1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Ave.exe and Links on Google Virus

Discussion in 'Virus & Other Malware Removal' started by Nitsua88, Apr 22, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. Nitsua88

    Nitsua88 Thread Starter

    Joined:
    Apr 22, 2010
    Messages:
    11
    Hello,

    I have had a problem with my computer the last month and no matter what I do I can not fix it. I need help please! Randomly a antivirus removal tool will pop up that I don't have, and along with my computer telling me I am at high risk. I have figured out the quick way to get rid of this is to press CTL ALT DEL and end the file ave.exe. This works for a little bit but then it will pop up again. Also I've noticed that when I try to search on google most of the links I click on take me to something I completely didn't want to go to like ads or search pages. If anyone can help I will be greatly happy. Thanks.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:32:29 AM, on 4/22/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$SOSHOME22\Binn\sqlservr.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: ezLife browser enhancer mqvcwzno - {4DED0D91-9EC7-4705-B8B6-80EF3942F33F} - C:\WINDOWS\system32\mqvcwzno.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O8 - Extra context menu item: &Search - ?p=ZLfox000
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Search Current News - file://\program files\powershell-xp3\search5.htm
    O8 - Extra context menu item: Search Encyclopedia - file://\program files\powershell-xp3\search4.htm
    O8 - Extra context menu item: Search for Images - file://\program files\powershell-xp3\search3.htm
    O8 - Extra context menu item: Search Newsgroups - file://\program files\powershell-xp3\search2.htm
    O8 - Extra context menu item: Search the Web - file://\program files\powershell-xp3\search.htm
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141655441157
    O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} (Enlite 2.x Simulation Engine Installer) - http://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by108fd.bay108.hotmail.msn.com/activex/HMAtchmt.ocx
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

    --
    End of file - 6700 bytes
     
  2. NeonFx

    NeonFx Malware Specialist

    Joined:
    Oct 22, 2008
    Messages:
    4,811
    Hello there :cool: Welcome to the TSG Forums.
    My name is NeonFx. I'll be glad to help you with your computer problems. Logs can take some time to research, so please be patient with me.


    Please note the following:
    • The fixes are specific to your problem and should only be used on this machine.
    • Please continue to review my answers until I tell you your machine appears to be clean. Absence of symptoms does not necessarily mean that the system is completely clean.
    • It's often worth reading through these instructions and printing them for ease of reference. I may ask you to boot into Safe Mode where you will be unable to follow my instructions online.
    • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    • Please reply to this thread. Do not start a new topic.



    Step 1


    Please download exeHelper to your desktop.
    Double-click on exeHelper.com to run the fix.
    A black window should pop up, press any key to close once the fix is completed.
    Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)

    Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).


    Step 2

    Download OTS to your Desktop

    • Close ALL OTHER PROGRAMS.
    • Double-click on OTS.exe to start the program.
    • Check the box that says Scan All Users
    • Under Basic Scans please change the radio button under Registry from Safe List to All.
    • Under Additional Scans check the following:
      • Reg - Desktop Components
      • Reg - Disabled MS Config Items
      • Reg - NetSvcs
      • Reg - Shell Spawning
      • Reg - Uninstall List
      • File - Lop Check
      • File - Purity Scan
      • Evnt - EvtViewer (last 10)
    • Please paste the contents of the following codebox into the Custom Scans box at the bottom
    Code:
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    • Now click the Run Scan button on the toolbar.
    • Let it run unhindered until it finishes.
    • When the scan is complete Notepad will open with the report file loaded in it.
    • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
    Please attach the log in your next post. To do so click on the blue "Reply" button or "Go Advanced" and click on the "Manage Attachments" button

    Step 3

    [​IMG] GMER Rootkit Scanner
    Please download GMER from one of the following locations and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zipped Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
    • Disconnect from the Internet and close all running programs. Make sure you disable your security programs as well, as they may interfere with the program.
    • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
    • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

      [​IMG]
    • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
    • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
    • Now click the Scan button. If you see a rootkit warning window, click OK.
    • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
    • Click the Copy button and paste the results into your next reply.
    • Exit GMER and re-enable your security programs when done.


    If you have trouble running GMER, please try running it in Safe Mode. To get to Safe Mode you'll need to repeatedly tap the F8 key on your keyboard as you turn your computer on until a black and white menu appears with the option.

    If you continue to have trouble with it, try running it without the "Files" scan checked.
     
  3. Nitsua88

    Nitsua88 Thread Starter

    Joined:
    Apr 22, 2010
    Messages:
    11
    Thank you so much for responding and for the help. Well I downloaded the exehelper.exe file to my desktop but when I try to double click on it nothing happens. What do I need to do?
     
  4. NeonFx

    NeonFx Malware Specialist

    Joined:
    Oct 22, 2008
    Messages:
    4,811
    Try this instead of exehelper:

    Please download and run the following tool to help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click and choose Run as Administrator
    You only need to get one of them to run, not all of them. If one doesn't work try a different one.

     
  5. Nitsua88

    Nitsua88 Thread Starter

    Joined:
    Apr 22, 2010
    Messages:
    11
    I downloaded each one at a time but when I tried to open the file it said "An Unknown Error Has Occurred. The Program will be terminated".
     
  6. NeonFx

    NeonFx Malware Specialist

    Joined:
    Oct 22, 2008
    Messages:
    4,811
    Do me a favor and save exehelper, rkill, OTS and GMER to your desktop and then load your computer into Safe Mode. To do that, you'll need to repeatedly tap the F8 key on your keyboard as you turn your computer on until a black and white menu with the option appears. It should appear before the Windows logo comes up and if it doesn't, you'll need to try again.


    Then try running the tools in Safe Mode for me.
     
  7. Nitsua88

    Nitsua88 Thread Starter

    Joined:
    Apr 22, 2010
    Messages:
    11
    Ok well once I started in Safe mode the exehelp file worked! But I forgot to copy the codes for the second step so I had to start back the computer to get online to save a copy of them. I didn't realize that you wanted me to do all the scans on safe mode. I did the first one in safe mode and the second and third I did them normal following all your instructions. Here are all the logs. O and I forgot to tell you that my os is XP Home. Thanks so much. I hope I didn't do anything wrong.

    Step 1

    exeHelper by Raktor
    Build 20100414
    Run at 13:29:56 on 04/23/10
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Deleting file C:\Documents and Settings\Austin\Local Settings\Application Data\ave.exe
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Removing HKCR\secfile
    Resetting filetype association for .com
    Removing HKCR\secfile
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--

    Step 2

    Code:
    OTS logfile created on: 4/23/2010 1:42:32 PM - Run 1
    OTS by OldTimer - Version 3.1.29.0     Folder = C:\Documents and Settings\Austin\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
    4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
    Paging file location(s): C:\pagefile.sys 0 0 [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.50 Gb Total Space | 54.74 Gb Free Space | 73.48% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    Drive G: | 465.65 Gb Total Space | 432.18 Gb Free Space | 92.81% Space Free | Partition Type: FAT32
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
     
    Computer Name: AUSTIN
    Current User Name: Austin
    Logged in as Administrator.
     
    Current Boot Mode: Normal
    Scan Mode: All users
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
     
    [Processes - Safe List]
    ots.exe -> C:\Documents and Settings\Austin\Desktop\OTS.exe -> [2010/04/21 22:30:19 | 000,638,976 | ---- | M] (OldTimer Tools)
    dkservice.exe -> C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -> [2010/04/15 19:01:58 | 001,732,960 | ---- | M] (Diskeeper Corporation)
    msmpeng.exe -> C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -> [2009/12/09 19:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation)
    mpcmdrun.exe -> C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe -> [2009/12/09 19:02:36 | 000,202,776 | ---- | M] (Microsoft Corporation)
    snmp.exe -> C:\WINDOWS\system32\snmp.exe -> [2008/04/13 20:12:36 | 000,033,280 | ---- | M] (Microsoft Corporation)
    explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
    sqlservr.exe -> C:\Program Files\Microsoft SQL Server\MSSQL$SOSHOME22\Binn\sqlservr.exe -> [2002/12/17 18:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation)
    tcpsvcs.exe -> C:\WINDOWS\system32\tcpsvcs.exe -> [2002/09/03 13:06:31 | 000,019,456 | ---- | M] (Microsoft Corporation)
     
    [Modules - Safe List]
    ots.exe -> C:\Documents and Settings\Austin\Desktop\OTS.exe -> [2010/04/21 22:30:19 | 000,638,976 | ---- | M] (OldTimer Tools)
     
    [Win32 Services - Safe List]
    (WMP54Gv4SVC) WMP54Gv4SVC [Disabled | Stopped] ->  -> File not found
    (SamSsRDSessMgr) Security Accounts Manager SamSsRDSessMgr [Disabled | Stopped] ->  -> File not found
    (Diskeeper) Diskeeper [Auto | Running] -> C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -> [2010/04/15 19:01:58 | 001,732,960 | ---- | M] (Diskeeper Corporation)
    (Apple Mobile Device) Apple Mobile Device [Disabled | Stopped] -> C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -> [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.)
    (MsMpSvc) Microsoft Antimalware Service [Auto | Running] -> C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -> [2009/12/09 19:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation)
    (SNMP) SNMP Service [Auto | Running] -> C:\WINDOWS\system32\snmp.exe -> [2008/04/13 20:12:36 | 000,033,280 | ---- | M] (Microsoft Corporation)
    (p2pgasvc) Peer Networking Group Authentication [On_Demand | Stopped] -> C:\WINDOWS\system32\p2pgasvc.dll -> [2008/04/13 20:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation)
    (MSSQL$SOSHOME22) MSSQL$SOSHOME22 [Auto | Running] -> C:\Program Files\Microsoft SQL Server\MSSQL$SOSHOME22\Binn\sqlservr.exe -> [2002/12/17 18:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation)
    (SQLAgent$SOSHOME22) SQLAgent$SOSHOME22 [On_Demand | Stopped] -> C:\Program Files\Microsoft SQL Server\MSSQL$SOSHOME22\Binn\sqlagent.EXE -> [2002/12/17 18:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation)
    (SimpTcp) Simple TCP/IP Services [Auto | Running] -> C:\WINDOWS\system32\tcpsvcs.exe -> [2002/09/03 13:06:31 | 000,019,456 | ---- | M] (Microsoft Corporation)
    (LPDSVC) TCP/IP Print Server [On_Demand | Stopped] -> C:\WINDOWS\system32\tcpsvcs.exe -> [2002/09/03 13:06:31 | 000,019,456 | ---- | M] (Microsoft Corporation)
     
    [Driver Services - Safe List]
    (IPSec) IPSEC driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\ipsec.sys -> [2010/04/22 07:14:08 | 000,075,264 | ---- | M] ()
    (DKRtWrt) DKRtWrt [File_System | On_Demand | Running] -> C:\WINDOWS\system32\drivers\DKRtWrt.sys -> [2010/03/10 11:29:24 | 000,042,144 | ---- | M] (Diskeeper Corporation)
    (Tcpip6) Microsoft IPv6 Protocol Driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\tcpip6.sys -> [2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation)
    (MpFilter) Microsoft Malware Protection Driver [File_System | System | Running] -> C:\WINDOWS\system32\drivers\MpFilter.sys -> [2009/12/02 16:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation)
    (usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\USBAUDIO.sys -> [2008/04/13 15:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation)
    (WinUSB) WinUSB [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\winusb.sys -> [2006/11/02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation)
    (CO_Mon) CO_Mon [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\CO_Mon.sys -> [2006/10/04 07:17:36 | 000,028,672 | ---- | M] ()
    (ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ati2mtag.sys -> [2006/05/03 12:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.)
    (RT61) Linksys Wireless-G PCI Adapter Driver(RT61) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\rt61.sys -> [2005/10/27 15:06:30 | 000,356,096 | ---- | M] (Ralink Technology Inc.)
    (P17) Sound Blaster Audigy [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\P17.sys -> [2005/07/07 04:14:30 | 001,389,056 | R--- | M] (Creative Technology Ltd.)
    (BCM42RLY) BCM42RLY [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\bcm42rly.sys -> [2005/02/01 18:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation)
    (ossrv) Creative OS Services Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ctoss2k.sys -> [2005/01/10 06:15:30 | 000,106,496 | R--- | M] (Creative Technology Ltd.)
    (ctsfm2k) Creative SoundFont Management Device Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ctsfm2k.sys -> [2005/01/10 06:15:24 | 000,138,752 | R--- | M] (Creative Technology Ltd)
    (BCMModem) BCM V.92 56K Modem [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\BCMSM.sys -> [2003/08/29 05:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation)
    (bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\bcm4sbxp.sys -> [2003/06/30 18:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation)
    (NETGEAR_WG311_SERVICE) NETGEAR WG311 Wireless PCI Adapter Service [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\wg311nd5.sys -> [2003/03/17 21:27:50 | 000,307,904 | ---- | M] (Atheros Communications, Inc.)
    (AWINDIS5) AWINDIS5 Protocol Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\AWINDIS5.SYS -> [2002/04/11 18:43:44 | 000,016,194 | ---- | M] (AMBIT Microsystems Corporation.)
    (OMCI) OMCI [Kernel | System | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -> [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation)
    (USRpdA) U.S. Robotics 56K PCI Faxmodem Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\USRpdA.sys -> [2001/08/17 14:28:26 | 000,113,762 | ---- | M] (U.S. Robotics Corporation)
    (MODEMCSA) Unimodem Streaming Filter Device [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\MODEMCSA.sys -> [2001/08/17 09:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation)
     
