sto452688.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\sto452712.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\sto452730.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\sto453148.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
 

Attachments

NeonFx

Malware Specialist
Joined
Oct 22, 2008
Messages
4,811
Yep, there was a lot on there. Let's get the rest of it:

STEP 1

Run OTS

  • Under the Paste Fix Here box on the right, paste in the contents of following code box

Code:
[Unregister Dlls]
[Registry - All]
< HOSTS File > ([2010/04/22 21:09:40 | 000,391,989 | R--- | M] - 13590 lines) -> C:\WINDOWS\system32\drivers\etc\hosts
YN -> Reset Hosts -> 
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
YN -> \{5b673ca2-cc98-11de-9ab7-001d7e0e68e9} -> 
YN -> \{5b673ca2-cc98-11de-9ab7-001d7e0e68e9} -> 
YN -> \{6229fbcb-3d56-11de-9a55-001d7e0e68e9} -> 
YN -> \{6ef4fbdd-4d53-11dd-99f6-000bdbb6235b} -> 
YN -> \{6ef4fbdd-4d53-11dd-99f6-000bdbb6235b} -> 
YN -> \{6ef4fbdd-4d53-11dd-99f6-000bdbb6235b} -> 
YN -> \{6ef4fbdd-4d53-11dd-99f6-000bdbb6235b} -> 
YN -> \{6ef4fbdd-4d53-11dd-99f6-000bdbb6235b} -> 
[Files/Folders - Modified Within 30 Days]
NY ->  at60K0 -> C:\Documents and Settings\Austin\Local Settings\Application Data\at60K0
NY ->  at60K0 -> C:\Documents and Settings\All Users\Application Data\at60K0
NY ->  LqB0St6ge8 -> C:\Documents and Settings\Austin\Local Settings\Application Data\LqB0St6ge8
NY ->  LqB0St6ge8 -> C:\Documents and Settings\All Users\Application Data\LqB0St6ge8
NY ->  RJAhr0NY5OVC -> C:\Documents and Settings\Austin\Local Settings\Application Data\RJAhr0NY5OVC
NY ->  RJAhr0NY5OVC -> C:\Documents and Settings\All Users\Application Data\RJAhr0NY5OVC
NY ->  t62kNvy -> C:\Documents and Settings\All Users\Application Data\t62kNvy
NY ->  t35517xJLuG -> C:\Documents and Settings\Austin\Local Settings\Application Data\t35517xJLuG
NY ->  t35517xJLuG -> C:\Documents and Settings\All Users\Application Data\t35517xJLuG
NY ->  S3BtOWUBpf5 -> C:\Documents and Settings\All Users\Application Data\S3BtOWUBpf5
NY ->  JH40y5L -> C:\Documents and Settings\All Users\Application Data\JH40y5L
NY ->  K6sEH5Ir2Is -> C:\Documents and Settings\Austin\Local Settings\Application Data\K6sEH5Ir2Is
NY ->  K6sEH5Ir2Is -> C:\Documents and Settings\All Users\Application Data\K6sEH5Ir2Is
NY ->  1585116398.dll -> C:\Documents and Settings\Austin\Local Settings\Application Data\1585116398.dll
NY ->  8Cq4r -> C:\Documents and Settings\Austin\Local Settings\Application Data\8Cq4r
NY ->  8Cq4r -> C:\Documents and Settings\All Users\Application Data\8Cq4r
NY ->  1360466830.dll -> C:\Documents and Settings\Austin\Local Settings\Application Data\1360466830.dll
[Files - No Company Name]
NY ->  LqB0St6ge8 -> C:\Documents and Settings\Austin\Local Settings\Application Data\LqB0St6ge8
NY ->  LqB0St6ge8 -> C:\Documents and Settings\All Users\Application Data\LqB0St6ge8
NY ->  RJAhr0NY5OVC -> C:\Documents and Settings\Austin\Local Settings\Application Data\RJAhr0NY5OVC
NY ->  RJAhr0NY5OVC -> C:\Documents and Settings\All Users\Application Data\RJAhr0NY5OVC
NY ->  at60K0 -> C:\Documents and Settings\All Users\Application Data\at60K0
NY ->  at60K0 -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\at60K0
NY ->  t62kNvy -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\t62kNvy
NY ->  t62kNvy -> C:\Documents and Settings\All Users\Application Data\t62kNvy
NY ->  t35517xJLuG -> C:\Documents and Settings\Austin\Local Settings\Application Data\t35517xJLuG
NY ->  t35517xJLuG -> C:\Documents and Settings\All Users\Application Data\t35517xJLuG
NY ->  S3BtOWUBpf5 -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\S3BtOWUBpf5
NY ->  S3BtOWUBpf5 -> C:\Documents and Settings\All Users\Application Data\S3BtOWUBpf5
NY ->  JH40y5L -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\JH40y5L
NY ->  JH40y5L -> C:\Documents and Settings\All Users\Application Data\JH40y5L
NY ->  1585116398.dll -> C:\Documents and Settings\Austin\Local Settings\Application Data\1585116398.dll
NY ->  K6sEH5Ir2Is -> C:\Documents and Settings\Austin\Local Settings\Application Data\K6sEH5Ir2Is
NY ->  K6sEH5Ir2Is -> C:\Documents and Settings\All Users\Application Data\K6sEH5Ir2Is
NY ->  1360466830.dll -> C:\Documents and Settings\Austin\Local Settings\Application Data\1360466830.dll
NY ->  8Cq4r -> C:\Documents and Settings\Austin\Local Settings\Application Data\8Cq4r
NY ->  8Cq4r -> C:\Documents and Settings\All Users\Application Data\8Cq4r
[Custom Scans]
NY ->  cdw31.exe -> C:\cdw31.exe
[Empty Temp Folders]
[EmptyFlash]
[ClearAllRestorePoints]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • This will create a log in C:\_OTS\MovedFiles\<date>_<time>.log where date and time are those of when the fix was run. Open it from there if it does not appear automatically on reboot. Please copy and paste or attach the contents of that file here.

Note: You may receive some errors while running the fix. Just press Ok and the fix should continue normally.
If it seems to get stuck, give it some time. It's probably still working.


STEP 2


Run ESET Online Scan


  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the
    button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on
      to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the
      icon on your desktop.
  4. Check
  5. Click the
    button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push
    , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the
    button.
  13. Push
You can refer to this animation by neomage if needed.
 

Nitsua88

Thread Starter
Joined
Apr 22, 2010
Messages
11
I finish with the two scans. Here are the results.

ESET SCAN

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondesdn.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Qoobox\Quarantine\[4]-Submit_2010-04-23_19.39.58.zip multiple threats deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Austin\Application Data\Messenger\Drivers\phuninst.dll.vir probably a variant of Win32/TrojanClicker.Agent trojan cleaned by deleting - quarantined
G:\Music\Shared Music\Super Mario RPG.zip multiple threats deleted - quarantined
 

NeonFx

Malware Specialist
Joined
Oct 22, 2008
Messages
4,811
Good! Nothing serious. How's the computer running? Ready for my cleanup instructions?
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top