    [Registry - All]
    < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
    HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
    HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
    HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  [binary data] -> 
    HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
    HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
    HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
    HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
    HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
    HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
    HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
    HKEY_LOCAL_MACHINE\: "ProxyEnable" -> 0 -> 
    HKEY_LOCAL_MACHINE\: "ProxyOverride" -> *.local;<local> -> 
    < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
    HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
    < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
    HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
    < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
    HKEY_USERS\S-1-5-19\: "ProxyEnable" -> 0 -> 
    < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
    HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 -> 
    < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\] > -> -> 
    HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
    HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\: Main\\"Page_Transitions" -> 1 -> 
    HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
    HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\: Main\\"Start Page" -> about:blank -> 
    HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\: URLSearchHooks\\"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" [HKLM] -> C:\WINDOWS\system32\ieframe.dll [Microsoft Url Search Hook] -> [2010/02/25 11:54:36 | 011,070,976 | ---- | M] (Microsoft Corporation)
    HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\: "ProxyEnable" -> 0 -> 
    HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\: "ProxyOverride" -> <local>;*.local -> 
    < FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Austin\Application Data\Mozilla\FireFox\Profiles\0fhuups1.default\prefs.js -> 
    browser.startup.homepage -> "www.google.com" ->
    extensions.enabledItems -> {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 ->
    extensions.enabledItems -> {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.4.14.1 ->
    extensions.enabledItems -> {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9 ->
    extensions.enabledItems -> {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2 ->
    extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3 ->
    extensions.enabledItems -> [email protected]:3.6.5 ->
    < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
    HKLM\software\mozilla\Firefox\Extensions ->  -> 
    HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3] -> [2010/03/31 22:34:42 | 000,000,000 | ---D | M]
    HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions ->  -> 
    HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/04/21 17:47:20 | 000,000,000 | ---D | M]
    HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/04/23 10:35:31 | 000,000,000 | ---D | M]
    HKLM\software\mozilla\Thunderbird\Extensions ->  -> 
    < FireFox Extensions [User Folders] > -> 
      -> C:\Documents and Settings\Austin\Application Data\Mozilla\Extensions -> [2010/04/21 17:47:31 | 000,000,000 | ---D | M]
    No name found   -> C:\Documents and Settings\Austin\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2010/04/21 17:47:31 | 000,000,000 | ---D | M]
      -> C:\Documents and Settings\Austin\Application Data\Mozilla\Extensions\[email protected] -> [2009/04/12 17:16:26 | 000,000,000 | ---D | M]
      -> C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\0fhuups1.default\extensions -> [2010/04/23 10:21:09 | 000,000,000 | ---D | M]
    Forecastfox   -> C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\0fhuups1.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} -> [2010/04/23 09:15:58 | 000,000,000 | ---D | M]
    IE Tab 2 (FF 3.6+)   -> C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\0fhuups1.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} -> [2010/04/22 09:35:50 | 000,000,000 | ---D | M]
    DownThemAll!   -> C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\0fhuups1.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} -> [2010/04/23 09:15:59 | 000,000,000 | ---D | M]
    Greasemonkey   -> C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\0fhuups1.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} -> [2010/04/21 17:49:03 | 000,000,000 | ---D | M]
      -> C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\0fhuups1.default\extensions\[email protected] -> [2010/04/23 10:12:03 | 000,000,000 | ---D | M]
    < FireFox Extensions [Program Folders] > -> 
      -> C:\Program Files\Mozilla Firefox\extensions -> [2010/04/21 17:47:06 | 000,000,000 | ---D | M]
    Default   -> C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2010/04/21 17:47:06 | 000,000,000 | ---D | M]
    < HOSTS File > ([2010/04/22 21:09:40 | 000,391,989 | R--- | M] - 13590 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
    First 25 entries...
    Reset Hosts
    127.0.0.1 localhost
    127.0.0.1    www.007guard.com
    127.0.0.1    007guard.com
    127.0.0.1    008i.com
    127.0.0.1    www.008k.com
    127.0.0.1    008k.com
    127.0.0.1    www.00hq.com
    127.0.0.1    00hq.com
    127.0.0.1    010402.com
    127.0.0.1    www.032439.com
    127.0.0.1    032439.com
    127.0.0.1    www.0scan.com
    127.0.0.1    0scan.com
    127.0.0.1    1000gratisproben.com
    127.0.0.1    www.1000gratisproben.com
    127.0.0.1    1001namen.com
    127.0.0.1    www.1001namen.com
    127.0.0.1    100888290cs.com
    127.0.0.1    www.100888290cs.com
    127.0.0.1    www.100sexlinks.com
    127.0.0.1    100sexlinks.com
    127.0.0.1    10sek.com
    127.0.0.1    www.10sek.com
    127.0.0.1    www.1-2005-search.com
    < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
    {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    {0347C33E-8762-4905-BF09-768834316C61} [HKLM] -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [HP Print Enhancer] -> [2009/10/22 05:29:58 | 000,328,248 | ---- | M] (Hewlett-Packard Co.)
    {18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2010/04/03 19:36:42 | 000,075,200 | ---- | M] (Adobe Systems Incorporated)
    {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    {72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Browser Helper] -> [2009/02/12 15:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation)
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2009/01/14 21:03:38 | 000,320,920 | ---- | M] (Sun Microsystems, Inc.)
    {DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/01/14 21:03:37 | 000,034,816 | ---- | M] (Sun Microsystems, Inc.)
    {E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/01/14 21:03:38 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.)
    {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} [HKLM] -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [HP Smart BHO Class] -> [2009/10/22 05:29:56 | 000,517,688 | ---- | M] (Hewlett-Packard Co.)
    < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\ -> 
    WebBrowser\\"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" [HKLM] -> C:\WINDOWS\system32\browseui.dll [&Address] -> [2008/04/13 20:11:50 | 001,025,024 | ---- | M] (Microsoft Corporation)
    WebBrowser\\"{0E5CBF21-D15F-11D0-8301-00AA005B4383}" [HKLM] -> C:\WINDOWS\system32\shell32.dll [&Links] -> [2008/06/17 15:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation)
    WebBrowser\\"{10134636-E7AF-4AC5-A1DC-C7C44BB97D81}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    WebBrowser\\"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    "Adobe ARM" -> C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe ["C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"] -> [2010/03/24 14:17:47 | 000,952,768 | ---- | M] (Adobe Systems Incorporated)
    "Adobe Reader Speed Launcher" -> C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe ["C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"] -> [2010/04/04 01:42:51 | 000,036,272 | ---- | M] (Adobe Systems Incorporated)
    < Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    "DWQueuedReporting" -> C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE ["C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t] -> [2008/11/04 01:44:24 | 000,435,096 | ---- | M] (Microsoft Corporation)
    < Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    "DWQueuedReporting" -> C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE ["C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t] -> [2008/11/04 01:44:24 | 000,435,096 | ---- | M] (Microsoft Corporation)
    < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> 
    < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
    < Austin Startup Folder > -> C:\Documents and Settings\Austin\Start Menu\Programs\Startup -> 
    < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
    < Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
    < Software Policy Settings [HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004] > -> HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
    HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel\HomePage
    \Control Panel\HomePage\\"" ->  [0] -> File not found
    < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"HonorAutoRunSetting" ->  [1] -> File not found
    \\"NoSetActiveDesktop" ->  [0] -> File not found
    \\"NoActiveDesktopChanges" ->  [0] -> File not found
    \\"NoFolderOptions" ->  [0] -> File not found
    \\"NoRun" ->  [0] -> File not found
    < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
    \\"dontdisplaylastusername" ->  [0] -> File not found
    \\"legalnoticecaption" ->  [] -> File not found
    \\"legalnoticetext" ->  [] -> File not found
    \\"shutdownwithoutlogon" ->  [1] -> File not found
    \\"undockwithoutlogon" ->  [1] -> File not found
    \\"DisableTaskMgr" ->  [0] -> File not found
    \\"DisableRegistryTools" ->  [0] -> File not found
    \\"DisableCMD" ->  [0] -> File not found
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\dontdisplaylastusername
    \dontdisplaylastusername\\"" ->  [0] -> File not found
    < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDriveTypeAutoRun" ->  [145] -> File not found
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDriveTypeAutoRun" ->  [145] -> File not found
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDriveTypeAutoRun" ->  [145] -> File not found
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDriveTypeAutoRun" ->  [145] -> File not found
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004] > -> HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDriveTypeAutoRun" ->  [145] -> File not found
    \\"NoSetActiveDesktop" ->  [0] -> File not found
    \\"NoActiveDesktopChanges" ->  [0] -> File not found
    \\"NoFolderOptions" ->  [0] -> File not found
    \\"NoRun" ->  [0] -> File not found
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004] > -> HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
    HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
    \\"DisableTaskMgr" ->  [0] -> File not found
    \\"DisableRegistryTools" ->  [0] -> File not found
    \\"DisableCMD" ->  [0] -> File not found
    HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\DisableRegistryTools
    \DisableRegistryTools\\"" ->  [0] -> File not found
    HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\DisableRegistryTools\ShowInfoTip
    \DisableRegistryTools\ShowInfoTip\\"" ->  [0] -> File not found
    < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\Software\Microsoft\Internet Explorer\MenuExt\ -> 
    &Search ->  [?p=ZLfox000] -> File not found
    E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000] -> [2010/01/15 01:57:10 | 018,343,272 | ---- | M] (Microsoft Corporation)
    Search Current News ->  [file://\program files\powershell-xp3\search5.htm] -> File not found
    Search Encyclopedia ->  [file://\program files\powershell-xp3\search4.htm] -> File not found
    Search for Images ->  [file://\program files\powershell-xp3\search3.htm] -> File not found
    Search Newsgroups ->  [file://\program files\powershell-xp3\search2.htm] -> File not found
    Search the Web ->  [file://\program files\powershell-xp3\search.htm] -> File not found
    < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
    {2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2009/02/26 19:45:52 | 000,603,040 | ---- | M] (Microsoft Corporation)
    {2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2009/02/26 19:45:52 | 000,603,040 | ---- | M] (Microsoft Corporation)
    {92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2009/03/06 04:04:56 | 000,039,464 | ---- | M] (Microsoft Corporation)
    {DDE87865-83C5-48c4-8357-2F5B1AA84522}:{DDE87865-83C5-48c4-8357-2F5B1AA84522} [HKLM] -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [Button: Show or hide HP Smart Web Printing] -> [2009/10/22 05:29:56 | 000,517,688 | ---- | M] (Hewlett-Packard Co.)
    {e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 000,558,080 | ---- | M] (Microsoft Corporation)
    {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 20:12:28 | 001,695,232 | -HS- | M] (Microsoft Corporation)
    {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 20:12:28 | 001,695,232 | -HS- | M] (Microsoft Corporation)
    < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> 
    CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 001,695,232 | -HS- | M] (Microsoft Corporation)
    < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> 
    CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 001,695,232 | -HS- | M] (Microsoft Corporation)
    < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\Software\Microsoft\Internet Explorer\Extensions\ -> 
    CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> C:\WINDOWS\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 19:26:26 | 000,947,472 | ---- | M] (Microsoft Corporation)
    CmdMapping\\"{2670000A-7350-4f3c-8081-5663EE0C6C49}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Send to OneNote] -> [2009/02/26 19:45:52 | 000,603,040 | ---- | M] (Microsoft Corporation)
    CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2009/03/06 04:04:56 | 000,039,464 | ---- | M] (Microsoft Corporation)
    CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 000,558,080 | ---- | M] (Microsoft Corporation)
    CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 001,695,232 | -HS- | M] (Microsoft Corporation)
    < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
    PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
    PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
    < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
    "" -> http://
    < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6997 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6996 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6996 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7446 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 55 range(s) found. -> 
    < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
    {0CCA191D-13A6-4E29-B746-314DEE697D83} [HKLM] -> http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab [Facebook Photo Uploader 5 Control] -> 
    {17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://go.microsoft.com/fwlink/?linkid=48835 [Windows Genuine Advantage Validation Tool] -> 
    {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} [HKLM] -> http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab [Symantec AntiVirus scanner] -> 
    {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [HKLM] -> http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab [MSN Photo Upload Tool] -> 
    {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} [HKLM] -> http://upload.facebook.com/controls/FacebookPhotoUploader3.cab [Facebook Photo Uploader 4 Control] -> 
    {5ED80217-570B-4DA9-BF44-BE107C0EC166} [HKLM] -> http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab [Windows Live Safety Center Base Module] -> 
    {5F8469B4-B055-49DD-83F7-62B522420ECC} [HKLM] -> http://upload.facebook.com/controls/FacebookPhotoUploader.cab [Facebook Photo Uploader Control] -> 
    {644E432F-49D3-41A1-8DD5-E099162EEEC5} [HKLM] -> http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab [Symantec RuFSI Utility Class] -> 
    {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141655441157 [MUWebControl Class] -> 
    {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] -> 
    {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab [Reg Error: Key error.] -> 
    {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} [HKLM] -> http://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab [Enlite 2.x Simulation Engine Installer] -> 
    {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab [Reg Error: Key error.] -> 
    {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab [Reg Error: Key error.] -> 
    {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab [Java Plug-in 1.5.0_06] -> 
    {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] -> 
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] -> 
    {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} [HKLM] ->  [Reg Error: Value error.] -> 
    {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} [HKLM] -> http://by108fd.bay108.hotmail.msn.com/activex/HMAtchmt.ocx [Hotmail Attachments Control] -> 
    {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} [HKLM] -> https://secure.logmein.com/activex/ractrl.cab?lmi=100 [Performance Viewer Activex Control] -> 
    DirectAnimation Java Classes [HKLM] -> file://C:\WINDOWS\Java\classes\dajava.cab [Reg Error: Key error.] -> 
    Microsoft XML Parser for Java [HKLM] -> file://C:\WINDOWS\Java\classes\xmldso.cab [Reg Error: Key error.] -> 
    < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
    DhcpNameServer -> 97.64.180.150 97.64.179.254 -> 
    < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
    {C2391CA8-EFBF-496A-BC08-1B7F59F0D73D}\\DhcpNameServer -> 97.64.180.150 97.64.179.254   (Linksys Wireless-G PCI Adapter) -> 
    < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
    *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
    Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
    C:\WINDOWS\system32\userinit.exe -> C:\WINDOWS\system32\userinit.exe -> [2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
    logonui.exe -> C:\WINDOWS\System32\logonui.exe -> [2008/04/13 20:12:24 | 000,514,560 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
    rundll32 shell32 -> C:\WINDOWS\System32\shell32.dll -> [2008/06/17 15:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation)
    Control_RunDLL "sysdm.cpl" -> C:\WINDOWS\System32\sysdm.cpl -> [2008/04/13 20:12:41 | 000,300,544 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
    AtiExtEvent -> C:\WINDOWS\System32\ati2evxx.dll -> [2006/05/03 12:44:54 | 000,061,440 | ---- | M] (ATI Technologies Inc.)
    crypt32chain -> C:\WINDOWS\System32\crypt32.dll -> [2008/04/13 20:11:51 | 000,599,040 | ---- | M] (Microsoft Corporation)
    cryptnet -> C:\WINDOWS\System32\cryptnet.dll -> [2008/04/13 20:11:51 | 000,064,512 | ---- | M] (Microsoft Corporation)
    cscdll -> C:\WINDOWS\System32\cscdll.dll -> [2008/04/13 20:11:51 | 000,101,888 | ---- | M] (Microsoft Corporation)
    dimsntfy -> C:\WINDOWS\system32\dimsntfy.dll -> [2008/04/13 20:11:52 | 000,019,456 | ---- | M] (Microsoft Corporation)
    igfxcui -> C:\WINDOWS\System32\igfxsrvc.dll -> [2005/10/19 09:59:14 | 000,348,160 | ---- | M] (Intel Corporation)
    ScCertProp -> C:\WINDOWS\System32\wlnotify.dll -> [2008/04/13 20:12:09 | 000,092,672 | ---- | M] (Microsoft Corporation)
    Schedule -> C:\WINDOWS\System32\wlnotify.dll -> [2008/04/13 20:12:09 | 000,092,672 | ---- | M] (Microsoft Corporation)
    sclgntfy -> C:\WINDOWS\System32\sclgntfy.dll -> [2008/04/13 20:12:05 | 000,020,480 | ---- | M] (Microsoft Corporation)
    SensLogn -> C:\WINDOWS\System32\wlnotify.dll -> [2008/04/13 20:12:09 | 000,092,672 | ---- | M] (Microsoft Corporation)
    termsrv -> C:\WINDOWS\System32\wlnotify.dll -> [2008/04/13 20:12:09 | 000,092,672 | ---- | M] (Microsoft Corporation)
    WgaLogon -> C:\WINDOWS\System32\WgaLogon.dll -> [2006/06/19 16:20:42 | 000,702,768 | ---- | M] (Microsoft Corporation)
    wlballoon -> C:\WINDOWS\System32\wlnotify.dll -> [2008/04/13 20:12:09 | 000,092,672 | ---- | M] (Microsoft Corporation)
    < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
    "{fbeb8a05-beee-4442-804e-409d6c4515e9}" [HKLM] -> C:\WINDOWS\system32\shell32.dll [CDBurn] -> [2008/06/17 15:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation)
    "{7849596a-48ea-486e-8937-a2a3009f31a9}" [HKLM] -> C:\WINDOWS\system32\shell32.dll [PostBootReminder] -> [2008/06/17 15:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation)
    "{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKLM] -> C:\WINDOWS\system32\stobject.dll [SysTray] -> [2008/04/13 20:12:07 | 000,121,856 | ---- | M] (Microsoft Corporation)
    "{e57ce738-33e8-4c51-8354-bb4de9d215d1}" [HKLM] -> C:\WINDOWS\system32\upnpui.dll [UPnPMonitor] -> [2008/04/13 20:12:08 | 000,239,616 | ---- | M] (Microsoft Corporation)
    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> C:\WINDOWS\system32\webcheck.dll [WebCheck] -> [2009/03/08 04:34:48 | 000,236,544 | ---- | M] (Microsoft Corporation)
    "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKLM] -> C:\WINDOWS\system32\WPDShServiceObj.dll [WPDShServiceObj] -> [2006/10/18 22:47:22 | 000,133,632 | ---- | M] (Microsoft Corporation)
    < SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler -> 
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}" [HKLM] -> C:\WINDOWS\system32\browseui.dll [Browseui preloader] -> [2008/04/13 20:11:50 | 001,025,024 | ---- | M] (Microsoft Corporation)
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}" [HKLM] -> C:\WINDOWS\system32\browseui.dll [Component Categories cache daemon] -> [2008/04/13 20:11:50 | 001,025,024 | ---- | M] (Microsoft Corporation)
    < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" [HKLM] -> C:\WINDOWS\System32\shell32.dll [] -> [2008/06/17 15:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation)
    "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Stub Execution Hook] -> [2009/02/12 15:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation)
    "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}" [HKLM] -> Reg Error: Key error. [Eudora's Shell Extension] -> File not found
    < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
    *SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
    msapsspc.dll -> C:\WINDOWS\System32\msapsspc.dll -> [2008/04/13 20:11:58 | 000,086,016 | ---- | M] (Microsoft Corporation)
    schannel.dll -> C:\WINDOWS\System32\schannel.dll -> [2009/06/25 04:25:26 | 000,147,456 | ---- | M] (Microsoft Corporation)
    digest.dll -> C:\WINDOWS\System32\digest.dll -> [2008/04/13 20:11:52 | 000,068,608 | ---- | M] (Microsoft Corporation)
    msnsspc.dll -> C:\WINDOWS\System32\msnsspc.dll -> [2008/04/13 20:12:00 | 000,290,816 | ---- | M] (Microsoft Corporation)
    digiwet.dll ->  -> File not found
    *MultiFile Done* -> -> 
    < LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
    *LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
    msv1_0 -> C:\WINDOWS\System32\msv1_0.dll -> [2009/09/11 10:18:39 | 000,136,192 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    < LSA Security Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
    *LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
    kerberos -> C:\WINDOWS\System32\kerberos.dll -> [2009/06/25 04:25:26 | 000,301,568 | ---- | M] (Microsoft Corporation)
    msv1_0 -> C:\WINDOWS\System32\msv1_0.dll -> [2009/09/11 10:18:39 | 000,136,192 | ---- | M] (Microsoft Corporation)
    schannel -> C:\WINDOWS\System32\schannel.dll -> [2009/06/25 04:25:26 | 000,147,456 | ---- | M] (Microsoft Corporation)
    wdigest -> C:\WINDOWS\System32\wdigest.dll -> [2009/06/25 04:25:26 | 000,054,272 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
    "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 14:53:32 | 000,558,080 | ---- | M] (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 20:12:34 | 000,141,312 | ---- | M] (Microsoft Corporation)
    < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
    "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 14:53:32 | 000,558,080 | ---- | M] (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 20:12:34 | 000,141,312 | ---- | M] (Microsoft Corporation)
    "C:\Documents and Settings\Austin\Application Data\mjusbsp\magicJack.exe" -> C:\Documents and Settings\Austin\Application Data\mjusbsp\magicJack.exe [C:\Documents and Settings\Austin\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack] -> [2009/08/01 12:13:44 | 012,231,512 | ---- | M] (magicJack L.P.)
    "C:\Documents and Settings\Austin\Desktop\uTorrent.exe" -> C:\Documents and Settings\Austin\Desktop\uTorrent.exe [C:\Documents and Settings\Austin\Desktop\uTorrent.exe:*:Enabled:µTorrent] -> File not found
    "C:\Documents and Settings\Austin\Local Settings\Temporary Internet Files\Content.IE5\JX7LFDX1\Conquer_v5039_10_BC[1].exe" -> C:\Documents and Settings\Austin\Local Settings\Temporary Internet Files\Content.IE5\JX7LFDX1\Conquer_v5039_10_BC[1].exe [C:\Documents and Settings\Austin\Local Settings\Temporary Internet Files\Content.IE5\JX7LFDX1\Conquer_v5039_10_BC[1].exe:*:Enabled:BitCometLite] -> File not found
    "C:\Documents and Settings\Austin\Shared\Microsoft - Age of Empires 3 (Full PC Game)\Empire Earth.exe" -> C:\Documents and Settings\Austin\Shared\Microsoft - Age of Empires 3 (Full PC Game)\Empire Earth.exe [C:\Documents and Settings\Austin\Shared\Microsoft - Age of Empires 3 (Full PC Game)\Empire Earth.exe:*:Disabled:Empire Earth] -> File not found
    "C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2010/02/12 11:46:12 | 000,345,376 | ---- | M] (Apple Inc.)
    "C:\Program Files\IncrediMail\bin\ImApp.exe" -> C:\Program Files\IncrediMail\bin\ImApp.exe [C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail] -> File not found
    "C:\Program Files\IncrediMail\bin\ImLc.exe" -> C:\Program Files\IncrediMail\bin\ImLc.exe [C:\Program Files\IncrediMail\bin\ImLc.exe:*:Enabled:Letter Creator] -> File not found
    "C:\Program Files\IncrediMail\bin\ImLpp.exe" -> C:\Program Files\IncrediMail\bin\ImLpp.exe [C:\Program Files\IncrediMail\bin\ImLpp.exe:*:Enabled:ImLpp] -> File not found
    "C:\Program Files\IncrediMail\bin\ImNotfy.exe" -> C:\Program Files\IncrediMail\bin\ImNotfy.exe [C:\Program Files\IncrediMail\bin\ImNotfy.exe:*:Enabled:ImNotfy] -> File not found
    "C:\Program Files\IncrediMail\bin\ImPackr.exe" -> C:\Program Files\IncrediMail\bin\ImPackr.exe [C:\Program Files\IncrediMail\bin\ImPackr.exe:*:Enabled:ImPackr] -> File not found
    "C:\Program Files\IncrediMail\bin\ImpCnt.exe" -> C:\Program Files\IncrediMail\bin\ImpCnt.exe [C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail] -> File not found
    "C:\Program Files\IncrediMail\bin\ImSetup.exe" -> C:\Program Files\IncrediMail\bin\ImSetup.exe [C:\Program Files\IncrediMail\bin\ImSetup.exe:*:Enabled:ImSetup] -> File not found
    "C:\Program Files\IncrediMail\bin\IncMail.exe" -> C:\Program Files\IncrediMail\bin\IncMail.exe [C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail] -> File not found
    "C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe" -> C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe [C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe:*:Enabled:IncrediMail_Install] -> File not found
    "C:\Program Files\Internet Explorer\iexplore.exe" -> C:\Program Files\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer] -> [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
    "C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2010/03/26 01:09:58 | 010,358,568 | ---- | M] (Apple Inc.)
    "C:\Program Files\Java\jre6\bin\javaw.exe" -> C:\Program Files\Java\jre6\bin\javaw.exe [C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary] -> [2009/01/14 21:03:36 | 000,144,792 | ---- | M] (Sun Microsystems, Inc.)
    "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" -> C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe [C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe:*:Enabled:Ad-Aware SE Personal] -> File not found
    "C:\Program Files\LimeWire\LimeWire.exe" -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire PRO 4.18.8] -> File not found
    "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" -> C:\Program Files\Microsoft Office\Office12\GROOVE.EXE [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove] -> [2009/02/14 06:03:18 | 000,337,264 | ---- | M] (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" -> C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> [2009/02/26 15:24:50 | 001,001,840 | ---- | M] (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> [2009/08/17 22:54:54 | 012,957,536 | ---- | M] (Microsoft Corporation)
    "C:\Program Files\Mozilla Firefox\firefox.exe" -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox] -> [2010/04/01 13:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation)
    "C:\Program Files\uTorrent\uTorrent.exe" -> C:\Program Files\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> File not found
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> File not found
    < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
    "AlternateShell" -> cmd.exe -> 
    < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
    "AutoRun" -> 1 -> 
    "DisplayName" -> CD-ROM Driver -> 
    "ImagePath" ->  [System32\DRIVERS\cdrom.sys] -> File not found
    < Drives with AutoRun files > ->  -> 
    C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2005/01/17 19:19:51 | 000,000,000 | ---- | M] ()
    < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
    \{5b673ca2-cc98-11de-9ab7-001d7e0e68e9}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5b673ca2-cc98-11de-9ab7-001d7e0e68e9}\Shell\AutoRun
    \{5b673ca2-cc98-11de-9ab7-001d7e0e68e9}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5b673ca2-cc98-11de-9ab7-001d7e0e68e9}\Shell\AutoRun\command
    \{5b673ca2-cc98-11de-9ab7-001d7e0e68e9}\Shell\AutoRun\command\\"" -> G:\autorun.exe [G:\autorun.exe] -> File not found
    \{5b673ca2-cc98-11de-9ab7-001d7e0e68e9}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5b673ca2-cc98-11de-9ab7-001d7e0e68e9}\Shell\phone\command
    \{5b673ca2-cc98-11de-9ab7-001d7e0e68e9}\Shell\phone\command\\"" -> G:\autorun.exe [G:\autorun.exe] -> File not found
    \{6229fbcb-3d56-11de-9a55-001d7e0e68e9}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6229fbcb-3d56-11de-9a55-001d7e0e68e9}\Shell\AutoRun\command
    \{6229fbcb-3d56-11de-9a55-001d7e0e68e9}\Shell\AutoRun\command\\"" -> F:\StartPortableApps.exe [F:\StartPortableApps.exe] -> File not found
    \{6ef4fbdd-4d53-11dd-99f6-000bdbb6235b}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ef4fbdd-4d53-11dd-99f6-000bdbb6235b}\Shell\AutoRun\command
    \{6ef4fbdd-4d53-11dd-99f6-000bdbb6235b}\Shell\AutoRun\command\\"" -> F:\rcaeasyrip_setup.exe [F:\rcaeasyrip_setup.exe] -> File not found
    \{6ef4fbdd-4d53-11dd-99f6-000bdbb6235b}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ef4fbdd-4d53-11dd-99f6-000bdbb6235b}\Shell\install\command
    \{6ef4fbdd-4d53-11dd-99f6-000bdbb6235b}\Shell\install\command\\"" -> F:\rcaeasyrip_setup.exe [F:\rcaeasyrip_setup.exe] -> File not found
    \{6ef4fbdd-4d53-11dd-99f6-000bdbb6235b}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ef4fbdd-4d53-11dd-99f6-000bdbb6235b}\Shell\usermanualEnglish\command
    \{6ef4fbdd-4d53-11dd-99f6-000bdbb6235b}\Shell\usermanualEnglish\command\\"" -> F:\rcaeasyrip_setup.exe [F:\rcaeasyrip_setup.exe /pdf_English] -> File not found
    \{6ef4fbdd-4d53-11dd-99f6-000bdbb6235b}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ef4fbdd-4d53-11dd-99f6-000bdbb6235b}\Shell\usermanualFrench\command
    \{6ef4fbdd-4d53-11dd-99f6-000bdbb6235b}\Shell\usermanualFrench\command\\"" -> F:\rcaeasyrip_setup.exe [F:\rcaeasyrip_setup.exe /pdf_French] -> File not found
    \{6ef4fbdd-4d53-11dd-99f6-000bdbb6235b}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ef4fbdd-4d53-11dd-99f6-000bdbb6235b}\Shell\usermanualSpanish\command
    \{6ef4fbdd-4d53-11dd-99f6-000bdbb6235b}\Shell\usermanualSpanish\command\\"" -> F:\rcaeasyrip_setup.exe [F:\rcaeasyrip_setup.exe /pdf_Spanish] -> File not found
    < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
    comfile [open] -> "%1" %* -> 
    exefile [open] -> "%1" %* -> 
    < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
    .com [@ = comfile] -> "%1" %* -> 
    .exe [@ = exefile] -> "%1" %* -> 
    < File Associations - Select to Repair > -> HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\SOFTWARE\Classes\<extension>\ -> 
    .exe [@ = exefile] -> Reg Error: Key error. -> File not found
     
    [Registry - Additional Scans - Safe List]
    < Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ -> 
    0 -> [Key] -> 
    0 -> FriendlyName = My Current Home Page -> 
    0 -> Source = About:Home -> 
    0 -> SubscribedURL = About:Home -> 
    < Desktop WallPaper > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General -> 
    WallPaper -> C:\Documents and Settings\Austin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp -> 
    BackupWallPaper -> C:\Documents and Settings\Austin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp -> 
    < Disabled MSConfig Services [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services -> 
    "Apple Mobile Device" -> -> 
    "Ati HotKey Poller" -> -> 
    "ATI Smart" -> -> 
    "avg8wd" -> -> 
    "Bonjour Service" -> -> 
    "Creative Service for CDROM Access" -> -> 
    "gusvc" -> -> 
    "IDriverT" -> -> 
    "iPod Service" -> -> 
    "JavaQuickStarterService" -> -> 
    "Microsoft Office Groove Audit Service" -> -> 
    "odserv" -> -> 
    "ose" -> -> 
    "SamSsRDSessMgr" -> -> 
    "WMP54Gv4SVC" -> -> 
    "WMPNetworkSvc" -> -> 
    "ZuneNetworkSvc" -> -> 
    < Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ -> 
    C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk -> C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE -> File not found
    C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe -> [2007/10/14 20:38:52 | 000,214,360 | ---- | M] (Hewlett-Packard Co.)
    C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk -> C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe -> [2002/12/17 18:23:32 | 000,074,308 | ---- | M] (Microsoft Corporation)
    C:^Documents and Settings^Austin^Start Menu^Programs^Startup^Disk Cleaner.lnk -> C:\Program Files\Disk Cleaner\dclean.exe -> [2005/01/28 10:05:12 | 000,209,920 | ---- | M] ()
    C:^Documents and Settings^Austin^Start Menu^Programs^Startup^LimeWire On Startup.lnk -> C:\PROGRA~1\LimeWire\LimeWire.exe -> File not found
    C:^Documents and Settings^Austin^Start Menu^Programs^Startup^Palm Registration.lnk -> C:\Program Files\Palm\register.exe -> [2006/11/09 18:31:25 | 002,494,464 | ---- | M] (Palm/Leader Technologies)
    < Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> 
    AS00_Netgear hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe -> [2003/05/16 14:59:24 | 000,389,120 | ---- | M] ()
    ATICCC hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\ATI Technologies\ATI.ACE\cli.exe -> [2006/01/02 16:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.)
    ATIPTA hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe -> File not found
    AVG7_CC hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe -> File not found
    AVG7_EMC hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe -> File not found
    AVG8_TRAY hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\PROGRA~1\AVG\AVG8\avgtray.exe -> File not found
    BCMSMMSG hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\WINDOWS\BCMSMMSG.exe -> [2003/08/29 05:59:24 | 000,122,880 | ---- | M] (Broadcom Corporation)
    cdloader hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Documents and Settings\Austin\Application Data\mjusbsp\cdloader2.exe -> [2009/08/01 12:11:28 | 000,050,520 | ---- | M] (magicJack L.P.)
    ctfmon.exe hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
    CTSysVol hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe -> File not found
    Easy Dock hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
    ezLife hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
    gcasServ hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Microsoft AntiSpyware\gcasServ.exe -> File not found
    GrooveMonitor hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe -> [2008/10/25 11:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation)
    HotKeysCmds hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
    HP Software Update hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\HP\HP Software Update\hpwuSchd2.exe -> [2007/10/14 21:17:32 | 000,049,152 | ---- | M] (Hewlett-Packard)
    hpqSRMon hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe -> [2008/08/20 10:54:08 | 000,150,016 | ---- | M] (Hewlett-Packard)
    HydraVisionDesktopManager hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe -> File not found
    IgfxTray hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
    IntelliPoint hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Microsoft IntelliPoint\ipoint.exe -> [2007/02/05 19:52:10 | 000,849,280 | ---- | M] (Microsoft Corporation)
    iTunesHelper hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\iTunes\iTunesHelper.exe -> [2010/03/26 01:10:02 | 000,142,120 | ---- | M] (Apple Inc.)
    MSSE hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Microsoft Security Essentials\msseces.exe -> [2010/02/21 06:03:12 | 001,093,208 | ---- | M] (Microsoft Corporation)
    NapsterShell hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Napster\napster.exe -> File not found
    P17Helper hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
    PromoReg hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\WINDOWS\Temp\wpv771242765100.exe -> File not found
    QuickTime Task hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\QuickTime\qttask.exe -> [2010/03/17 21:53:36 | 000,421,888 | ---- | M] (Apple Inc.)
    SunJavaUpdateSched hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Java\jre6\bin\jusched.exe -> [2009/01/14 21:03:37 | 000,136,600 | ---- | M] (Sun Microsystems, Inc.)
    sysldtray hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\windows\ld08.exe -> File not found
    TkBellExe hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\Real\Update_OB\realsched.exe -> [2005/07/09 13:36:38 | 000,180,269 | ---- | M] (RealNetworks, Inc.)
    UpdReg hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\WINDOWS\Updreg.EXE -> [2000/05/11 02:00:00 | 000,090,112 | ---- | M] (Creative Technology Ltd.)
    USRpdA hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
    WMPNSCFG hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Windows Media Player\wmpnscfg.exe -> [2006/10/18 21:05:26 | 000,204,288 | ---- | M] (Microsoft Corporation)
    Zune Launcher hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> c:\Program Files\Zune\ZuneLauncher.exe -> File not found
    < Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> 
    "bootini" -> 0 -> 
    "services" -> 2 -> 
    "startup" -> 2 -> 
    "system.ini" -> 0 -> 
    "win.ini" -> 0 -> 
    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
    *netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
    6to4 ->  -> File not found
    Ias -> C:\WINDOWS\system32\ias -> [2005/01/17 19:19:27 | 000,000,000 | ---D | M]
    Iprip -> C:\WINDOWS\system32\iprip.dll -> [2008/04/13 20:11:55 | 000,035,328 | ---- | M] (Microsoft Corporation)
    Irmon ->  -> File not found
    NWCWorkstation ->  -> File not found
    Nwsapagent ->  -> File not found
    Wmi -> C:\WINDOWS\system32\wmi.dll -> [2008/04/13 20:11:15 | 000,005,632 | ---- | M] (Microsoft Corporation)
    WmdmPmSp ->  -> File not found
    *MultiFile Done* -> -> 
    < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
    batfile [open] -> "%1" %* -> 
    cmdfile [open] -> "%1" %* -> 
    comfile [open] -> "%1" %* -> 
    exefile [open] -> "%1" %* -> 
    htmlfile [edit] -> "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 -> [2008/11/10 10:50:30 | 000,068,472 | ---- | M] (Microsoft Corporation)
    htmlfile [print] -> "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 -> [2008/11/10 10:50:30 | 000,068,472 | ---- | M] (Microsoft Corporation)
    piffile [open] -> "%1" %* -> 
    scrfile [config] -> "%1" -> 
    scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2008/04/13 20:12:41 | 000,135,168 | ---- | M] (Microsoft Corporation)
    scrfile [open] -> "%1" /S -> 
    Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> 
    Directory [Backup this Folder] -> xcopy %1 /e /i /h /y \PowerShell-XP3-Backups -> [2008/04/13 20:12:41 | 000,030,720 | ---- | M] (Microsoft Corporation)
    Directory [Dos Prompt] -> cmd.exe /k cd %1 -> [2008/04/13 20:12:14 | 000,389,120 | ---- | M] (Microsoft Corporation)
    Directory [find] -> %SystemRoot%\Explorer.exe -> [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
    Directory [OneNote.Open] -> C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" -> [2009/02/26 15:24:50 | 001,001,840 | ---- | M] (Microsoft Corporation)
    Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
    Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
    Drive [find] -> %SystemRoot%\Explorer.exe -> [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
    < Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
    {002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} -> Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    {0CE5F45E-F6CC-4638-B0DD-BB7F6EF56713} -> HP Deskjet D1500 Printer Driver Software 10.0 Rel .3
    {0E4BC542-9CFD-4E97-B586-9F1E5516E7B9} -> Microsoft IntelliPoint 6.1
    {0F7C2E47-089E-4d23-B9F7-39BE00100776} -> Toolbox
    {11B83AD3-7A46-4C2E-A568-9505981D4C6F} -> HP Update
    {18669FF9-C8FE-407a-9F70-E674896B1DB4} -> GPBaseService
    {1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5} -> Sound Blaster Audigy
    {205A5182-EFC8-4C25-B61D-C164F8FF4048} -> BlackBerry Desktop Software 5.0.1
    {26A24AE4-039D-4CA4-87B4-2F83216011FF} -> Java(TM) 6 Update 11
    {28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD} -> QuickTime
    {305468A6-DE2D-43ba-A168-2F45A97A89DA} -> DJ_SF_03_D1500_Software_Min
    {3248F0A8-6813-11D6-A77B-00B0D0150020} -> J2SE Runtime Environment 5.0 Update 2
    {3248F0A8-6813-11D6-A77B-00B0D0150050} -> J2SE Runtime Environment 5.0 Update 5
    {3248F0A8-6813-11D6-A77B-00B0D0150060} -> J2SE Runtime Environment 5.0 Update 6
    {34BFB099-07B2-4E95-A673-7362D60866A2} -> PSSWCORE
    {350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP
    {3700194C-C5DD-439A-BE06-A66960CA4C70} -> MSVCSetup
    {38436888-9EAA-4cec-A56F-65B73D9D423C} -> D1500
    {4A70EF07-7F88-4434-BB61-D1DE8AE93DD4} -> SolutionCenter
    {4DDC3BED-CC68-44AA-B435-D727B620CA5B} -> Linksys Wireless-G PCI Adapter
    {52504CE6-E909-4113-B232-4AFEC6543A61} -> Broadcom 440x 10/100 Integrated Controller
    {52A69E11-7CEB-4a7d-9607-68BA4F39A89B} -> DeviceDiscovery
    {553255F3-78FD-40F1-A6F8-6882140265FE} -> Apple Application Support
    {5ACE69F0-A3E8-44eb-88C1-0A841E700180} -> TrayApp
    {63569CE9-FA00-469C-AF5C-E5D4D93ACF91} -> Windows Genuine Advantage v1.3.0254.0
    {63FF21C9-A810-464F-B60A-3111747B1A6D} -> GPBaseService2
    {66E6CE0C-5A1E-430C-B40A-0C90FF1804A8} -> eSupportQFolder
    {681B698F-C997-42C3-B184-B489C6CA24C9} -> HPPhotoSmartDiscLabelContent1
    {687FEF8A-8597-40b4-832C-297EA3F35817} -> BufferChm
    {689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314} -> BlackBerry® Media Sync
    {6956856F-B6B3-4BE0-BA0B-8F495BE32033} -> Apple Software Update
    {6AA134D3-1B9F-448C-8AED-353F14E2C6A1} -> WinWay Resume Deluxe
    {6F5E2F4A-377D-4700-B0E3-8F7F7507EA15} -> CustomerResearchQFolder
    {7299052b-02a4-4627-81f2-1818da5d550d} -> Microsoft Visual C++ 2005 Redistributable
    {76BC2442-0002-47FA-9617-43BAD82BEF4C} -> Bonjour
    {770657D0-A123-3C07-8E44-1C83EC895118} -> Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    {7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90} -> WebEx Support Manager for Internet Explorer
    {82C113AD-486F-4bd5-A2EA-2383AF57D084} -> D1500_Help
    {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} -> Microsoft Silverlight
    {8A3AD1DE-FC3D-4005-9D96-AC3E598129BE} -> DFX 8 for Windows Media Player
    {8A708DD8-A5E6-11D4-A706-000629E95E20} -> Intel(R) Extreme Graphics Driver
    {8A85DEAD-7C1F-4368-881C-72AC74CB2E91} -> UnloadSupport
    {8B0DE76D-7663-40DA-9926-D61152E6DC74} -> BlackBerry Device Software v5.0.0 for the BlackBerry 9630 smartphone
    {8B8240B3-891D-4965-AA51-8799622D44FF} -> DJ_SF_03_D1500_ProductContext
    {8FF6F5CA-4E30-4E3B-B951-204CAAA2716A} -> SmartWebPrinting
    {90120000-0010-0409-0000-0000000FF1CE} -> Microsoft Software Update for Web Folders  (English) 12
    {90120000-0015-0409-0000-0000000FF1CE} -> Microsoft Office Access MUI (English) 2007
    {90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
    {90120000-0016-0409-0000-0000000FF1CE} -> Microsoft Office Excel MUI (English) 2007
    {90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
    {90120000-0018-0409-0000-0000000FF1CE} -> Microsoft Office PowerPoint MUI (English) 2007
    {90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
    {90120000-0019-0409-0000-0000000FF1CE} -> Microsoft Office Publisher MUI (English) 2007
    {90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
    {90120000-001A-0409-0000-0000000FF1CE} -> Microsoft Office Outlook MUI (English) 2007
    {90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
    {90120000-001B-0409-0000-0000000FF1CE} -> Microsoft Office Word MUI (English) 2007
    {90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
    {90120000-001F-0409-0000-0000000FF1CE} -> Microsoft Office Proof (English) 2007
    {90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045} -> Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    {90120000-001F-040C-0000-0000000FF1CE} -> Microsoft Office Proof (French) 2007
    {90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787} -> Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    {90120000-001F-0C0A-0000-0000000FF1CE} -> Microsoft Office Proof (Spanish) 2007
    {90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9} -> Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    {90120000-002C-0409-0000-0000000FF1CE} -> Microsoft Office Proofing (English) 2007
    {90120000-0030-0000-0000-0000000FF1CE} -> Microsoft Office Enterprise 2007
    {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} -> Microsoft Office 2007 Service Pack 2 (SP2)
    {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF} -> Security Update for Microsoft Office system 2007 (972581)
    {90120000-0044-0409-0000-0000000FF1CE} -> Microsoft Office InfoPath MUI (English) 2007
    {90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
    {90120000-006E-0409-0000-0000000FF1CE} -> Microsoft Office Shared MUI (English) 2007
    {90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> Microsoft Office 2007 Service Pack 2 (SP2)
    {90120000-00A1-0409-0000-0000000FF1CE} -> Microsoft Office OneNote MUI (English) 2007
    {90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
    {90120000-00BA-0409-0000-0000000FF1CE} -> Microsoft Office Groove MUI (English) 2007
    {90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
    {90120000-0114-0409-0000-0000000FF1CE} -> Microsoft Office Groove Setup Metadata MUI (English) 2007
    {90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
    {90120000-0115-0409-0000-0000000FF1CE} -> Microsoft Office Shared Setup Metadata MUI (English) 2007
    {90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> Microsoft Office 2007 Service Pack 2 (SP2)
    {90120000-0117-0409-0000-0000000FF1CE} -> Microsoft Office Access Setup Metadata MUI (English) 2007
    {90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
    {9077253B-FBE9-416A-8D7A-9A58C2E83B39} -> NETGEAR Wireless PCI Adapter
    {930439A1-B49E-4A54-A499-31BDC1A91DE5} -> Shockwave Player
    {95120000-00B9-0409-0000-0000000FF1CE} -> Microsoft Application Error Reporting
    {95120000-0122-0409-0000-0000000FF1CE} -> Microsoft Office Outlook Connector
    {996A2FAA-7514-4628-9D12-A8FC34A0016E} -> iTunes
    {9A25302D-30C0-39D9-BD6F-21E6EC160475} -> Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    {A0B9F8DF-C949-45ed-9808-7DC5C0C19C81} -> Status
    {A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} -> Microsoft .NET Framework 3.0 Service Pack 2
    {AB5D51AE-EBC3-438D-872C-705C7C2084B0} -> DeviceManagementQFolder
    {AC76BA86-7AD7-1033-7B44-A93000000001} -> Adobe Reader 9.3.2
    {B1421599-A42D-47ef-B512-B9B0317BD599} -> DJ_SF_03_D1500_Software
    {B37C842A-B624-46B8-A727-654E72F1C91A} -> Calculator Powertoy for Windows XP
    {B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 -> Spybot - Search & Destroy
    {B5C3B892-0849-476C-9F46-B12F84819D57} -> Apple Mobile Device Support
    {B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF} -> HPSSupply
    {BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD} -> Creative MediaSource 5
    {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} -> Microsoft .NET Framework 2.0 Service Pack 2
    {C43326F5-F135-4551-8270-7F7ABA0462E1} -> HPProductAssistant
    {C4C843CE-5851-41BC-A17B-E158B996B50D} -> Diskeeper 2010 Pro Premier
    {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1
    {CCB9B81A-167F-4832-B305-D2A0430840B3} -> WebReg
    {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} -> Microsoft .NET Framework 3.5 SP1
    {D2E0F0CC-6BE0-490b-B08B-9267083E34C9} -> MarketResearch
    {D78653C3-A8FF-415F-92E6-D774E634FF2D} -> Dell ResourceCD
    {D79113E7-274C-470B-BD46-01B10219DF6A} -> HPPhotosmartEssential
    {E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC} -> VideoToolkit01
    {E09B48B5-E141-427A-AB0C-D3605127224A} -> Microsoft SQL Server Desktop Engine (SOSHOME22)
    {E3E71D07-CD27-46CB-8448-16D4FB29AA13} -> Microsoft WSE 3.0 Runtime
    {E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01} -> Microsoft Antimalware
    {EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B} -> ATI Catalyst Control Center
    {EF98A02A-1748-4762-9B7D-5ED1600520D5} -> Microsoft Security Essentials
    {F0A37341-D692-11D4-A984-009027EC0A9C} -> SoundMAX
    {F251B999-08A9-4704-999C-9962F0DFD88E} -> Virtual Desktop Manager Powertoy for Windows XP
    {F333A33D-125C-32A2-8DCE-5C5D14231E27} -> Visual C++ 2008 x86 Runtime - (v9.0.30729)
    {F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01 -> Visual C++ 2008 x86 Runtime - v9.0.30729.01
    {F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B} -> Windows Media Connect
    {FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F} -> HighMAT Extension to Microsoft Windows XP CD Writing Wizard
    Adobe Flash Player ActiveX -> Adobe Flash Player 10 ActiveX
    Adobe Flash Player Plugin -> Adobe Flash Player 10 Plugin
    All ATI Software -> ATI - Software Uninstall Utility
    ATI Display Driver -> ATI Display Driver
    AVI Codec Pack -> AVI Codec Pack
    BCM V.92 56K Modem -> BCM V.92 56K Modem
    BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048} -> BlackBerry Desktop Software 5.0.1
    CCleaner -> CCleaner
    COREDOC 3.1 -> Remove COREDOC 3.1
    Creative Software AutoUpdate -> Creative Software AutoUpdate
    daqyepiicmdulgdq -> RON Too1 Gooochi
    Digital Copy -> Digital Copy
    DiskCleaner -> Disk Cleaner (remove only)
    DriverAgent.exe -> DriverAgent by eSupport.com
    ENTERPRISE -> Microsoft Office Enterprise 2007
    ezLife -> ezLife browser enhancer
    G-Force -> G-Force
    HijackThis -> HijackThis 2.0.2
    HP Imaging Device Functions -> HP Imaging Device Functions 10.0
    HP Photosmart Essential -> HP Photosmart Essential 3.5
    HP Smart Web Printing -> HP Smart Web Printing 4.60
    HP Solution Center & Imaging Support Tools -> HP Solution Center 13.0
    HPExtendedCapabilities -> HP Customer Participation Program 10.0
    IDNMitigationAPIs -> Microsoft Internationalized Domain Names Mitigation APIs
    ie7 -> Windows Internet Explorer 7
    ie8 -> Windows Internet Explorer 8
    InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61} -> Broadcom 440x 10/100 Integrated Controller
    InterActual Player -> InterActual Player
    Microsoft .NET Framework 1.1  (1033) -> Microsoft .NET Framework 1.1
    Microsoft .NET Framework 3.5 SP1 -> Microsoft .NET Framework 3.5 SP1
    Microsoft Security Essentials -> Microsoft Security Essentials
    Mozilla Firefox (3.6.3) -> Mozilla Firefox (3.6.3)
    MP3 Rocket -> MP3 Rocket
    MSCompPackV1 -> Microsoft Compression Client Pack 1.0 for Windows XP
    NLSDownlevelMapping -> Microsoft National Language Support Downlevel APIs
    PowerShell-XP3 -> PowerShell-XP3
    RealPlayer 6.0 -> RealPlayer
    Shop for HP Supplies -> Shop for HP Supplies
    Smart-Ads-Solutions -> SmartAds browser enhancer
    SysInfo -> Creative System Information
    VLC media player -> VideoLAN VLC media player 0.8.6d
    Wdf01007 -> Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Windows Live Safety Scanner -> Windows Live Safety Scanner
    Windows Media Connect -> Windows Media Connect
    Windows Media Format Runtime -> Windows Media Format 11 runtime
    Windows Media Player -> Windows Media Player 11
    Windows XP Service Pack -> Windows XP Service Pack 3
    WinRAR archiver -> WinRAR archiver
    winusb0100 -> Microsoft WinUsb 1.0
    WMFDist11 -> Windows Media Format 11 runtime
    wmp11 -> Windows Media Player 11
    Wudf01007 -> Microsoft User-Mode Driver Framework Feature Pack 1.7
    < Uninstall List [HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1844237615-1177238915-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
    Confidence Online EE -> Confidence Online(tm) for Web Applications
    < EventViewer Logs - Last 10 Errors > -> Event Information -> Description
    Application [ Error ] 4/22/2010 3:14:22 PM Computer Name = AUSTIN | Source = MSSQL$SOSHOME22 | ID = 19011 -> Description = 
    Application [ Error ] 4/22/2010 4:12:21 PM Computer Name = AUSTIN | Source = MSSQL$SOSHOME22 | ID = 19011 -> Description = 
    Application [ Error ] 4/22/2010 4:22:43 PM Computer Name = AUSTIN | Source = MSSQL$SOSHOME22 | ID = 19011 -> Description = 
    Application [ Error ] 4/22/2010 4:39:01 PM Computer Name = AUSTIN | Source = MSSQL$SOSHOME22 | ID = 19011 -> Description = 
    Application [ Error ] 4/23/2010 8:03:55 AM Computer Name = AUSTIN | Source = MSSQL$SOSHOME22 | ID = 19011 -> Description = 
    Application [ Error ] 4/23/2010 9:10:21 AM Computer Name = AUSTIN | Source = Application Hang | ID = 1002 -> Description = Hanging application firefox.exe, version 1.9.2.3743, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
    Application [ Error ] 4/23/2010 10:17:22 AM Computer Name = AUSTIN | Source = Application Hang | ID = 1002 -> Description = Hanging application firefox.exe, version 1.9.2.3743, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
    Application [ Error ] 4/23/2010 10:37:58 AM Computer Name = AUSTIN | Source = MSSQL$SOSHOME22 | ID = 19011 -> Description = 
    Application [ Error ] 4/23/2010 11:30:37 AM Computer Name = AUSTIN | Source = MSSQL$SOSHOME22 | ID = 19011 -> Description = 
    Application [ Error ] 4/23/2010 1:37:12 PM Computer Name = AUSTIN | Source = MSSQL$SOSHOME22 | ID = 19011 -> Description = 
    OSession [ Error ] 8/4/2009 8:56:24 PM Computer Name = AUSTIN | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 19 seconds with 0 seconds of active time.  This session ended with a crash.
    System [ Error ] 4/23/2010 1:29:56 PM Computer Name = AUSTIN | Source = Service Control Manager | ID = 7001 -> Description = The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:   %%31
    System [ Error ] 4/23/2010 1:29:56 PM Computer Name = AUSTIN | Source = Service Control Manager | ID = 7001 -> Description = The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error:   %%31
    System [ Error ] 4/23/2010 1:29:56 PM Computer Name = AUSTIN | Source = Service Control Manager | ID = 7001 -> Description = The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:   %%31
    System [ Error ] 4/23/2010 1:29:56 PM Computer Name = AUSTIN | Source = Service Control Manager | ID = 7001 -> Description = The Simple TCP/IP Services service depends on the AFD Networking Support Environment service which failed to start because of the following error:   %%31
    System [ Error ] 4/23/2010 1:29:56 PM Computer Name = AUSTIN | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load:   AFD  Fips  intelppm  IPSec  MpFilter  MRxSmb  NetBIOS  NetBT  OMCI  RasAcd  Rdbss  Tcpip  Tcpip6  WS2IFSL
    System [ Error ] 4/23/2010 1:30:13 PM Computer Name = AUSTIN | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service netman with arguments ""  in order to run the server:  {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    System [ Error ] 4/23/2010 1:30:14 PM Computer Name = AUSTIN | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service netman with arguments ""  in order to run the server:  {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    System [ Error ] 4/23/2010 1:35:09 PM Computer Name = AUSTIN | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
    System [ Error ] 4/23/2010 1:37:25 PM Computer Name = AUSTIN | Source = Service Control Manager | ID = 7000 -> Description = The Zune Bus Enumerator Driver service failed to start due to the following error:   %%2
    System [ Error ] 4/23/2010 1:38:47 PM Computer Name = AUSTIN | Source = Service Control Manager | ID = 7022 -> Description = The HP CUE DeviceDiscovery Service service hung on starting.
     
    [Files/Folders - Created Within 30 Days]
     OTS.exe -> C:\Documents and Settings\Austin\Desktop\OTS.exe -> [2010/04/23 13:19:06 | 000,638,976 | ---- | C] (OldTimer Tools)
     PIF -> C:\WINDOWS\PIF -> [2010/04/23 13:09:44 | 000,000,000 | -H-D | C]
     Recent -> C:\Documents and Settings\Austin\Recent -> [2010/04/23 13:06:36 | 000,000,000 | RH-D | C]
     CCleaner -> C:\Program Files\CCleaner -> [2010/04/23 12:19:46 | 000,000,000 | ---D | C]
     Backups -> C:\Documents and Settings\Austin\My Documents\Backups -> [2010/04/23 10:54:16 | 000,000,000 | ---D | C]
     NOS -> C:\Documents and Settings\All Users\Application Data\NOS -> [2010/04/23 10:15:39 | 000,000,000 | ---D | C]
     stepup -> C:\stepup -> [2010/04/23 08:10:46 | 000,000,000 | ---D | C]
     Diskeeper -> C:\Diskeeper -> [2010/04/22 14:29:32 | 000,000,000 | -HSD | C]
     DKRtWrt.sys -> C:\WINDOWS\System32\drivers\DKRtWrt.sys -> [2010/04/22 14:25:59 | 000,042,144 | ---- | C] (Diskeeper Corporation)
     Diskeeper Corporation -> C:\Program Files\Common Files\Diskeeper Corporation -> [2010/04/22 14:25:50 | 000,000,000 | ---D | C]
     Diskeeper Corporation -> C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation -> [2010/04/22 14:25:49 | 000,000,000 | ---D | C]
     Windows Home Server -> C:\Program Files\Windows Home Server -> [2010/04/22 14:25:44 | 000,000,000 | ---D | C]
     Diskeeper Corporation -> C:\Program Files\Diskeeper Corporation -> [2010/04/22 14:25:44 | 000,000,000 | ---D | C]
     Computer Tweaks and Tips -> C:\Documents and Settings\Austin\My Documents\Computer Tweaks and Tips -> [2010/04/22 12:42:47 | 000,000,000 | ---D | C]
     ATI -> C:\Documents and Settings\Austin\Application Data\ATI -> [2010/04/22 12:25:31 | 000,000,000 | ---D | C]
     ATI -> C:\Documents and Settings\Austin\Local Settings\Application Data\ATI -> [2010/04/22 12:25:30 | 000,000,000 | ---D | C]
     ATI Technologies -> C:\Program Files\ATI Technologies -> [2010/04/22 12:14:00 | 000,000,000 | ---D | C]
     Trend Micro -> C:\Program Files\Trend Micro -> [2010/04/22 00:07:39 | 000,000,000 | ---D | C]
     Lavasoft -> C:\Documents and Settings\All Users\Application Data\Lavasoft -> [2010/04/21 22:11:52 | 000,000,000 | ---D | C]
     avG -> C:\Documents and Settings\Austin\Local Settings\Application Data\avG -> [2010/04/21 03:02:50 | 000,000,000 | ---D | C]
     avG -> C:\Documents and Settings\All Users\Application Data\avG -> [2010/04/21 03:02:50 | 000,000,000 | ---D | C]
     Real -> C:\Documents and Settings\NetworkService\Application Data\Real -> [2010/04/17 03:03:06 | 000,000,000 | ---D | C]
     Adobe -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe -> [2010/04/16 10:56:29 | 000,000,000 | ---D | C]
     Macromedia -> C:\Documents and Settings\NetworkService\Application Data\Macromedia -> [2010/04/16 00:12:27 | 000,000,000 | ---D | C]
     Adobe -> C:\Documents and Settings\NetworkService\Application Data\Adobe -> [2010/04/16 00:12:22 | 000,000,000 | ---D | C]
     TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2010/04/01 20:06:00 | 000,000,000 | ---D | C]
     WinWay -> C:\Documents and Settings\Austin\Application Data\WinWay -> [2010/04/01 16:45:41 | 000,000,000 | ---D | C]
     HPAppData -> C:\Documents and Settings\Austin\Application Data\HPAppData -> [2010/03/31 22:47:40 | 000,000,000 | ---D | C]
     HP Product Assistant -> C:\Documents and Settings\All Users\Application Data\HP Product Assistant -> [2010/03/31 22:26:32 | 000,000,000 | ---D | C]
     iPod -> C:\Program Files\iPod -> [2010/03/31 12:24:57 | 000,000,000 | ---D | C]
     iTunes -> C:\Program Files\iTunes -> [2010/03/31 12:24:50 | 000,000,000 | ---D | C]
     {429CAD59-35B1-4DBC-BB6D-1DB246563521} -> C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} -> [2010/03/31 12:24:50 | 000,000,000 | ---D | C]
     Bonjour -> C:\Program Files\Bonjour -> [2010/03/31 12:13:50 | 000,000,000 | ---D | C]
     Resume -> C:\Documents and Settings\Austin\My Documents\Resume -> [2010/03/29 14:34:24 | 000,000,000 | ---D | C]
     bckgzm.exe -> C:\WINDOWS\System32\dllcache\bckgzm.exe -> [2010/03/26 16:10:05 | 000,042,577 | ---- | C] (Microsoft Corporation)
     shvlres.dll -> C:\WINDOWS\System32\dllcache\shvlres.dll -> [2010/03/26 16:10:04 | 002,178,131 | ---- | C] (Microsoft Corporation)
     bckgres.dll -> C:\WINDOWS\System32\dllcache\bckgres.dll -> [2010/03/26 16:10:04 | 001,817,687 | ---- | C] (Microsoft Corporation)
     chkrres.dll -> C:\WINDOWS\System32\dllcache\chkrres.dll -> [2010/03/26 16:10:04 | 000,780,885 | ---- | C] (Microsoft Corporation)
     rvseres.dll -> C:\WINDOWS\System32\dllcache\rvseres.dll -> [2010/03/26 16:10:04 | 000,753,236 | ---- | C] (Microsoft Corporation)
     bckg.dll -> C:\WINDOWS\System32\dllcache\bckg.dll -> [2010/03/26 16:10:04 | 000,082,501 | ---- | C] (Microsoft Corporation)
     shvl.dll -> C:\WINDOWS\System32\dllcache\shvl.dll -> [2010/03/26 16:10:04 | 000,066,113 | ---- | C] (Microsoft Corporation)
     rvse.dll -> C:\WINDOWS\System32\dllcache\rvse.dll -> [2010/03/26 16:10:04 | 000,048,706 | ---- | C] (Microsoft Corporation)
     chkrzm.exe -> C:\WINDOWS\System32\dllcache\chkrzm.exe -> [2010/03/26 16:10:04 | 000,042,575 | ---- | C] (Microsoft Corporation)
     rvsezm.exe -> C:\WINDOWS\System32\dllcache\rvsezm.exe -> [2010/03/26 16:10:04 | 000,042,574 | ---- | C] (Microsoft Corporation)
     shvlzm.exe -> C:\WINDOWS\System32\dllcache\shvlzm.exe -> [2010/03/26 16:10:04 | 000,042,573 | ---- | C] (Microsoft Corporation)
     chkr.dll -> C:\WINDOWS\System32\dllcache\chkr.dll -> [2010/03/26 16:10:04 | 000,040,515 | ---- | C] (Microsoft Corporation)
     hrtzres.dll -> C:\WINDOWS\System32\dllcache\hrtzres.dll -> [2010/03/26 16:10:03 | 001,175,635 | ---- | C] (Microsoft Corporation)
     cmnresm.dll -> C:\WINDOWS\System32\dllcache\cmnresm.dll -> [2010/03/26 16:10:03 | 001,039,955 | ---- | C] (Microsoft Corporation)
     hrtz.dll -> C:\WINDOWS\System32\dllcache\hrtz.dll -> [2010/03/26 16:10:03 | 000,057,409 | ---- | C] (Microsoft Corporation)
     hrtzzm.exe -> C:\WINDOWS\System32\dllcache\hrtzzm.exe -> [2010/03/26 16:10:03 | 000,042,573 | ---- | C] (Microsoft Corporation)
     zcorem.dll -> C:\WINDOWS\System32\dllcache\zcorem.dll -> [2010/03/26 16:10:03 | 000,041,029 | ---- | C] (Microsoft Corporation)
     uniansi.dll -> C:\WINDOWS\System32\dllcache\uniansi.dll -> [2010/03/26 16:10:03 | 000,032,339 | ---- | C] (Microsoft Corporation)
     zonelibm.dll -> C:\WINDOWS\System32\dllcache\zonelibm.dll -> [2010/03/26 16:10:03 | 000,013,894 | ---- | C] (Microsoft Corporation)
     zeeverm.dll -> C:\WINDOWS\System32\dllcache\zeeverm.dll -> [2010/03/26 16:10:03 | 000,004,677 | ---- | C] (Microsoft Corporation)
     cmnclim.dll -> C:\WINDOWS\System32\dllcache\cmnclim.dll -> [2010/03/26 16:10:02 | 000,217,160 | ---- | C] (Microsoft Corporation)
     zoneclim.dll -> C:\WINDOWS\System32\dllcache\zoneclim.dll -> [2010/03/26 16:10:02 | 000,113,222 | ---- | C] (Microsoft Corporation)
     zclientm.exe -> C:\WINDOWS\System32\dllcache\zclientm.exe -> [2010/03/26 16:10:02 | 000,036,937 | ---- | C] (Microsoft Corporation)
     znetm.dll -> C:\WINDOWS\System32\dllcache\znetm.dll -> [2010/03/26 16:10:02 | 000,029,760 | ---- | C] (Microsoft Corporation)
     write.exe -> C:\WINDOWS\System32\write.exe -> [2010/03/26 16:10:02 | 000,005,632 | ---- | C] (Microsoft Corporation)
     write.exe -> C:\WINDOWS\System32\dllcache\write.exe -> [2010/03/26 16:10:02 | 000,005,632 | ---- | C] (Microsoft Corporation)
     avtapi.dll -> C:\WINDOWS\System32\dllcache\avtapi.dll -> [2010/03/26 16:09:53 | 000,227,840 | ---- | C] (Microsoft Corporation)
     avtapi.dll -> C:\WINDOWS\System32\avtapi.dll -> [2010/03/26 16:09:53 | 000,227,840 | ---- | C] (Microsoft Corporation)
     sndvol32.exe -> C:\WINDOWS\System32\sndvol32.exe -> [2010/03/26 16:09:53 | 000,138,752 | ---- | C] (Microsoft Corporation)
     sndvol32.exe -> C:\WINDOWS\System32\dllcache\sndvol32.exe -> [2010/03/26 16:09:53 | 000,138,752 | ---- | C] (Microsoft Corporation)
     avwav.dll -> C:\WINDOWS\System32\dllcache\avwav.dll -> [2010/03/26 16:09:53 | 000,073,216 | ---- | C] (Microsoft Corporation)
     avwav.dll -> C:\WINDOWS\System32\avwav.dll -> [2010/03/26 16:09:53 | 000,073,216 | ---- | C] (Microsoft Corporation)
     hticons.dll -> C:\WINDOWS\System32\hticons.dll -> [2010/03/26 16:09:53 | 000,044,544 | ---- | C] (Hilgraeve, Inc.)
     avmeter.dll -> C:\WINDOWS\System32\dllcache\avmeter.dll -> [2010/03/26 16:09:53 | 000,016,384 | ---- | C] (Microsoft Corporation)
     avmeter.dll -> C:\WINDOWS\System32\avmeter.dll -> [2010/03/26 16:09:53 | 000,016,384 | ---- | C] (Microsoft Corporation)
     htrn_jis.dll -> C:\WINDOWS\System32\dllcache\htrn_jis.dll -> [2010/03/26 16:09:53 | 000,013,312 | ---- | C] (Hilgraeve, Inc.)
     winchat.exe -> C:\WINDOWS\System32\winchat.exe -> [2010/03/26 16:09:52 | 000,035,328 | ---- | C] (Microsoft Corporation)
     winchat.exe -> C:\WINDOWS\System32\dllcache\winchat.exe -> [2010/03/26 16:09:52 | 000,035,328 | ---- | C] (Microsoft Corporation)
     getuname.dll -> C:\WINDOWS\System32\getuname.dll -> [2010/03/26 16:09:46 | 000,605,696 | ---- | C] (Microsoft Corporation)
     getuname.dll -> C:\WINDOWS\System32\dllcache\getuname.dll -> [2010/03/26 16:09:46 | 000,605,696 | ---- | C] (Microsoft Corporation)
     charmap.exe -> C:\WINDOWS\System32\dllcache\charmap.exe -> [2010/03/26 16:09:46 | 000,080,384 | ---- | C] (Microsoft Corporation)
     charmap.exe -> C:\WINDOWS\System32\charmap.exe -> [2010/03/26 16:09:46 | 000,080,384 | ---- | C] (Microsoft Corporation)
     mshearts.exe -> C:\WINDOWS\System32\mshearts.exe -> [2010/03/26 16:09:45 | 000,126,976 | ---- | C] (Microsoft Corporation)
     mshearts.exe -> C:\WINDOWS\System32\dllcache\mshearts.exe -> [2010/03/26 16:09:45 | 000,126,976 | ---- | C] (Microsoft Corporation)
     winmine.exe -> C:\WINDOWS\System32\winmine.exe -> [2010/03/26 16:09:45 | 000,119,808 | ---- | C] (Microsoft Corporation)
     winmine.exe -> C:\WINDOWS\System32\dllcache\winmine.exe -> [2010/03/26 16:09:45 | 000,119,808 | ---- | C] (Microsoft Corporation)
     calc.exe -> C:\WINDOWS\System32\dllcache\calc.exe -> [2010/03/26 16:09:45 | 000,114,688 | ---- | C] (Microsoft Corporation)
     calc.exe -> C:\WINDOWS\System32\calc.exe -> [2010/03/26 16:09:45 | 000,114,688 | ---- | C] (Microsoft Corporation)
     sol.exe -> C:\WINDOWS\System32\sol.exe -> [2010/03/26 16:09:45 | 000,056,832 | ---- | C] (Microsoft Corporation)
     sol.exe -> C:\WINDOWS\System32\dllcache\sol.exe -> [2010/03/26 16:09:45 | 000,056,832 | ---- | C] (Microsoft Corporation)
     freecell.exe -> C:\WINDOWS\System32\freecell.exe -> [2010/03/26 16:09:42 | 000,055,296 | ---- | C] (Microsoft Corporation)
     freecell.exe -> C:\WINDOWS\System32\dllcache\freecell.exe -> [2010/03/26 16:09:42 | 000,055,296 | ---- | C] (Microsoft Corporation)
     A3d.dll -> C:\WINDOWS\System32\A3d.dll -> [2005/01/18 08:09:04 | 000,065,536 | R--- | C] ( )
     5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
     1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
     
    [Files/Folders - Modified Within 30 Days]
     SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010/04/23 13:36:18 | 000,000,006 | -H-- | M] ()
     bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/04/23 13:35:57 | 000,002,048 | --S- | M] ()
     NTUSER.DAT -> C:\Documents and Settings\Austin\NTUSER.DAT -> [2010/04/23 13:35:11 | 011,272,192 | ---- | M] ()
     ntuser.ini -> C:\Documents and Settings\Austin\ntuser.ini -> [2010/04/23 13:35:11 | 000,000,178 | -HS- | M] ()
     IconCache.db -> C:\Documents and Settings\Austin\Local Settings\Application Data\IconCache.db -> [2010/04/23 13:35:08 | 003,712,744 | -H-- | M] ()
     4xspcjvn.exe -> C:\Documents and Settings\Austin\Desktop\4xspcjvn.exe -> [2010/04/23 13:19:39 | 000,293,376 | ---- | M] ()
     wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010/04/23 10:47:08 | 000,002,206 | ---- | M] ()
     hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2010/04/22 21:09:40 | 000,391,989 | R--- | M] ()
     rkill.scr -> C:\Documents and Settings\Austin\Desktop\rkill.scr -> [2010/04/22 18:50:58 | 000,363,520 | ---- | M] ()
     rkill.pif -> C:\Documents and Settings\Austin\Desktop\rkill.pif -> [2010/04/22 18:50:58 | 000,363,520 | ---- | M] ()
     rkill.exe -> C:\Documents and Settings\Austin\Desktop\rkill.exe -> [2010/04/22 18:50:58 | 000,363,520 | ---- | M] ()
     rkill.com -> C:\Documents and Settings\Austin\Desktop\rkill.com -> [2010/04/22 18:50:58 | 000,363,520 | ---- | M] ()
     at60K0 -> C:\Documents and Settings\Austin\Local Settings\Application Data\at60K0 -> [2010/04/22 18:06:45 | 000,013,668 | -HS- | M] ()
     at60K0 -> C:\Documents and Settings\All Users\Application Data\at60K0 -> [2010/04/22 18:06:45 | 000,013,668 | -HS- | M] ()
     win.ini -> C:\WINDOWS\win.ini -> [2010/04/22 12:56:57 | 000,000,914 | ---- | M] ()
     SYSTEM.INI -> C:\WINDOWS\SYSTEM.INI -> [2010/04/22 12:56:57 | 000,000,227 | ---- | M] ()
     boot.ini -> C:\boot.ini -> [2010/04/22 12:56:57 | 000,000,211 | RHS- | M] ()
     wininit.ini -> C:\WINDOWS\wininit.ini -> [2010/04/22 11:34:20 | 000,000,076 | ---- | M] ()
     PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2010/04/22 11:12:03 | 000,559,548 | ---- | M] ()
     perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2010/04/22 11:12:03 | 000,481,030 | ---- | M] ()
     perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2010/04/22 11:12:03 | 000,087,672 | ---- | M] ()
     ipsec.sys -> C:\WINDOWS\System32\drivers\ipsec.sys -> [2010/04/22 07:14:08 | 000,075,264 | ---- | M] ()
     HijackThis.lnk -> C:\Documents and Settings\Austin\Desktop\HijackThis.lnk -> [2010/04/22 00:07:39 | 000,001,734 | ---- | M] ()
     OTS.exe -> C:\Documents and Settings\Austin\Desktop\OTS.exe -> [2010/04/21 22:30:19 | 000,638,976 | ---- | M] (OldTimer Tools)
     Mozilla Firefox.lnk -> C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk -> [2010/04/21 17:47:10 | 000,001,602 | ---- | M] ()
     hosts.20100422-210939.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20100422-210939.backup -> [2010/04/21 17:40:40 | 000,391,989 | R--- | M] ()
     LqB0St6ge8 -> C:\Documents and Settings\Austin\Local Settings\Application Data\LqB0St6ge8 -> [2010/04/21 17:32:33 | 000,020,320 | -HS- | M] ()
     LqB0St6ge8 -> C:\Documents and Settings\All Users\Application Data\LqB0St6ge8 -> [2010/04/21 17:32:33 | 000,020,320 | -HS- | M] ()
     Spybot - Search & Destroy.lnk -> C:\Documents and Settings\Austin\Desktop\Spybot - Search & Destroy.lnk -> [2010/04/21 17:16:35 | 000,000,933 | ---- | M] ()
     RJAhr0NY5OVC -> C:\Documents and Settings\Austin\Local Settings\Application Data\RJAhr0NY5OVC -> [2010/04/21 07:00:53 | 000,016,112 | -HS- | M] ()
     RJAhr0NY5OVC -> C:\Documents and Settings\All Users\Application Data\RJAhr0NY5OVC -> [2010/04/21 07:00:53 | 000,016,112 | -HS- | M] ()
     t62kNvy -> C:\Documents and Settings\All Users\Application Data\t62kNvy -> [2010/04/20 10:48:33 | 000,019,332 | -HS- | M] ()
     AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2010/04/19 14:36:02 | 000,000,284 | ---- | M] ()
     t35517xJLuG -> C:\Documents and Settings\Austin\Local Settings\Application Data\t35517xJLuG -> [2010/04/18 13:46:42 | 000,013,992 | -HS- | M] ()
     t35517xJLuG -> C:\Documents and Settings\All Users\Application Data\t35517xJLuG -> [2010/04/18 13:46:42 | 000,013,992 | -HS- | M] ()
     S3BtOWUBpf5 -> C:\Documents and Settings\All Users\Application Data\S3BtOWUBpf5 -> [2010/04/18 07:24:57 | 000,019,042 | -HS- | M] ()
     JH40y5L -> C:\Documents and Settings\All Users\Application Data\JH40y5L -> [2010/04/17 20:40:53 | 000,016,652 | -HS- | M] ()
     Travian Farms.docx -> C:\Documents and Settings\Austin\My Documents\Travian Farms.docx -> [2010/04/17 02:14:40 | 000,011,912 | ---- | M] ()
     exeHelper.com -> C:\Documents and Settings\Austin\Desktop\exeHelper.com -> [2010/04/14 08:41:11 | 000,294,400 | ---- | M] ()
     iTunes.lnk -> C:\Documents and Settings\All Users\Desktop\iTunes.lnk -> [2010/04/06 22:28:58 | 000,002,137 | ---- | M] ()
     K6sEH5Ir2Is -> C:\Documents and Settings\Austin\Local Settings\Application Data\K6sEH5Ir2Is -> [2010/04/06 00:33:22 | 000,005,256 | -HS- | M] ()
     K6sEH5Ir2Is -> C:\Documents and Settings\All Users\Application Data\K6sEH5Ir2Is -> [2010/04/06 00:33:22 | 000,005,256 | -HS- | M] ()
     1585116398.dll -> C:\Documents and Settings\Austin\Local Settings\Application Data\1585116398.dll -> [2010/04/06 00:31:49 | 000,196,096 | -HS- | M] ()
     8Cq4r -> C:\Documents and Settings\Austin\Local Settings\Application Data\8Cq4r -> [2010/04/01 20:49:28 | 000,001,450 | -HS- | M] ()
     8Cq4r -> C:\Documents and Settings\All Users\Application Data\8Cq4r -> [2010/04/01 20:49:28 | 000,001,450 | -HS- | M] ()
     1360466830.dll -> C:\Documents and Settings\Austin\Local Settings\Application Data\1360466830.dll -> [2010/04/01 20:41:58 | 000,184,320 | -HS- | M] ()
     GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\Austin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2010/03/31 22:46:30 | 000,070,384 | ---- | M] ()
     FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2010/03/31 22:44:56 | 000,270,984 | ---- | M] ()
     hpqins15.dat -> C:\WINDOWS\hpqins15.dat -> [2010/03/31 22:35:43 | 000,023,111 | ---- | M] ()
     hpqins05.dat -> C:\WINDOWS\hpqins05.dat -> [2010/03/31 22:27:36 | 000,077,350 | ---- | M] ()
     pool.bin -> C:\WINDOWS\System32\pool.bin -> [2010/03/30 12:10:10 | 000,000,256 | ---- | M] ()
     LoaderBackup-(2010-03-30).ipd -> C:\Documents and Settings\Austin\My Documents\LoaderBackup-(2010-03-30).ipd -> [2010/03/30 11:30:34 | 002,936,293 | ---- | M] ()
     pool.bin -> C:\Documents and Settings\Austin\pool.bin -> [2010/03/30 11:26:15 | 000,000,256 | ---- | M] ()
     5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
     1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
     
    [Files - No Company Name]
     rkill.com -> C:\Documents and Settings\Austin\Desktop\rkill.com -> [2010/04/23 13:20:30 | 000,363,520 | ---- | C] ()
     rkill.exe -> C:\Documents and Settings\Austin\Desktop\rkill.exe -> [2010/04/23 13:20:20 | 000,363,520 | ---- | C] ()
     rkill.pif -> C:\Documents and Settings\Austin\Desktop\rkill.pif -> [2010/04/23 13:20:11 | 000,363,520 | ---- | C] ()
     rkill.scr -> C:\Documents and Settings\Austin\Desktop\rkill.scr -> [2010/04/23 13:20:03 | 000,363,520 | ---- | C] ()
     4xspcjvn.exe -> C:\Documents and Settings\Austin\Desktop\4xspcjvn.exe -> [2010/04/23 13:19:40 | 000,293,376 | ---- | C] ()
     exeHelper.com -> C:\Documents and Settings\Austin\Desktop\exeHelper.com -> [2010/04/23 13:18:46 | 000,294,400 | ---- | C] ()
     at60K0 -> C:\Documents and Settings\Austin\Local Settings\Application Data\at60K0 -> [2010/04/22 17:58:34 | 000,013,668 | -HS- | C] ()
     ati2sgag.exe -> C:\WINDOWS\System32\ati2sgag.exe -> [2010/04/22 12:14:31 | 000,520,192 | ---- | C] ()
     HijackThis.lnk -> C:\Documents and Settings\Austin\Desktop\HijackThis.lnk -> [2010/04/22 00:07:39 | 000,001,734 | ---- | C] ()
     Mozilla Firefox.lnk -> C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk -> [2010/04/21 17:47:10 | 000,001,602 | ---- | C] ()
     Spybot - Search & Destroy.lnk -> C:\Documents and Settings\Austin\Desktop\Spybot - Search & Destroy.lnk -> [2010/04/21 17:16:35 | 000,000,933 | ---- | C] ()
     LqB0St6ge8 -> C:\Documents and Settings\Austin\Local Settings\Application Data\LqB0St6ge8 -> [2010/04/21 17:02:50 | 000,020,320 | -HS- | C] ()
     LqB0St6ge8 -> C:\Documents and Settings\All Users\Application Data\LqB0St6ge8 -> [2010/04/21 17:02:50 | 000,020,320 | -HS- | C] ()
     RJAhr0NY5OVC -> C:\Documents and Settings\Austin\Local Settings\Application Data\RJAhr0NY5OVC -> [2010/04/21 03:00:14 | 000,016,112 | -HS- | C] ()
     RJAhr0NY5OVC -> C:\Documents and Settings\All Users\Application Data\RJAhr0NY5OVC -> [2010/04/21 03:00:14 | 000,016,112 | -HS- | C] ()
     at60K0 -> C:\Documents and Settings\All Users\Application Data\at60K0 -> [2010/04/20 17:22:38 | 000,013,668 | -HS- | C] ()
     at60K0 -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\at60K0 -> [2010/04/20 17:22:38 | 000,001,786 | -HS- | C] ()
     t62kNvy -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\t62kNvy -> [2010/04/18 14:59:55 | 000,019,332 | -HS- | C] ()
     t62kNvy -> C:\Documents and Settings\All Users\Application Data\t62kNvy -> [2010/04/18 14:59:55 | 000,019,332 | -HS- | C] ()
     t35517xJLuG -> C:\Documents and Settings\Austin\Local Settings\Application Data\t35517xJLuG -> [2010/04/18 13:42:21 | 000,013,992 | -HS- | C] ()
     t35517xJLuG -> C:\Documents and Settings\All Users\Application Data\t35517xJLuG -> [2010/04/18 13:42:21 | 000,013,992 | -HS- | C] ()
     S3BtOWUBpf5 -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\S3BtOWUBpf5 -> [2010/04/18 04:24:28 | 000,019,042 | -HS- | C] ()
     S3BtOWUBpf5 -> C:\Documents and Settings\All Users\Application Data\S3BtOWUBpf5 -> [2010/04/18 04:24:28 | 000,019,042 | -HS- | C] ()
     JH40y5L -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\JH40y5L -> [2010/04/17 15:37:09 | 000,016,652 | -HS- | C] ()
     JH40y5L -> C:\Documents and Settings\All Users\Application Data\JH40y5L -> [2010/04/17 15:37:09 | 000,016,652 | -HS- | C] ()
     Travian Farms.docx -> C:\Documents and Settings\Austin\My Documents\Travian Farms.docx -> [2010/04/17 02:14:40 | 000,011,912 | ---- | C] ()
     1585116398.dll -> C:\Documents and Settings\Austin\Local Settings\Application Data\1585116398.dll -> [2010/04/06 00:31:49 | 000,196,096 | -HS- | C] ()
     K6sEH5Ir2Is -> C:\Documents and Settings\Austin\Local Settings\Application Data\K6sEH5Ir2Is -> [2010/04/06 00:31:24 | 000,005,256 | -HS- | C] ()
     K6sEH5Ir2Is -> C:\Documents and Settings\All Users\Application Data\K6sEH5Ir2Is -> [2010/04/06 00:31:24 | 000,005,256 | -HS- | C] ()
     1360466830.dll -> C:\Documents and Settings\Austin\Local Settings\Application Data\1360466830.dll -> [2010/04/01 19:35:00 | 000,184,320 | -HS- | C] ()
     8Cq4r -> C:\Documents and Settings\Austin\Local Settings\Application Data\8Cq4r -> [2010/04/01 19:30:29 | 000,001,450 | -HS- | C] ()
     8Cq4r -> C:\Documents and Settings\All Users\Application Data\8Cq4r -> [2010/04/01 19:30:29 | 000,001,450 | -HS- | C] ()
     hpqins15.dat -> C:\WINDOWS\hpqins15.dat -> [2010/03/31 22:31:55 | 000,023,111 | ---- | C] ()
     hpqins05.dat -> C:\WINDOWS\hpqins05.dat -> [2010/03/31 22:18:58 | 000,077,350 | ---- | C] ()
     iTunes.lnk -> C:\Documents and Settings\All Users\Desktop\iTunes.lnk -> [2010/03/31 12:26:07 | 000,002,137 | ---- | C] ()
     LoaderBackup-(2010-03-30).ipd -> C:\Documents and Settings\Austin\My Documents\LoaderBackup-(2010-03-30).ipd -> [2010/03/30 11:30:34 | 002,936,293 | ---- | C] ()
     Santa Fe Stucco.bmp -> C:\WINDOWS\Santa Fe Stucco.bmp -> [2010/03/26 16:09:48 | 000,065,832 | ---- | C] ()
     River Sumida.bmp -> C:\WINDOWS\River Sumida.bmp -> [2010/03/26 16:09:48 | 000,026,680 | ---- | C] ()
     Rhododendron.bmp -> C:\WINDOWS\Rhododendron.bmp -> [2010/03/26 16:09:48 | 000,017,362 | ---- | C] ()
     Zapotec.bmp -> C:\WINDOWS\Zapotec.bmp -> [2010/03/26 16:09:48 | 000,009,522 | ---- | C] ()
     Soap Bubbles.bmp -> C:\WINDOWS\Soap Bubbles.bmp -> [2010/03/26 16:09:47 | 000,065,978 | ---- | C] ()
     Prairie Wind.bmp -> C:\WINDOWS\Prairie Wind.bmp -> [2010/03/26 16:09:47 | 000,065,954 | ---- | C] ()
     Greenstone.bmp -> C:\WINDOWS\Greenstone.bmp -> [2010/03/26 16:09:47 | 000,026,582 | ---- | C] ()
     Gone Fishing.bmp -> C:\WINDOWS\Gone Fishing.bmp -> [2010/03/26 16:09:47 | 000,017,336 | ---- | C] ()
     Coffee Bean.bmp -> C:\WINDOWS\Coffee Bean.bmp -> [2010/03/26 16:09:47 | 000,017,062 | ---- | C] ()
     FeatherTexture.bmp -> C:\WINDOWS\FeatherTexture.bmp -> [2010/03/26 16:09:47 | 000,016,730 | ---- | C] ()
     Blue Lace 16.bmp -> C:\WINDOWS\Blue Lace 16.bmp -> [2010/03/26 16:09:47 | 000,001,272 | ---- | C] ()
     subrange.uce -> C:\WINDOWS\System32\subrange.uce -> [2010/03/26 16:09:46 | 000,093,702 | ---- | C] ()
     ideograf.uce -> C:\WINDOWS\System32\ideograf.uce -> [2010/03/26 16:09:46 | 000,060,458 | ---- | C] ()
     gb2312.uce -> C:\WINDOWS\System32\gb2312.uce -> [2010/03/26 16:09:46 | 000,024,006 | ---- | C] ()
     bopomofo.uce -> C:\WINDOWS\System32\bopomofo.uce -> [2010/03/26 16:09:46 | 000,022,984 | ---- | C] ()
     shiftjis.uce -> C:\WINDOWS\System32\shiftjis.uce -> [2010/03/26 16:09:46 | 000,016,740 | ---- | C] ()
     korean.uce -> C:\WINDOWS\System32\korean.uce -> [2010/03/26 16:09:46 | 000,012,876 | ---- | C] ()
     kanji_2.uce -> C:\WINDOWS\System32\kanji_2.uce -> [2010/03/26 16:09:46 | 000,008,484 | ---- | C] ()
     kanji_1.uce -> C:\WINDOWS\System32\kanji_1.uce -> [2010/03/26 16:09:46 | 000,006,948 | ---- | C] ()
     jbezgrvs.dll -> C:\WINDOWS\System32\jbezgrvs.dll -> [2010/03/08 05:00:16 | 000,297,984 | ---- | C] ()
     mqvcwzno.dll -> C:\WINDOWS\System32\mqvcwzno.dll -> [2010/03/08 04:59:46 | 000,315,392 | ---- | C] ()
     lzeisyhh.dll -> C:\WINDOWS\System32\lzeisyhh.dll -> [2010/02/03 07:31:18 | 000,256,000 | ---- | C] ()
     phwchcez.dll -> C:\WINDOWS\System32\phwchcez.dll -> [2010/02/03 07:30:48 | 000,290,816 | ---- | C] ()
     sniduyejdscua.dll -> C:\WINDOWS\System32\sniduyejdscua.dll -> [2010/01/26 21:14:34 | 000,557,056 | ---- | C] ()
     wininit.ini -> C:\WINDOWS\wininit.ini -> [2009/07/16 21:48:16 | 000,000,076 | ---- | C] ()
     ractrlkeyhook.dll -> C:\WINDOWS\System32\ractrlkeyhook.dll -> [2009/05/14 14:29:30 | 000,008,520 | ---- | C] ()
     mkghj.dll -> C:\WINDOWS\System32\mkghj.dll -> [2008/04/13 17:59:01 | 000,000,006 | ---- | C] ()
     GTW32N50.dll -> C:\WINDOWS\System32\GTW32N50.dll -> [2008/04/02 23:02:50 | 000,094,208 | ---- | C] ()
     WLAN.INI -> C:\WINDOWS\System32\WLAN.INI -> [2008/04/02 23:02:32 | 000,000,920 | ---- | C] ()
     Ludap17.ini -> C:\WINDOWS\System32\Ludap17.ini -> [2007/12/22 03:06:07 | 000,005,627 | R--- | C] ()
     ctzapxx.ini -> C:\WINDOWS\System32\ctzapxx.ini -> [2007/12/22 03:06:07 | 000,000,039 | R--- | C] ()
     CO_Mon.sys -> C:\WINDOWS\System32\drivers\CO_Mon.sys -> [2006/10/04 07:17:36 | 000,028,672 | ---- | C] ()
     QTW.INI -> C:\WINDOWS\QTW.INI -> [2006/09/27 08:51:40 | 000,000,306 | ---- | C] ()
     wordpad.INI -> C:\WINDOWS\wordpad.INI -> [2006/09/20 11:06:27 | 000,000,754 | ---- | C] ()
     SOS.SYS -> C:\WINDOWS\SOS.SYS -> [2006/09/05 07:42:29 | 000,000,076 | ---- | C] ()
     hegames.ini -> C:\WINDOWS\hegames.ini -> [2006/07/24 08:51:07 | 000,000,503 | ---- | C] ()
     GlobalUserInterface.CompositeFont -> C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont -> [2006/06/29 14:58:52 | 000,030,808 | ---- | C] ()
     GlobalSansSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont -> [2006/06/29 14:53:56 | 000,026,489 | ---- | C] ()
     QuickInstall.INI -> C:\WINDOWS\QuickInstall.INI -> [2006/05/27 23:11:38 | 000,000,000 | ---- | C] ()
     iPlayer.INI -> C:\WINDOWS\iPlayer.INI -> [2006/05/22 20:55:43 | 000,000,000 | ---- | C] ()
     GlobalSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSerif.CompositeFont -> [2006/04/18 15:39:28 | 000,029,779 | ---- | C] ()
     GlobalMonospace.CompositeFont -> C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont -> [2006/04/18 15:39:28 | 000,026,040 | ---- | C] ()
     NemuAudio08.ini -> C:\WINDOWS\System32\NemuAudio08.ini -> [2005/10/20 08:56:06 | 000,000,126 | ---- | C] ()
     NemuVideo.ini -> C:\WINDOWS\System32\NemuVideo.ini -> [2005/10/20 08:54:40 | 000,000,065 | ---- | C] ()
     progman.ini -> C:\WINDOWS\progman.ini -> [2005/08/04 20:23:06 | 000,000,021 | ---- | C] ()
     liveup.ini -> C:\WINDOWS\liveup.ini -> [2005/07/12 15:01:54 | 000,000,044 | ---- | C] ()
     ALBUM.INI -> C:\WINDOWS\ALBUM.INI -> [2005/07/01 20:48:42 | 000,000,101 | ---- | C] ()
     P17.dll -> C:\WINDOWS\System32\P17.dll -> [2005/05/03 07:38:42 | 000,064,512 | R--- | C] ()
     tefview.ini -> C:\WINDOWS\tefview.ini -> [2005/05/02 20:47:50 | 000,001,886 | ---- | C] ()
     WinYlg10.ini -> C:\WINDOWS\WinYlg10.ini -> [2005/03/31 20:45:45 | 000,000,015 | ---- | C] ()
     MsYlg10.ini -> C:\WINDOWS\MsYlg10.ini -> [2005/03/31 20:45:18 | 000,000,008 | ---- | C] ()
     fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2005/01/31 20:45:58 | 000,001,793 | ---- | C] ()
     Eudcedit.ini -> C:\WINDOWS\Eudcedit.ini -> [2005/01/27 23:04:52 | 000,000,144 | ---- | C] ()
     ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2005/01/17 21:16:05 | 000,000,207 | ---- | C] ()
     psisdecd.dll -> C:\WINDOWS\System32\psisdecd.dll -> [2005/01/17 19:37:45 | 000,363,520 | ---- | C] ()
     xvidvfw.dll -> C:\WINDOWS\System32\xvidvfw.dll -> [2004/12/19 09:29:40 | 000,106,496 | ---- | C] ()
     xvidcore.dll -> C:\WINDOWS\System32\xvidcore.dll -> [2004/12/19 09:17:10 | 000,614,400 | ---- | C] ()
     SDelete.dll -> C:\WINDOWS\System32\SDelete.dll -> [2004/06/30 16:04:46 | 000,040,960 | ---- | C] ()
     openports.dll -> C:\WINDOWS\System32\openports.dll -> [2004/03/07 14:51:00 | 000,024,924 | ---- | C] ()
     P17CPI.dll -> C:\WINDOWS\System32\P17CPI.dll -> [2003/10/02 06:48:18 | 000,053,248 | R--- | C] ()
     OggDS.dll -> C:\WINDOWS\System32\OggDS.dll -> [2002/10/06 14:42:57 | 000,237,568 | ---- | C] ()
     VorbisEnc.dll -> C:\WINDOWS\System32\VorbisEnc.dll -> [2002/10/04 19:04:25 | 000,921,600 | ---- | C] ()
     vorbis.dll -> C:\WINDOWS\System32\vorbis.dll -> [2002/10/04 19:04:24 | 000,188,416 | ---- | C] ()
     ogg.dll -> C:\WINDOWS\System32\ogg.dll -> [2002/10/04 19:04:17 | 000,045,056 | ---- | C] ()
     ipsec.sys -> C:\WINDOWS\System32\drivers\ipsec.sys -> [2002/09/03 12:35:40 | 000,075,264 | ---- | C] ()
     mp4fil32.dll -> C:\WINDOWS\System32\mp4fil32.dll -> [2002/05/15 19:38:40 | 000,091,136 | ---- | C] ()
     msvdm.dll -> C:\WINDOWS\System32\msvdm.dll -> [2002/03/19 17:30:00 | 000,141,824 | ---- | C] ()
     vidx16.dll -> C:\WINDOWS\System32\vidx16.dll -> [1997/11/17 17:13:16 | 000,010,240 | ---- | C] ()
     giveio.sys -> C:\WINDOWS\System32\giveio.sys -> [1996/04/03 15:33:26 | 000,005,248 | ---- | C] ()
     
    [File - Lop Check]
     AOP -> C:\Documents and Settings\All Users\Application Data\AOP -> [2005/01/19 08:48:11 | 000,000,000 | ---D | M]
     avG -> C:\Documents and Settings\All Users\Application Data\avG -> [2010/04/21 03:02:50 | 000,000,000 | ---D | M]
     CA -> C:\Documents and Settings\All Users\Application Data\CA -> [2008/09/23 22:50:08 | 000,000,000 | ---D | M]
     DFX -> C:\Documents and Settings\All Users\Application Data\DFX -> [2008/04/13 18:43:09 | 000,000,000 | ---D | M]
     Diskeeper Corporation -> C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation -> [2010/04/22 14:25:49 | 000,000,000 | ---D | M]
     HotSync -> C:\Documents and Settings\All Users\Application Data\HotSync -> [2006/05/27 21:57:16 | 000,000,000 | ---D | M]
     IM -> C:\Documents and Settings\All Users\Application Data\IM -> [2008/09/26 16:24:55 | 000,000,000 | ---D | M]
     IncrediMail -> C:\Documents and Settings\All Users\Application Data\IncrediMail -> [2008/09/26 16:23:23 | 000,000,000 | ---D | M]
     myitlab -> C:\Documents and Settings\All Users\Application Data\myitlab -> [2009/05/06 22:41:46 | 000,000,000 | ---D | M]
     Napster -> C:\Documents and Settings\All Users\Application Data\Napster -> [2009/05/29 16:26:09 | 000,000,000 | ---D | M]
     NFS Underground -> C:\Documents and Settings\All Users\Application Data\NFS Underground -> [2005/10/21 19:23:10 | 000,000,000 | ---D | M]
     Research In Motion -> C:\Documents and Settings\All Users\Application Data\Research In Motion -> [2010/01/13 14:33:57 | 000,000,000 | ---D | M]
     SITEguard -> C:\Documents and Settings\All Users\Application Data\SITEguard -> [2010/02/28 15:37:59 | 000,000,000 | ---D | M]
     STOPzilla! -> C:\Documents and Settings\All Users\Application Data\STOPzilla! -> [2010/02/28 19:41:58 | 000,000,000 | ---D | M]
     TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2010/04/01 20:06:00 | 000,000,000 | ---D | M]
     TuneUp Software -> C:\Documents and Settings\All Users\Application Data\TuneUp Software -> [2007/10/01 00:50:11 | 000,000,000 | ---D | M]
     {00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} -> C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} -> [2009/03/27 19:23:30 | 000,000,000 | ---D | M]
     {429CAD59-35B1-4DBC-BB6D-1DB246563521} -> C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} -> [2010/03/31 12:26:04 | 000,000,000 | ---D | M]
     {755AC846-7372-4AC8-8550-C52491DAA8BD} -> C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} -> [2009/11/08 11:49:57 | 000,000,000 | ---D | M]
     {8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} -> C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} -> [2009/04/06 16:27:52 | 000,000,000 | ---D | M]
     ezLife -> C:\Documents and Settings\Austin\Application Data\ezLife -> [2010/02/28 02:16:11 | 000,000,000 | ---D | M]
     HotSync -> C:\Documents and Settings\Austin\Application Data\HotSync -> [2006/05/27 21:56:05 | 000,000,000 | ---D | M]
     Leadertech -> C:\Documents and Settings\Austin\Application Data\Leadertech -> [2006/05/27 21:59:53 | 000,000,000 | ---D | M]
     LimeWire -> C:\Documents and Settings\Austin\Application Data\LimeWire -> [2009/11/11 16:56:03 | 000,000,000 | ---D | M]
     Messenger -> C:\Documents and Settings\Austin\Application Data\Messenger -> [2010/02/28 02:15:50 | 000,000,000 | ---D | M]
     mjusbsp -> C:\Documents and Settings\Austin\Application Data\mjusbsp -> [2009/11/08 15:02:26 | 000,000,000 | ---D | M]
     MP3Rocket -> C:\Documents and Settings\Austin\Application Data\MP3Rocket -> [2009/03/29 18:44:01 | 000,000,000 | ---D | M]
     Qualcomm -> C:\Documents and Settings\Austin\Application Data\Qualcomm -> [2005/04/22 21:29:08 | 000,000,000 | ---D | M]
     Research In Motion -> C:\Documents and Settings\Austin\Application Data\Research In Motion -> [2009/12/13 13:59:02 | 000,000,000 | ---D | M]
     Smart-Ads-Solutions -> C:\Documents and Settings\Austin\Application Data\Smart-Ads-Solutions -> [2010/02/28 02:16:08 | 000,000,000 | ---D | M]
     Thunderbird -> C:\Documents and Settings\Austin\Application Data\Thunderbird -> [2005/03/08 08:37:51 | 000,000,000 | ---D | M]
     TuneUp Software -> C:\Documents and Settings\Austin\Application Data\TuneUp Software -> [2007/01/08 12:40:03 | 000,000,000 | ---D | M]
     Uniblue -> C:\Documents and Settings\Austin\Application Data\Uniblue -> [2009/11/15 05:17:22 | 000,000,000 | ---D | M]
     Utherverse -> C:\Documents and Settings\Austin\Application Data\Utherverse -> [2009/11/02 23:00:56 | 000,000,000 | ---D | M]
     Vso -> C:\Documents and Settings\Austin\Application Data\Vso -> [2009/07/23 17:18:10 | 000,000,000 | ---D | M]
     WholeSecurity -> C:\Documents and Settings\Austin\Application Data\WholeSecurity -> [2006/10/04 07:17:29 | 000,000,000 | ---D | M]
     Windows Live Safety Center -> C:\Documents and Settings\Austin\Application Data\Windows Live Safety Center -> [2006/10/04 07:08:29 | 000,000,000 | ---D | M]
     WinWay -> C:\Documents and Settings\Austin\Application Data\WinWay -> [2010/04/01 16:45:41 | 000,000,000 | ---D | M]
     CallingID -> C:\Documents and Settings\LocalService\Application Data\CallingID -> [2008/09/11 21:20:23 | 000,000,000 | ---D | M]
     PeerNetworking -> C:\Documents and Settings\LocalService\Application Data\PeerNetworking -> [2009/10/04 23:40:01 | 000,000,000 | ---D | M]
     
    [File - Purity Scan]
     
    [Custom Scans]
    < %SYSTEMDRIVE%\*.exe >
     cdw31.exe -> C:\cdw31.exe -> [2002/01/28 12:44:14 | 013,910,413 | R--- | M] ()
    < MD5 Scans Start>
    < %systemdrive%\AGP440.SYS  /md5 /s >
     AGP440.sys : .cab file  -> C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys -> [2005/01/17 22:05:05 | 022,245,337 | ---- | M] ()
     AGP440.sys : .cab file  -> C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys -> [2008/09/17 19:18:17 | 023,852,652 | ---- | M] ()
     AGP440.sys : .cab file  -> C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys -> [2005/01/17 22:05:05 | 022,245,337 | ---- | M] ()
     AGP440.sys : .cab file  -> C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys -> [2008/09/17 19:18:17 | 023,852,652 | ---- | M] ()
     agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7 -> C:\WINDOWS\ServicePackFiles\i386\agp440.sys -> [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation)
     agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7 -> C:\WINDOWS\system32\drivers\agp440.sys -> [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation)
     agp440.sys : MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -> C:\WINDOWS\$NtServicePackUninstall$\agp440.sys -> [2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation)
    < %systemdrive%\ATAPI.SYS  /md5 /s >
     atapi.sys : .cab file  -> C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys -> [2002/09/03 13:04:09 | 010,158,890 | ---- | M] ()
     atapi.sys : .cab file  -> C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys -> [2005/01/17 22:05:05 | 022,245,337 | ---- | M] ()
     atapi.sys : .cab file  -> C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys -> [2008/09/17 19:18:17 | 023,852,652 | ---- | M] ()
     atapi.sys : .cab file  -> C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys -> [2005/01/17 22:05:05 | 022,245,337 | ---- | M] ()
     atapi.sys : .cab file  -> C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys -> [2008/09/17 19:18:17 | 023,852,652 | ---- | M] ()
     atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674 -> C:\WINDOWS\ServicePackFiles\i386\atapi.sys -> [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation)
     atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674 -> C:\WINDOWS\system32\drivers\atapi.sys -> [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation)
     atapi.sys : MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -> C:\WINDOWS\$NtServicePackUninstall$\atapi.sys -> [2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation)
    < %systemdrive%\EVENTLOG.DLL  /md5 /s >
     eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656 -> C:\WINDOWS\ServicePackFiles\i386\eventlog.dll -> [2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation)
     eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656 -> C:\WINDOWS\system32\eventlog.dll -> [2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation)
     eventlog.dll : MD5=82B24CB70E5944E6E34662205A2A5B78 -> C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll -> [2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation)
    < %systemdrive%\NETLOGON.DLL  /md5 /s >
     netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550 -> C:\WINDOWS\ServicePackFiles\i386\netlogon.dll -> [2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation)
     netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550 -> C:\WINDOWS\system32\netlogon.dll -> [2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation)
     netlogon.dll : MD5=96353FCECBA774BB8DA74A1C6507015A -> C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll -> [2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation)
    < %systemdrive%\SCECLI.DLL  /md5 /s >
     scecli.dll : MD5=0F78E27F563F2AAF74B91A49E2ABF19A -> C:\WINDOWS\$NtServicePackUninstall$\scecli.dll -> [2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation)
     scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -> C:\WINDOWS\ServicePackFiles\i386\scecli.dll -> [2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation)
     scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -> C:\WINDOWS\system32\scecli.dll -> [2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation)
    < MD5 Scans End>
    < %systemroot%\*. /mp /s >
    Restore point Set: OTS Restore Point (0)
    < %systemroot%\system32\*.dll /lockedfiles >
     5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> 
    < %systemroot%\Tasks\*.job /lockedfiles >
    < %systemroot%\system32\drivers\*.sys /lockedfiles >
    < %systemroot%\System32\config\*.sav >
     default.sav -> C:\WINDOWS\system32\config\default.sav -> [2005/01/17 13:55:10 | 000,094,208 | ---- | M] ()
     software.sav -> C:\WINDOWS\system32\config\software.sav -> [2005/01/17 13:55:10 | 000,602,112 | ---- | M] ()
     system.sav -> C:\WINDOWS\system32\config\system.sav -> [2005/01/17 13:55:10 | 000,393,216 | ---- | M] ()
    < End of report >
    
    Step 3

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-04-23 16:55:48
    Windows 5.1.2600 Service Pack 3
    Running: 4xspcjvn.exe; Driver: C:\DOCUME~1\Austin\LOCALS~1\Temp\pxtdrpow.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
     
  8. NeonFx

    NeonFx Malware Specialist

    Joined:
    Oct 22, 2008
    Messages:
    4,811
    You did everything just fine. Normal Mode is better :)

    In the future though, please attach results that are really long using the instructions I gave you earlier so that we don't have to scroll so far down the page.


    Let's do the following in Normal Mode:



    NOTE: ComboFix should NOT be used without supervision by someone trained in its use. It does a whole lot more to a system than just remove infected files.

    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! Save ComboFix.exe to your Desktop



    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Disabling Security Programs
    • Double click on ComboFix.exe & follow the prompts.

      Note: Combofix will run without the Recovery Console installed.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    [​IMG]


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    Notes:

    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you please let me know. A increasing number of infections are spreading using Autoplay and leaving it disabled is a good idea.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
     
  9. Nitsua88

    Nitsua88 Thread Starter

    Joined:
    Apr 22, 2010
    Messages:
    11
    I finished the scan and I followed all the instructions. Here is the log as an attachment.
     

    Attached Files:

  10. NeonFx

    NeonFx Malware Specialist

    Joined:
    Oct 22, 2008
    Messages:
    4,811
    It seems the reason why we couldn't run exeHelper in normal mode was because one of your security programs was preventing it. It's a false positive by Microsoft's Security Essentials.


    Please do the following:

    1. Close any open open programs before running the fix.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open Notepad (Start > Programs > Accessories) and copy/paste the text in the codebox below into it:

    Code:
    KillAll::
    
    Suspect::
    c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
    
    Collect::
    c:\windows\system32\jbezgrvs.dll
    c:\windows\system32\drivers\kgpcpy.cfg
    c:\windows\system32\daqyepiicmdulgdq.exe
    c:\windows\system32\sniduyejdscua.dll
    c:\windows\system32\lzeisyhh.dll
    c:\program files\cdw31.exe
    c:\program files\mozilla firefox\components\adproFfx.dll
    c:\program files\mozilla firefox\components\ffxShot.dll
    c:\windows\system32\drivers\abravkty.sys 
    c:\windows\system32\drivers\axhazwgn.sys 
    c:\windows\system32\drivers\blmvggbe.sys 
    c:\windows\system32\drivers\buitlibu.sys 
    c:\windows\system32\drivers\cfkurtmo.sys 
    c:\windows\system32\drivers\cjhirmlx.sys 
    c:\windows\system32\drivers\cmllclvr.sys 
    c:\windows\system32\drivers\dnbozivw.sys 
    c:\windows\system32\drivers\ecvorbxf.sys 
    c:\windows\system32\drivers\eotiswsj.sys 
    c:\windows\system32\drivers\fptqcpft.sys 
    c:\windows\system32\drivers\fvczvxgf.sys 
    c:\windows\system32\drivers\ghouagsr.sys 
    c:\windows\system32\drivers\gpubelcq.sys 
    c:\windows\system32\drivers\heohxcof.sys 
    c:\windows\system32\drivers\hhdfbuok.sys 
    c:\windows\system32\drivers\htbyokvi.sys 
    c:\windows\system32\drivers\iooizzrn.sys 
    c:\windows\system32\drivers\isjgbujy.sys 
    c:\windows\system32\drivers\kfkvedfq.sys 
    c:\windows\system32\drivers\kpfdmdkd.sys 
    c:\windows\system32\drivers\kqkgfijx.sys 
    c:\windows\system32\drivers\lzjwnros.sys 
    c:\windows\system32\drivers\mfyqetyg.sys 
    c:\windows\system32\drivers\msrmotcq.sys 
    c:\windows\system32\drivers\mtslodhu.sys 
    c:\windows\system32\drivers\odxoclpa.sys 
    c:\windows\system32\drivers\oftzhnyu.sys 
    c:\windows\system32\drivers\orocczee.sys 
    c:\windows\system32\drivers\pecsotjw.sys 
    c:\windows\system32\drivers\pkmxtsdk.sys 
    c:\windows\system32\drivers\ptkffagf.sys 
    c:\windows\system32\drivers\qaugseww.sys 
    c:\windows\system32\drivers\qypzrnsz.sys 
    c:\windows\system32\drivers\rrnjoobg.sys 
    c:\windows\system32\drivers\rtcmraiz.sys 
    c:\windows\system32\drivers\rugdmnkj.sys 
    c:\windows\system32\drivers\tqjubgez.sys 
    c:\windows\system32\drivers\ujddvplb.sys 
    c:\windows\system32\drivers\unlgufma.sys 
    c:\windows\system32\drivers\wizyusmp.sys 
    c:\windows\system32\drivers\xaleehuy.sys 
    c:\windows\system32\drivers\xqtdjpvo.sys 
    
    Driver::
    abravkty
    axhazwgn
    blmvggbe
    buitlibu
    cfkurtmo
    cjhirmlx
    cmllclvr
    dnbozivw
    ecvorbxf
    eotiswsj
    fptqcpft
    fvczvxgf
    ghouagsr
    gpubelcq
    heohxcof
    hhdfbuok
    htbyokvi
    iooizzrn
    isjgbujy
    kfkvedfq
    kpfdmdkd
    kqkgfijx
    lzjwnros
    mfyqetyg
    msrmotcq
    mtslodhu
    odxoclpa
    oftzhnyu
    orocczee
    pecsotjw
    pkmxtsdk
    ptkffagf
    qaugseww
    qypzrnsz
    rrnjoobg
    rtcmraiz
    rugdmnkj
    tqjubgez
    ujddvplb
    unlgufma
    wizyusmp
    xaleehuy
    xqtdjpvo
    
    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"=dword:00000001
    "DisableNotifications"=dword:00000000
    NOTE: Make sure WordWrap is unchecked in Notepad by clicking on the "Format" menu icon.

    Save this as CFScript.txt, in the same location as ComboFix.exe


    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.





    After doing that, please do the following:


    [​IMG] Please run Malwarebytes' Anti-Malware
    • Update it by clicking on the Update tab and then on the button.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Full Scan", then click Scan. Scan all of your harddrives.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
     
  11. Nitsua88

    Nitsua88 Thread Starter

    Joined:
    Apr 22, 2010
    Messages:
    11
    I did the two scans and here are the results. It appears that I had a bunch of things wrong on my computer! Thanks!

    Malwarebytes' Anti-Malware 1.45
    www.malwarebytes.org

    Database version: 4028

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    4/23/2010 9:36:51 PM
    mbam-log-2010-04-23 (21-36-51).txt

    Scan type: Full scan (C:\|G:\|)
    Objects scanned: 211408
    Time elapsed: 1 hour(s), 25 minute(s), 33 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 13
    Registry Values Infected: 0
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 25

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{a9722a0d-365f-47d2-b70b-37d046316d99} (Adware.EZlife) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{d8c0508c-e235-4d9e-a27e-c8bb5f527dc9} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2e54ac53-efa4-4831-a3f6-b47b1a1937cf} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\MessengerUpdateProject.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\MsgU_pdate (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\adhlpr.adhlpr (Adware.Adrotator) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\adhlpr.adhlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Austin\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Qoobox\Quarantine\C\Documents and Settings\Austin\Application Data\Messenger\Drivers\Aud32\msgasst84.dll.vir (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\Documents and Settings\Austin\Application Data\Messenger\Drivers\Aud32\msgutil84.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\Documents and Settings\Austin\Application Data\Messenger\Sys\mu.dll.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\Program Files\ezLife\ezLife\1.3.6.0\uninstall.exe.vir (Adware.EZlife) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\Program Files\ezLife\ezLife\1.4.1.0\uninstall.exe.vir (Adware.EZlife) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\Program Files\Smart-Ads-Solutions\SmartAds\1.3.6.0\SmartAdsxtra.dll.vir (Adware.SmartAdsSolutions) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\Program Files\Smart-Ads-Solutions\SmartAds\1.3.6.0\uninstall.exe.vir (Adware.EZlife) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\Program Files\Smart-Ads-Solutions\SmartAds\1.4.1.0\uninstall.exe.vir (Adware.EZlife) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\mqvcwzno.dll.vir (Adware.Adrotator) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\phwchcez.dll.vir (Adware.EzLife) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E3B77607-7730-4143-9B32-58E4F8A56F5D}\RP1852\A0208831.dll (Adware.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E3B77607-7730-4143-9B32-58E4F8A56F5D}\RP1852\A0208832.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E3B77607-7730-4143-9B32-58E4F8A56F5D}\RP1852\A0208837.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E3B77607-7730-4143-9B32-58E4F8A56F5D}\RP1852\A0208838.exe (Adware.EZlife) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E3B77607-7730-4143-9B32-58E4F8A56F5D}\RP1852\A0208839.exe (Adware.EZlife) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E3B77607-7730-4143-9B32-58E4F8A56F5D}\RP1852\A0208841.exe (Adware.EZlife) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E3B77607-7730-4143-9B32-58E4F8A56F5D}\RP1852\A0208842.exe (Adware.EZlife) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E3B77607-7730-4143-9B32-58E4F8A56F5D}\RP1852\A0208844.dll (Adware.Adrotator) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E3B77607-7730-4143-9B32-58E4F8A56F5D}\RP1852\A0208845.dll (Adware.EzLife) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E3B77607-7730-4143-9B32-58E4F8A56F5D}\RP1852\A0208840.dll (Adware.SmartAdsSolutions) -> Quarantined and deleted successfully.
    C:\Program Files\Mozilla Firefox\components\nsFFxSHot.xpt (Adware.Adrotator) -> Quarantined and deleted successfully.
    C:\WINDOWS\sto452688.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\WINDOWS\sto452712.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\WINDOWS\sto452730.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\WINDOWS\sto453148.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
     

    Attached Files:

  12. NeonFx

    NeonFx Malware Specialist

    Joined:
    Oct 22, 2008
    Messages:
    4,811
    Yep, there was a lot on there. Let's get the rest of it:

    STEP 1

    Run OTS

    • Under the Paste Fix Here box on the right, paste in the contents of following code box

    Code:
    [Unregister Dlls]
    [Registry - All]
    < HOSTS File > ([2010/04/22 21:09:40 | 000,391,989 | R--- | M] - 13590 lines) -> C:\WINDOWS\system32\drivers\etc\hosts
    YN -> Reset Hosts -> 
    < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
    YN -> \{5b673ca2-cc98-11de-9ab7-001d7e0e68e9} -> 
    YN -> \{5b673ca2-cc98-11de-9ab7-001d7e0e68e9} -> 
    YN -> \{6229fbcb-3d56-11de-9a55-001d7e0e68e9} -> 
    YN -> \{6ef4fbdd-4d53-11dd-99f6-000bdbb6235b} -> 
    YN -> \{6ef4fbdd-4d53-11dd-99f6-000bdbb6235b} -> 
    YN -> \{6ef4fbdd-4d53-11dd-99f6-000bdbb6235b} -> 
    YN -> \{6ef4fbdd-4d53-11dd-99f6-000bdbb6235b} -> 
    YN -> \{6ef4fbdd-4d53-11dd-99f6-000bdbb6235b} -> 
    [Files/Folders - Modified Within 30 Days]
    NY ->  at60K0 -> C:\Documents and Settings\Austin\Local Settings\Application Data\at60K0
    NY ->  at60K0 -> C:\Documents and Settings\All Users\Application Data\at60K0
    NY ->  LqB0St6ge8 -> C:\Documents and Settings\Austin\Local Settings\Application Data\LqB0St6ge8
    NY ->  LqB0St6ge8 -> C:\Documents and Settings\All Users\Application Data\LqB0St6ge8
    NY ->  RJAhr0NY5OVC -> C:\Documents and Settings\Austin\Local Settings\Application Data\RJAhr0NY5OVC
    NY ->  RJAhr0NY5OVC -> C:\Documents and Settings\All Users\Application Data\RJAhr0NY5OVC
    NY ->  t62kNvy -> C:\Documents and Settings\All Users\Application Data\t62kNvy
    NY ->  t35517xJLuG -> C:\Documents and Settings\Austin\Local Settings\Application Data\t35517xJLuG
    NY ->  t35517xJLuG -> C:\Documents and Settings\All Users\Application Data\t35517xJLuG
    NY ->  S3BtOWUBpf5 -> C:\Documents and Settings\All Users\Application Data\S3BtOWUBpf5
    NY ->  JH40y5L -> C:\Documents and Settings\All Users\Application Data\JH40y5L
    NY ->  K6sEH5Ir2Is -> C:\Documents and Settings\Austin\Local Settings\Application Data\K6sEH5Ir2Is
    NY ->  K6sEH5Ir2Is -> C:\Documents and Settings\All Users\Application Data\K6sEH5Ir2Is
    NY ->  1585116398.dll -> C:\Documents and Settings\Austin\Local Settings\Application Data\1585116398.dll
    NY ->  8Cq4r -> C:\Documents and Settings\Austin\Local Settings\Application Data\8Cq4r
    NY ->  8Cq4r -> C:\Documents and Settings\All Users\Application Data\8Cq4r
    NY ->  1360466830.dll -> C:\Documents and Settings\Austin\Local Settings\Application Data\1360466830.dll
    [Files - No Company Name]
    NY ->  LqB0St6ge8 -> C:\Documents and Settings\Austin\Local Settings\Application Data\LqB0St6ge8
    NY ->  LqB0St6ge8 -> C:\Documents and Settings\All Users\Application Data\LqB0St6ge8
    NY ->  RJAhr0NY5OVC -> C:\Documents and Settings\Austin\Local Settings\Application Data\RJAhr0NY5OVC
    NY ->  RJAhr0NY5OVC -> C:\Documents and Settings\All Users\Application Data\RJAhr0NY5OVC
    NY ->  at60K0 -> C:\Documents and Settings\All Users\Application Data\at60K0
    NY ->  at60K0 -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\at60K0
    NY ->  t62kNvy -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\t62kNvy
    NY ->  t62kNvy -> C:\Documents and Settings\All Users\Application Data\t62kNvy
    NY ->  t35517xJLuG -> C:\Documents and Settings\Austin\Local Settings\Application Data\t35517xJLuG
    NY ->  t35517xJLuG -> C:\Documents and Settings\All Users\Application Data\t35517xJLuG
    NY ->  S3BtOWUBpf5 -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\S3BtOWUBpf5
    NY ->  S3BtOWUBpf5 -> C:\Documents and Settings\All Users\Application Data\S3BtOWUBpf5
    NY ->  JH40y5L -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\JH40y5L
    NY ->  JH40y5L -> C:\Documents and Settings\All Users\Application Data\JH40y5L
    NY ->  1585116398.dll -> C:\Documents and Settings\Austin\Local Settings\Application Data\1585116398.dll
    NY ->  K6sEH5Ir2Is -> C:\Documents and Settings\Austin\Local Settings\Application Data\K6sEH5Ir2Is
    NY ->  K6sEH5Ir2Is -> C:\Documents and Settings\All Users\Application Data\K6sEH5Ir2Is
    NY ->  1360466830.dll -> C:\Documents and Settings\Austin\Local Settings\Application Data\1360466830.dll
    NY ->  8Cq4r -> C:\Documents and Settings\Austin\Local Settings\Application Data\8Cq4r
    NY ->  8Cq4r -> C:\Documents and Settings\All Users\Application Data\8Cq4r
    [Custom Scans]
    NY ->  cdw31.exe -> C:\cdw31.exe
    [Empty Temp Folders]
    [EmptyFlash]
    [ClearAllRestorePoints]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • This will create a log in C:\_OTS\MovedFiles\<date>_<time>.log where date and time are those of when the fix was run. Open it from there if it does not appear automatically on reboot. Please copy and paste or attach the contents of that file here.

    Note: You may receive some errors while running the fix. Just press Ok and the fix should continue normally.
    If it seems to get stuck, give it some time. It's probably still working.


    STEP 2


    Run ESET Online Scan


    1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    2. Click the [​IMG] button.
    3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      1. Click on [​IMG] to download the ESET Smart Installer. Save it to your desktop.
      2. Double click on the [​IMG] icon on your desktop.
    4. Check [​IMG]
    5. Click the [​IMG] button.
    6. Accept any security warnings from your browser.
    7. Check [​IMG]
    8. Push the Start button.
    9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    10. When the scan completes, push [​IMG]
    11. Push [​IMG], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    12. Push the [​IMG] button.
    13. Push [​IMG]
    You can refer to this animation by neomage if needed.
     
  13. Nitsua88

    Nitsua88 Thread Starter

    Joined:
    Apr 22, 2010
    Messages:
    11
    I finish with the two scans. Here are the results.

    ESET SCAN

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondesdn.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\[4]-Submit_2010-04-23_19.39.58.zip multiple threats deleted - quarantined
    C:\Qoobox\Quarantine\C\Documents and Settings\Austin\Application Data\Messenger\Drivers\phuninst.dll.vir probably a variant of Win32/TrojanClicker.Agent trojan cleaned by deleting - quarantined
    G:\Music\Shared Music\Super Mario RPG.zip multiple threats deleted - quarantined
     
  14. Nitsua88

    Nitsua88 Thread Starter

    Joined:
    Apr 22, 2010
    Messages:
    11
    I forgot to add the attachment. Here it is.
     

    Attached Files:

  15. NeonFx

    NeonFx Malware Specialist

    Joined:
    Oct 22, 2008
    Messages:
    4,811
    Good! Nothing serious. How's the computer running? Ready for my cleanup instructions?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/918462

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice