1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help remove Protector-ivkr.exe

Discussion in 'Virus & Other Malware Removal' started by Ciera2455, Jul 10, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. Ciera2455

    Ciera2455 Thread Starter

    Joined:
    Oct 14, 2002
    Messages:
    41
    I haven't been out here in a long while (been fortunate), but thanks in advance for any help you can provide.

    Tried the usual removal tricks, Malwarebytes will not run, HouseCall will not load and Kaspersky found the culprit, but failed to remove it with their "free" tool. Want me to buy more protection I guess. I've done all this in 'safe mode'. This came in an email attachment from a friend of the hubby. I run Microsoft Security Essentials and it has been running perfectly until this. :(

    Here's my HijackThis log. I hope it has enough info in it.


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 6:01:22 PM, on 7/10/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Safe mode with network support

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\Mary Jo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Mary Jo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Mary Jo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Mary Jo\Local Settings\Temporary Internet Files\Content.IE5\PQ6R0ZL5\HijackThis[1].exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/a/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO:  - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll
    O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Comcast Toolbar - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll
    O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [LexPPS.exe] C:\WINDOWS\system32\lexpps.exe
    O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ComcastAntispyClient] "C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Mary Jo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Startup: _uninst_80465894.lnk = C:\Documents and Settings\Mary Jo\Local Settings\Temp\_uninst_80465894.bat
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at1_x.cab
    O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://69.129.103.82:8000/activex/AMC.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Comcast AntiSpyware (AntiSpywareService) - Unknown owner - C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    O23 - Service: FlipShare Server (FlipShareServer) - Unknown owner - C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
    O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O24 - Desktop Component 0: (no name) - http://www.usps.org/e_stuff/BC.jpg

    --
    End of file - 11221 bytes
     
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,650
    Please download DDS by sUBs to your desktop from one of the following locations:

    http://download.bleepingcomputer.com/sUBs/dds.scr
    http://www.forospyware.com/sUBs/dds

    Double-click the DDS.scr to run the tool.

    When DDS has finished scanning, it will open two logs named as follows:

    DDS.txt
    Attach.txt

    Save them both to your desktop. Copy and paste the contents of the DDS.txt and Attach.txt files in your reply please.


    Please download GMER from: http://gmer.net/index.php

    Click on the "Download EXE" button and save the randomly named .exe file to your desktop.

    Note: You must uninstall any CD Emulation programs that you have before running GMER as they can cause conflicts and give false results.

    Double click the GMER .exe file on your desktop to run the tool and it will automatically do a quick scan.

    If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are unchecked on the right-hand side:

    IAT/EAT
    Any drive letter other than the primary system drive (which is generally C).

    Click the Scan button and when the scan is finished, click Save and save the log in Notepad with the name ark.txt to your desktop.

    Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the computer during the scan as it may cause it to freeze. You should disable your screen saver as if it comes on it may cause the program to freeze.

    Open the ark.txt file and copy and paste the contents of the log here please.
     
  3. Ciera2455

    Ciera2455 Thread Starter

    Joined:
    Oct 14, 2002
    Messages:
    41
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_33
    Run by Mary Jo at 8:47:40 on 2012-07-16
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1334 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    FW: COMODO Firewall Pro *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
    C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\DSentry.exe
    C:\WINDOWS\Logi_MwX.Exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\lexpps.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe
    C:\Documents and Settings\Mary Jo\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.comcast.net/a/
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uSearch Bar =
    mWindow Title = Windows Internet Explorer provided by Comcast
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?p=%s
    uURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
    BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
    TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes0411.dll
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide
    uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
    uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
    uRun: [Google Update] "c:\documents and settings\mary jo\local settings\application data\google\update\GoogleUpdate.exe" /c
    mRun: [DVDSentry] c:\windows\system32\DSentry.exe
    mRun: [Logitech Utility] Logi_MwX.Exe
    mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
    mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    mPolicies-explorer: <NO NAME> =
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
    IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: sumtotalsystems.com\allstate
    DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: Yahoo! Backgammon - hxxp://download.games.yahoo.com/games/clients/y/at1_x.cab
    DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - hxxp://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
    DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - hxxp://housecall60.trendmicro.com/housecall/xscan60.cab
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
    DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
    DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
    DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://download.yahoo.com/dl/installs/yinst0401.cab
    DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
    DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
    DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {A8658086-E6AC-4957-BC8E-8D54A7E8A790} - hxxp://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB
    DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
    DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
    DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://69.129.103.82:8000/activex/AMC.cab
    DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} - hxxp://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{99B2922A-F756-441F-AD63-68DAAE86535E} : DhcpNameServer = 75.75.75.75 75.75.76.76
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
    IFEO: a.exe - svchost.exe
    IFEO: aAvgApi.exe - svchost.exe
    IFEO: AAWTray.exe - svchost.exe
    IFEO: About.exe - svchost.exe
    IFEO: Ad-Aware.exe - svchost.exe
    .
    Note: multiple IFEO entries found. Please refer to Attach.txt
    Hosts: 127.0.0.1 www.spywareinfo.com
    Hosts: 10.254.254.253 Xdrive
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\mary jo\application data\mozilla\firefox\profiles\aapazohb.default\
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/
    FF - plugin: c:\documents and settings\mary jo\application data\facebook\npfbplugin_1_0_1.dll
    FF - plugin: c:\documents and settings\mary jo\application data\facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\documents and settings\mary jo\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
    FF - plugin: c:\program files\musicnotes\npmusicn.dll
    FF - plugin: c:\program files\musicnotes\NPSibelius.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
    FF - plugin: c:\windows\system32\npdeployJava1.dll
    FF - plugin: c:\windows\system32\NPPLG90N.DLL
    FF - plugin: c:\windows\system32\npptools.dll
    FF - plugin: c:\windows\system32\npwmsdrm.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 171064]
    R1 MpKslb8595e48;MpKslb8595e48;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8e82412e-ab82-41b8-903f-7fded73e1694}\MpKslb8595e48.sys [2012-7-16 29904]
    R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-3-16 616408]
    R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2011-5-6 1085440]
    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-26 189736]
    R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
    S1 areawcjv;areawcjv;\??\c:\windows\system32\drivers\areawcjv.sys --> c:\windows\system32\drivers\areawcjv.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 USBDriver;RCA CDS1000 640x480 Driver;c:\windows\system32\drivers\cds1000.sys --> c:\windows\system32\drivers\cds1000.sys [?]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-11 250056]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-3 129976]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
    .
    =============== Created Last 30 ================
    .
    2012-07-16 13:32:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-16 07:09:28 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8e82412e-ab82-41b8-903f-7fded73e1694}\offreg.dll
    2012-07-16 07:09:28 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8e82412e-ab82-41b8-903f-7fded73e1694}\MpKslb8595e48.sys
    2012-07-15 22:03:36 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8e82412e-ab82-41b8-903f-7fded73e1694}\mpengine.dll
    2012-07-14 16:03:24 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2012-07-12 03:45:09 -------- d-----w- c:\program files\SpywareBlaster
    2012-07-10 20:28:00 106496 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll
    2012-07-10 20:28:00 106496 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll
    2012-07-10 20:28:00 106496 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll
    2012-07-10 20:28:00 106496 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll
    2012-07-10 20:28:00 106496 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll
    2012-07-10 20:28:00 106496 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll
    2012-06-22 10:29:30 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
    .
    ==================== Find3M ====================
    .
    2012-07-12 06:30:47 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-07-12 06:30:44 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-06-22 10:28:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2012-06-22 10:28:31 472840 ----a-w- c:\windows\system32\deployJava1.dll
    2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
    2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
    2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
    2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
    2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
    2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
    2012-06-02 20:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
    2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
    2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
    2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
    2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
    2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 12:32:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2003-08-07 14:25:26 11066953 ------w- c:\program files\Helix_Producer_Basic_9.0.1_Setup.exe
    .
    ============= FINISH: 8:49:18.50 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 5/14/2003 8:58:21 PM
    System Uptime: 7/15/2012 4:50:26 PM (16 hours ago)
    .
    Motherboard: Dell Computer Corp. | | 0G0728
    Processor: Intel(R) Pentium(R) 4 CPU 2.66GHz | Microprocessor | 2660/533mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 112 GiB total, 54.682 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is FIXED (NTFS) - 466 GiB total, 447.665 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP2167: 5/2/2012 8:25:30 AM - Software Distribution Service 3.0
    RP2168: 5/3/2012 1:58:45 PM - Software Distribution Service 3.0
    RP2169: 5/4/2012 2:44:50 PM - System Checkpoint
    RP2170: 5/4/2012 9:19:56 PM - Software Distribution Service 3.0
    RP2171: 5/5/2012 10:16:11 PM - System Checkpoint
    RP2172: 5/6/2012 6:52:01 AM - Software Distribution Service 3.0
    RP2173: 5/7/2012 7:38:55 AM - Software Distribution Service 3.0
    RP2174: 5/8/2012 8:43:45 AM - Software Distribution Service 3.0
    RP2175: 5/9/2012 8:32:13 AM - Software Distribution Service 3.0
    RP2176: 5/10/2012 9:29:55 AM - Software Distribution Service 3.0
    RP2177: 5/11/2012 9:44:19 AM - Software Distribution Service 3.0
    RP2178: 5/12/2012 12:19:30 PM - System Checkpoint
    RP2179: 5/13/2012 2:13:31 AM - Software Distribution Service 3.0
    RP2180: 5/13/2012 9:13:15 AM - Software Distribution Service 3.0
    RP2181: 5/14/2012 12:38:37 PM - System Checkpoint
    RP2182: 5/14/2012 4:50:48 PM - Software Distribution Service 3.0
    RP2183: 5/14/2012 9:55:56 PM - Software Distribution Service 3.0
    RP2184: 5/16/2012 9:51:50 AM - Software Distribution Service 3.0
    RP2185: 5/16/2012 10:11:53 AM - Software Distribution Service 3.0
    RP2186: 5/17/2012 11:09:58 AM - Software Distribution Service 3.0
    RP2187: 5/18/2012 11:34:40 AM - System Checkpoint
    RP2188: 5/18/2012 9:07:35 PM - Software Distribution Service 3.0
    RP2189: 5/19/2012 11:27:44 PM - System Checkpoint
    RP2190: 5/20/2012 10:22:42 AM - Software Distribution Service 3.0
    RP2191: 5/21/2012 12:09:03 PM - System Checkpoint
    RP2192: 5/22/2012 9:31:12 AM - Software Distribution Service 3.0
    RP2193: 5/23/2012 2:02:42 AM - Software Distribution Service 3.0
    RP2194: 5/23/2012 3:23:30 PM - Software Distribution Service 3.0
    RP2195: 5/24/2012 8:16:59 PM - Software Distribution Service 3.0
    RP2196: 5/25/2012 6:18:23 PM - Software Distribution Service 3.0
    RP2197: 5/26/2012 9:27:41 PM - Software Distribution Service 3.0
    RP2198: 5/28/2012 4:34:52 AM - Software Distribution Service 3.0
    RP2199: 5/29/2012 9:42:21 AM - Software Distribution Service 3.0
    RP2200: 5/30/2012 8:40:05 AM - Software Distribution Service 3.0
    RP2201: 5/31/2012 9:25:21 AM - Software Distribution Service 3.0
    RP2202: 6/1/2012 10:39:44 AM - Software Distribution Service 3.0
    RP2203: 6/2/2012 11:05:15 AM - Software Distribution Service 3.0
    RP2204: 6/3/2012 1:22:08 PM - System Checkpoint
    RP2205: 6/3/2012 4:23:39 PM - Software Distribution Service 3.0
    RP2206: 6/4/2012 4:33:12 PM - System Checkpoint
    RP2207: 6/5/2012 2:20:53 AM - Software Distribution Service 3.0
    RP2208: 6/5/2012 10:52:54 AM - Software Distribution Service 3.0
    RP2209: 6/6/2012 11:53:29 AM - System Checkpoint
    RP2210: 6/6/2012 7:42:22 PM - Software Distribution Service 3.0
    RP2211: 6/8/2012 6:26:58 AM - Software Distribution Service 3.0
    RP2212: 6/9/2012 9:34:23 AM - Software Distribution Service 3.0
    RP2213: 6/10/2012 10:20:12 AM - Software Distribution Service 3.0
    RP2214: 6/11/2012 6:06:49 PM - System Checkpoint
    RP2215: 6/12/2012 6:33:11 AM - Software Distribution Service 3.0
    RP2216: 6/14/2012 4:43:46 PM - Software Distribution Service 3.0
    RP2217: 6/15/2012 3:14:37 AM - Software Distribution Service 3.0
    RP2218: 6/16/2012 9:46:09 AM - Software Distribution Service 3.0
    RP2219: 6/17/2012 10:49:28 AM - Software Distribution Service 3.0
    RP2220: 6/18/2012 1:29:27 PM - System Checkpoint
    RP2221: 6/18/2012 7:32:37 PM - Software Distribution Service 3.0
    RP2222: 6/20/2012 8:14:54 AM - Software Distribution Service 3.0
    RP2223: 6/21/2012 11:15:25 AM - System Checkpoint
    RP2224: 6/22/2012 5:26:21 AM - Removed Java(TM) 6 Update 31
    RP2225: 6/22/2012 5:28:00 AM - Installed Java(TM) 6 Update 33
    RP2226: 6/22/2012 5:30:22 AM - Software Distribution Service 3.0
    RP2227: 6/23/2012 7:57:03 AM - Software Distribution Service 3.0
    RP2228: 6/24/2012 7:59:02 AM - Software Distribution Service 3.0
    RP2229: 6/25/2012 9:26:47 AM - Software Distribution Service 3.0
    RP2230: 6/26/2012 10:08:01 AM - System Checkpoint
    RP2231: 6/27/2012 5:51:49 AM - Software Distribution Service 3.0
    RP2232: 6/28/2012 9:25:03 AM - Software Distribution Service 3.0
    RP2233: 6/29/2012 9:54:42 AM - Software Distribution Service 3.0
    RP2234: 6/30/2012 5:51:26 PM - Software Distribution Service 3.0
    RP2235: 7/1/2012 6:00:29 PM - System Checkpoint
    RP2236: 7/2/2012 9:09:12 AM - Software Distribution Service 3.0
    RP2237: 7/3/2012 9:27:28 AM - System Checkpoint
    RP2238: 7/3/2012 5:10:28 PM - Software Distribution Service 3.0
    RP2239: 7/4/2012 5:57:18 PM - System Checkpoint
    RP2240: 7/5/2012 6:20:47 AM - Software Distribution Service 3.0
    RP2241: 7/6/2012 8:52:12 AM - Software Distribution Service 3.0
    RP2242: 7/7/2012 3:18:55 PM - System Checkpoint
    RP2243: 7/7/2012 6:33:33 PM - Software Distribution Service 3.0
    RP2244: 7/8/2012 8:01:14 PM - System Checkpoint
    RP2245: 7/9/2012 6:10:11 AM - Software Distribution Service 3.0
    RP2246: 7/10/2012 9:02:02 AM - Software Distribution Service 3.0
    RP2247: 7/12/2012 12:43:36 AM - Software Distribution Service 3.0
    RP2248: 7/12/2012 3:16:54 AM - Software Distribution Service 3.0
    RP2249: 7/13/2012 10:21:46 AM - Software Distribution Service 3.0
    RP2250: 7/14/2012 11:03:16 AM - Software Distribution Service 3.0
    RP2251: 7/15/2012 5:03:29 PM - Software Distribution Service 3.0
    .
    ==== Image File Execution Options =============
    .
    IFEO: a.exe - svchost.exe
    IFEO: aAvgApi.exe - svchost.exe
    IFEO: AAWTray.exe - svchost.exe
    IFEO: About.exe - svchost.exe
    IFEO: Ad-Aware.exe - svchost.exe
    IFEO: adaware.exe - svchost.exe
    IFEO: advxdwin.exe - svchost.exe
    IFEO: AdwarePrj.exe - svchost.exe
    IFEO: agent.exe - svchost.exe
    IFEO: agentsvr.exe - svchost.exe
    IFEO: agentw.exe - svchost.exe
    IFEO: alertsvc.exe - svchost.exe
    IFEO: alevir.exe - svchost.exe
    IFEO: alogserv.exe - svchost.exe
    IFEO: AlphaAV - svchost.exe
    IFEO: AlphaAV.exe - svchost.exe
    IFEO: AluSchedulerSvc.exe - svchost.exe
    IFEO: amon9x.exe - svchost.exe
    IFEO: Anti-Virus Professional.exe - svchost.exe
    IFEO: AntispywarXP2009.exe - svchost.exe
    IFEO: antivirus.exe - svchost.exe
    IFEO: AntivirusPlus - svchost.exe
    IFEO: AntivirusPlus.exe - svchost.exe
    IFEO: AntivirusPro_2010.exe - svchost.exe
    IFEO: AntivirusXP - svchost.exe
    IFEO: AntivirusXP.exe - svchost.exe
    IFEO: antivirusxppro2009.exe - svchost.exe
    IFEO: AntiVirus_Pro.exe - svchost.exe
    IFEO: ants.exe - svchost.exe
    IFEO: apimonitor.exe - svchost.exe
    IFEO: aplica32.exe - svchost.exe
    IFEO: arr.exe - svchost.exe
    IFEO: ashAvast.exe - svchost.exe
    IFEO: ashBug.exe - svchost.exe
    IFEO: ashChest.exe - svchost.exe
    IFEO: ashCnsnt.exe - svchost.exe
    IFEO: ashDisp.exe - svchost.exe
    IFEO: ashLogV.exe - svchost.exe
    IFEO: ashMaiSv.exe - svchost.exe
    IFEO: ashPopWz.exe - svchost.exe
    IFEO: ashQuick.exe - svchost.exe
    IFEO: ashServ.exe - svchost.exe
    IFEO: ashSimp2.exe - svchost.exe
    IFEO: ashSimpl.exe - svchost.exe
    IFEO: ashSkPcc.exe - svchost.exe
    IFEO: ashSkPck.exe - svchost.exe
    IFEO: ashUpd.exe - svchost.exe
    IFEO: ashWebSv.exe - svchost.exe
    IFEO: aswChLic.exe - svchost.exe
    IFEO: aswRegSvr.exe - svchost.exe
    IFEO: aswRunDll.exe - svchost.exe
    IFEO: aswUpdSv.exe - svchost.exe
    IFEO: atcon.exe - svchost.exe
    IFEO: atguard.exe - svchost.exe
    IFEO: atro55en.exe - svchost.exe
    IFEO: atupdater.exe - svchost.exe
    IFEO: atwatch.exe - svchost.exe
    IFEO: au.exe - svchost.exe
    IFEO: aupdate.exe - svchost.exe
    IFEO: auto-protect.nav80try.exe - svchost.exe
    IFEO: autotrace.exe - svchost.exe
    IFEO: autoupdate.exe - svchost.exe
    IFEO: av360.exe - svchost.exe
    IFEO: avadmin.exe - svchost.exe
    IFEO: AVCare.exe - svchost.exe
    IFEO: avcenter.exe - svchost.exe
    IFEO: avciman.exe - svchost.exe
    IFEO: avconfig.exe - svchost.exe
    IFEO: AVENGINE.EXE - svchost.exe
    IFEO: avgcc32.exe - svchost.exe
    IFEO: avgchk.exe - svchost.exe
    IFEO: avgcmgr.exe - svchost.exe
    IFEO: avgcsrvx.exe - svchost.exe
    IFEO: avgdumpx.exe - svchost.exe
    IFEO: avgemc.exe - svchost.exe
    IFEO: avgiproxy.exe - svchost.exe
    IFEO: avgnsx.exe - svchost.exe
    IFEO: avgnt.exe - svchost.exe
    IFEO: avgrsx.exe - svchost.exe
    IFEO: avgscanx.exe - svchost.exe
    IFEO: avgserv.exe - svchost.exe
    IFEO: avgserv9.exe - svchost.exe
    IFEO: avgsrmax.exe - svchost.exe
    IFEO: avgtray.exe - svchost.exe
    IFEO: avguard.exe - svchost.exe
    IFEO: avgui.exe - svchost.exe
    IFEO: avgupd.exe - svchost.exe
    IFEO: avgw.exe - svchost.exe
    IFEO: avgwdsvc.exe - svchost.exe
    IFEO: avkpop.exe - svchost.exe
    IFEO: avkservice.exe - svchost.exe
    IFEO: avkwctl9.exe - svchost.exe
    IFEO: avltmain.exe - svchost.exe
    IFEO: avmailc.exe - svchost.exe
    IFEO: avmcdlg.exe - svchost.exe
    IFEO: avnotify.exe - svchost.exe
    IFEO: avshadow.exe - svchost.exe
    IFEO: avsynmgr.exe - svchost.exe
    IFEO: avupgsvc.exe - svchost.exe
    IFEO: AVWEBGRD.EXE - svchost.exe
    IFEO: avwin.exe - svchost.exe
    IFEO: avwinnt.exe - svchost.exe
    IFEO: avwsc.exe - svchost.exe
    IFEO: avwupd.exe - svchost.exe
    IFEO: avwupsrv.exe - svchost.exe
    IFEO: avxmonitor9x.exe - svchost.exe
    IFEO: avxmonitornt.exe - svchost.exe
    IFEO: avxquar.exe - svchost.exe
    IFEO: b.exe - svchost.exe
    IFEO: backweb.exe - svchost.exe
    IFEO: bargains.exe - svchost.exe
    IFEO: bdfvcl.exe - svchost.exe
    IFEO: bdfvwiz.exe - svchost.exe
    IFEO: BDInProcPatch.exe - svchost.exe
    IFEO: bdmcon.exe - svchost.exe
    IFEO: BDMsnScan.exe - svchost.exe
    IFEO: BDSurvey.exe - svchost.exe
    IFEO: bd_professional.exe - svchost.exe
    IFEO: beagle.exe - svchost.exe
    IFEO: belt.exe - svchost.exe
    IFEO: bidef.exe - svchost.exe
    IFEO: bidserver.exe - svchost.exe
    IFEO: bipcp.exe - svchost.exe
    IFEO: bipcpevalsetup.exe - svchost.exe
    IFEO: bisp.exe - svchost.exe
    IFEO: blink.exe - svchost.exe
    IFEO: blss.exe - svchost.exe
    IFEO: bootconf.exe - svchost.exe
    IFEO: bootwarn.exe - svchost.exe
    IFEO: borg2.exe - svchost.exe
    IFEO: bpc.exe - svchost.exe
    IFEO: brasil.exe - svchost.exe
    IFEO: brastk.exe - svchost.exe
    IFEO: brw.exe - svchost.exe
    IFEO: bs120.exe - svchost.exe
    IFEO: bspatch.exe - svchost.exe
    IFEO: bundle.exe - svchost.exe
    IFEO: bvt.exe - svchost.exe
    IFEO: c.exe - svchost.exe
    IFEO: cavscan.exe - svchost.exe
    IFEO: ccapp.exe - svchost.exe
    IFEO: ccevtmgr.exe - svchost.exe
    IFEO: ccpxysvc.exe - svchost.exe
    IFEO: ccSvcHst.exe - svchost.exe
    IFEO: cdp.exe - svchost.exe
    IFEO: cfd.exe - svchost.exe
    IFEO: cfgwiz.exe - svchost.exe
    IFEO: cfp.exe - svchost.exe
    IFEO: cfpconfg.exe - svchost.exe
    IFEO: cfplogvw.exe - svchost.exe
    IFEO: cfpupdat.exe - svchost.exe
    IFEO: clean.exe - svchost.exe
    IFEO: cleanIELow.exe - svchost.exe
    IFEO: cleanpc.exe - svchost.exe
    IFEO: click.exe - svchost.exe
    IFEO: cmd32.exe - svchost.exe
    IFEO: cmdagent.exe - svchost.exe
    IFEO: cmesys.exe - svchost.exe
    IFEO: cmgrdian.exe - svchost.exe
    IFEO: cmon016.exe - svchost.exe
    IFEO: connectionmonitor.exe - svchost.exe
    IFEO: control - svchost.exe
    IFEO: cpd.exe - svchost.exe
    IFEO: cpf9x206.exe - svchost.exe
    IFEO: cpfnt206.exe - svchost.exe
    IFEO: crashrep.exe - svchost.exe
    IFEO: csc.exe - svchost.exe
    IFEO: cssconfg.exe - svchost.exe
    IFEO: cssupdat.exe - svchost.exe
    IFEO: cssurf.exe - svchost.exe
    IFEO: ctrl.exe - svchost.exe
    IFEO: cv.exe - svchost.exe
    IFEO: cwnb181.exe - svchost.exe
    IFEO: cwntdwmo.exe - svchost.exe
    IFEO: d.exe - svchost.exe
    IFEO: datemanager.exe - svchost.exe
    IFEO: dcomx.exe - svchost.exe
    IFEO: defalert.exe - svchost.exe
    IFEO: defscangui.exe - svchost.exe
    IFEO: defwatch.exe - svchost.exe
    IFEO: deloeminfs.exe - svchost.exe
    IFEO: deputy.exe - svchost.exe
    IFEO: divx.exe - svchost.exe
    IFEO: dllcache.exe - svchost.exe
    IFEO: dllreg.exe - svchost.exe
    IFEO: doors.exe - svchost.exe
    IFEO: dop.exe - svchost.exe
    IFEO: dpf.exe - svchost.exe
    IFEO: dpfsetup.exe - svchost.exe
    IFEO: dpps2.exe - svchost.exe
    IFEO: driverctrl.exe - svchost.exe
    IFEO: drwatson.exe - svchost.exe
    IFEO: drweb32.exe - svchost.exe
    IFEO: drwebupw.exe - svchost.exe
    IFEO: dssagent.exe - svchost.exe
    IFEO: efpeadm.exe - svchost.exe
    IFEO: emsw.exe - svchost.exe
    IFEO: ent.exe - svchost.exe
    IFEO: escanhnt.exe - svchost.exe
    IFEO: escanv95.exe - svchost.exe
    IFEO: espwatch.exe - svchost.exe
    IFEO: ethereal.exe - svchost.exe
    IFEO: etrustcipe.exe - svchost.exe
    IFEO: evpn.exe - svchost.exe
    IFEO: exantivirus-cnet.exe - svchost.exe
    IFEO: exe.avxw.exe - svchost.exe
    IFEO: expert.exe - svchost.exe
    IFEO: explore.exe - svchost.exe
    IFEO: fact.exe - svchost.exe
    IFEO: fameh32.exe - svchost.exe
    IFEO: fast.exe - svchost.exe
    IFEO: fch32.exe - svchost.exe
    IFEO: fih32.exe - svchost.exe
    IFEO: firewall.exe - svchost.exe
    IFEO: fixcfg.exe - svchost.exe
    IFEO: fixfp.exe - svchost.exe
    IFEO: fnrb32.exe - svchost.exe
    IFEO: fp-win_trial.exe - svchost.exe
    IFEO: frmwrk32.exe - svchost.exe
    IFEO: fsaa.exe - svchost.exe
    IFEO: fsav.exe - svchost.exe
    IFEO: fsav32.exe - svchost.exe
    IFEO: fsav530stbyb.exe - svchost.exe
    IFEO: fsav530wtbyb.exe - svchost.exe
    IFEO: fsav95.exe - svchost.exe
    IFEO: fsgk32.exe - svchost.exe
    IFEO: fsm32.exe - svchost.exe
    IFEO: fsma32.exe - svchost.exe
    IFEO: fsmb32.exe - svchost.exe
    IFEO: gator.exe - svchost.exe
    IFEO: gav.exe - svchost.exe
    IFEO: gbmenu.exe - svchost.exe
    IFEO: gbn976rl.exe - svchost.exe
    IFEO: gbpoll.exe - svchost.exe
    IFEO: generics.exe - svchost.exe
    IFEO: gmt.exe - svchost.exe
    IFEO: guard.exe - svchost.exe
    IFEO: guarddog.exe - svchost.exe
    IFEO: guardgui.exe - svchost.exe
    IFEO: guardxkickoff.exe - svchost.exe
    IFEO: hacktracersetup.exe - svchost.exe
    IFEO: hbinst.exe - svchost.exe
    IFEO: hbsrv.exe - svchost.exe
    IFEO: History.exe - svchost.exe
    IFEO: homeav2010.exe - svchost.exe
    IFEO: hotactio.exe - svchost.exe
    IFEO: hotpatch.exe - svchost.exe
    IFEO: htlog.exe - svchost.exe
    IFEO: htpatch.exe - svchost.exe
    IFEO: hwpe.exe - svchost.exe
    IFEO: hxdl.exe - svchost.exe
    IFEO: hxiul.exe - svchost.exe
    IFEO: iamstats.exe - svchost.exe
    IFEO: Identity.exe - svchost.exe
    IFEO: idle.exe - svchost.exe
    IFEO: iedll.exe - svchost.exe
    IFEO: iedriver.exe - svchost.exe
    IFEO: IEShow.exe - svchost.exe
    IFEO: ifw2000.exe - svchost.exe
    IFEO: inetlnfo.exe - svchost.exe
    IFEO: infus.exe - svchost.exe
    IFEO: infwin.exe - svchost.exe
    IFEO: init.exe - svchost.exe
    IFEO: init32.exe - svchost.exe
    IFEO: install[1].exe - svchost.exe
    IFEO: install[2].exe - svchost.exe
    IFEO: install[3].exe - svchost.exe
    IFEO: install[4].exe - svchost.exe
    IFEO: install[5].exe - svchost.exe
    IFEO: intdel.exe - svchost.exe
    IFEO: intren.exe - svchost.exe
    IFEO: istsvc.exe - svchost.exe
    IFEO: jammer.exe - svchost.exe
    IFEO: jdbgmrg.exe - svchost.exe
    IFEO: JsRcGen.exe - svchost.exe
    IFEO: kavlite40eng.exe - svchost.exe
    IFEO: kavpers40eng.exe - svchost.exe
    IFEO: kavpf.exe - svchost.exe
    IFEO: kazza.exe - svchost.exe
    IFEO: keenvalue.exe - svchost.exe
    IFEO: kerio-pf-213-en-win.exe - svchost.exe
    IFEO: kerio-wrl-421-en-win.exe - svchost.exe
    IFEO: kerio-wrp-421-en-win.exe - svchost.exe
    IFEO: killprocesssetup161.exe - svchost.exe
    IFEO: ldnetmon.exe - svchost.exe
    IFEO: ldpro.exe - svchost.exe
    IFEO: ldpromenu.exe - svchost.exe
    IFEO: ldscan.exe - svchost.exe
    IFEO: licmgr.exe - svchost.exe
    IFEO: lnetinfo.exe - svchost.exe
    IFEO: loader.exe - svchost.exe
    IFEO: localnet.exe - svchost.exe
    IFEO: lockdown.exe - svchost.exe
    IFEO: lordpe.exe - svchost.exe
    IFEO: lsetup.exe - svchost.exe
    IFEO: luau.exe - svchost.exe
    IFEO: lucomserver.exe - svchost.exe
    IFEO: luinit.exe - svchost.exe
    IFEO: luspt.exe - svchost.exe
    IFEO: MalwareRemoval.exe - svchost.exe
    IFEO: mapisvc32.exe - svchost.exe
    IFEO: mbam.exe - svchost.exe
    IFEO: mbamgui.exe - svchost.exe
    IFEO: mbamservice.exe - svchost.exe
    IFEO: mcagent.exe - svchost.exe
    IFEO: mcmnhdlr.exe - svchost.exe
    IFEO: mcmpeng.exe - svchost.exe
    IFEO: mcmscsvc.exe - svchost.exe
    IFEO: mcnasvc.exe - svchost.exe
    IFEO: mcproxy.exe - svchost.exe
    IFEO: McSACore.exe - svchost.exe
    IFEO: mcshell.exe - svchost.exe
    IFEO: mcshield.exe - svchost.exe
    IFEO: mcsysmon.exe - svchost.exe
    IFEO: mctool.exe - svchost.exe
    IFEO: mcupdate.exe - svchost.exe
    IFEO: mcvsrte.exe - svchost.exe
    IFEO: mcvsshld.exe - svchost.exe
    IFEO: md.exe - svchost.exe
    IFEO: mfin32.exe - svchost.exe
    IFEO: mfw2en.exe - svchost.exe
    IFEO: mfweng3.02d30.exe - svchost.exe
    IFEO: mgavrtcl.exe - svchost.exe
    IFEO: mgavrte.exe - svchost.exe
    IFEO: mghtml.exe - svchost.exe
    IFEO: mgui.exe - svchost.exe
    IFEO: minilog.exe - svchost.exe
    IFEO: mmod.exe - svchost.exe
    IFEO: monitor.exe - svchost.exe
    IFEO: mostat.exe - svchost.exe
    IFEO: mpfagent.exe - svchost.exe
    IFEO: mpfservice.exe - svchost.exe
    IFEO: MPFSrv.exe - svchost.exe
    IFEO: mrflux.exe - svchost.exe
    IFEO: mrt.exe - svchost.exe
    IFEO: msa.exe - svchost.exe
    IFEO: msapp.exe - svchost.exe
    IFEO: msbb.exe - svchost.exe
    IFEO: msblast.exe - svchost.exe
    IFEO: mscache.exe - svchost.exe
    IFEO: msccn32.exe - svchost.exe
    IFEO: mscman.exe - svchost.exe
    IFEO: msconfig - svchost.exe
    IFEO: msdm.exe - svchost.exe
    IFEO: msdos.exe - svchost.exe
    IFEO: msiexec16.exe - svchost.exe
    IFEO: mslaugh.exe - svchost.exe
    IFEO: msmgt.exe - svchost.exe
    IFEO: msmsgri32.exe - svchost.exe
    IFEO: mssmmc32.exe - svchost.exe
    IFEO: mssys.exe - svchost.exe
    IFEO: msvxd.exe - svchost.exe
    IFEO: mu0311ad.exe - svchost.exe
    IFEO: mwatch.exe - svchost.exe
    IFEO: nav.exe - svchost.exe
    IFEO: navap.navapsvc.exe - svchost.exe
    IFEO: navdx.exe - svchost.exe
    IFEO: navstub.exe - svchost.exe
    IFEO: nc2000.exe - svchost.exe
    IFEO: ncinst4.exe - svchost.exe
    IFEO: ndd32.exe - svchost.exe
    IFEO: neomonitor.exe - svchost.exe
    IFEO: neowatchlog.exe - svchost.exe
    IFEO: netarmor.exe - svchost.exe
    IFEO: netd32.exe - svchost.exe
    IFEO: netinfo.exe - svchost.exe
    IFEO: netmon.exe - svchost.exe
    IFEO: netscanpro.exe - svchost.exe
    IFEO: netspyhunter-1.2.exe - svchost.exe
    IFEO: netutils.exe - svchost.exe
    IFEO: nisserv.exe - svchost.exe
    IFEO: nmain.exe - svchost.exe
    IFEO: nod32.exe - svchost.exe
    IFEO: norton_internet_secu_3.0_407.exe - svchost.exe
    IFEO: notstart.exe - svchost.exe
    IFEO: npf40_tw_98_nt_me_2k.exe - svchost.exe
    IFEO: npfmessenger.exe - svchost.exe
    IFEO: nprotect.exe - svchost.exe
    IFEO: npscheck.exe - svchost.exe
    IFEO: npssvc.exe - svchost.exe
    IFEO: nsched32.exe - svchost.exe
    IFEO: nssys32.exe - svchost.exe
    IFEO: nstask32.exe - svchost.exe
    IFEO: nsupdate.exe - svchost.exe
    IFEO: nt.exe - svchost.exe
    IFEO: ntrtscan.exe - svchost.exe
    IFEO: ntvdm.exe - svchost.exe
    IFEO: ntxconfig.exe - svchost.exe
    IFEO: nui.exe - svchost.exe
    IFEO: nvarch16.exe - svchost.exe
    IFEO: nvsvc32.exe - svchost.exe
    IFEO: nwinst4.exe - svchost.exe
    IFEO: nwservice.exe - svchost.exe
    IFEO: nwtool16.exe - svchost.exe
    IFEO: OAcat.exe - svchost.exe
    IFEO: OAhlp.exe - svchost.exe
    IFEO: OAReg.exe - svchost.exe
    IFEO: oasrv.exe - svchost.exe
    IFEO: oaui.exe - svchost.exe
    IFEO: oaview.exe - svchost.exe
    IFEO: ODSW.exe - svchost.exe
    IFEO: ollydbg.exe - svchost.exe
    IFEO: onsrvr.exe - svchost.exe
    IFEO: optimize.exe - svchost.exe
    IFEO: ostronet.exe - svchost.exe
    IFEO: otfix.exe - svchost.exe
    IFEO: outpost.exe - svchost.exe
    IFEO: outpostinstall.exe - svchost.exe
    IFEO: outpostproinstall.exe - svchost.exe
    IFEO: ozn695m5.exe - svchost.exe
    IFEO: padmin.exe - svchost.exe
    IFEO: panixk.exe - svchost.exe
    IFEO: patch.exe - svchost.exe
    IFEO: pav.exe - svchost.exe
    IFEO: PavFnSvr.exe - svchost.exe
    IFEO: pavproxy.exe - svchost.exe
    IFEO: pavprsrv.exe - svchost.exe
    IFEO: pavsrv51.exe - svchost.exe
    IFEO: pc.exe - svchost.exe
    IFEO: pcip10117_0.exe - svchost.exe
    IFEO: pcscan.exe - svchost.exe
    IFEO: pctsAuxs.exe - svchost.exe
    IFEO: pctsGui.exe - svchost.exe
    IFEO: pctsSvc.exe - svchost.exe
    IFEO: pctsTray.exe - svchost.exe
    IFEO: PC_Antispyware2010.exe - svchost.exe
    IFEO: pdfndr.exe - svchost.exe
    IFEO: pdsetup.exe - svchost.exe
    IFEO: PerAvir.exe - svchost.exe
    IFEO: periscope.exe - svchost.exe
    IFEO: personalguard - svchost.exe
    IFEO: personalguard.exe - svchost.exe
    IFEO: perswf.exe - svchost.exe
    IFEO: pf2.exe - svchost.exe
    IFEO: pfwadmin.exe - svchost.exe
    IFEO: pgmonitr.exe - svchost.exe
    IFEO: pingscan.exe - svchost.exe
    IFEO: platin.exe - svchost.exe
    IFEO: pop3trap.exe - svchost.exe
    IFEO: poproxy.exe - svchost.exe
    IFEO: popscan.exe - svchost.exe
    IFEO: portdetective.exe - svchost.exe
    IFEO: portmonitor.exe - svchost.exe
    IFEO: powerscan.exe - svchost.exe
    IFEO: ppinupdt.exe - svchost.exe
    IFEO: pptbc.exe - svchost.exe
    IFEO: ppvstop.exe - svchost.exe
    IFEO: prizesurfer.exe - svchost.exe
    IFEO: prmt.exe - svchost.exe
    IFEO: prmvr.exe - svchost.exe
    IFEO: procdump.exe - svchost.exe
    IFEO: processmonitor.exe - svchost.exe
    IFEO: procexplorerv1.0.exe - svchost.exe
    IFEO: programauditor.exe - svchost.exe
    IFEO: proport.exe - svchost.exe
    IFEO: protector.exe - svchost.exe
    IFEO: protectx.exe - svchost.exe
    IFEO: PSANCU.exe - svchost.exe
    IFEO: PSANHost.exe - svchost.exe
    IFEO: PSANToManager.exe - svchost.exe
    IFEO: PsCtrls.exe - svchost.exe
    IFEO: PsImSvc.exe - svchost.exe
    IFEO: PskSvc.exe - svchost.exe
    IFEO: pspf.exe - svchost.exe
    IFEO: PSUNMain.exe - svchost.exe
    IFEO: purge.exe - svchost.exe
    IFEO: qconsole.exe - svchost.exe
    IFEO: qh.exe - svchost.exe
    IFEO: qserver.exe - svchost.exe
    IFEO: Quick Heal.exe - svchost.exe
    IFEO: QuickHealCleaner.exe - svchost.exe
    IFEO: rapapp.exe - svchost.exe
    IFEO: rav8win32eng.exe - svchost.exe
    IFEO: ray.exe - svchost.exe
    IFEO: rb32.exe - svchost.exe
    IFEO: rcsync.exe - svchost.exe
    IFEO: realmon.exe - svchost.exe
    IFEO: reged.exe - svchost.exe
    IFEO: regedt32.exe - svchost.exe
    IFEO: rescue.exe - svchost.exe
    IFEO: rescue32.exe - svchost.exe
    IFEO: rrguard.exe - svchost.exe
    IFEO: rscdwld.exe - svchost.exe
    IFEO: rshell.exe - svchost.exe
    IFEO: rtvscan.exe - svchost.exe
    IFEO: rtvscn95.exe - svchost.exe
    IFEO: rulaunch.exe - svchost.exe
    IFEO: rwg - svchost.exe
    IFEO: rwg.exe - svchost.exe
    IFEO: SafetyKeeper.exe - svchost.exe
    IFEO: sahagent.exe - svchost.exe
    IFEO: Save.exe - svchost.exe
    IFEO: SaveArmor.exe - svchost.exe
    IFEO: SaveDefense.exe - svchost.exe
    IFEO: SaveKeep.exe - svchost.exe
    IFEO: savenow.exe - svchost.exe
    IFEO: sbserv.exe - svchost.exe
    IFEO: sc.exe - svchost.exe
    IFEO: scam32.exe - svchost.exe
    IFEO: Secure Veteran.exe - svchost.exe
    IFEO: secureveteran.exe - svchost.exe
    IFEO: Security Center.exe - svchost.exe
    IFEO: SecurityFighter.exe - svchost.exe
    IFEO: securitysoldier.exe - svchost.exe
    IFEO: setloadorder.exe - svchost.exe
    IFEO: setupvameeval.exe - svchost.exe
    IFEO: setup_flowprotector_us.exe - svchost.exe
    IFEO: sgssfw32.exe - svchost.exe
    IFEO: sh.exe - svchost.exe
    IFEO: shellspyinstall.exe - svchost.exe
    IFEO: shield.exe - svchost.exe
    IFEO: shn.exe - svchost.exe
    IFEO: showbehind.exe - svchost.exe
    IFEO: signcheck.exe - svchost.exe
    IFEO: smart.exe - svchost.exe
    IFEO: smartprotector.exe - svchost.exe
    IFEO: smrtdefp.exe - svchost.exe
    IFEO: sms.exe - svchost.exe
    IFEO: smss32.exe - svchost.exe
    IFEO: snetcfg.exe - svchost.exe
    IFEO: soap.exe - svchost.exe
    IFEO: sofi.exe - svchost.exe
    IFEO: SoftSafeness.exe - svchost.exe
    IFEO: sperm.exe - svchost.exe
    IFEO: spf.exe - svchost.exe
    IFEO: spoler.exe - svchost.exe
    IFEO: spoolcv.exe - svchost.exe
    IFEO: spoolsv32.exe - svchost.exe
    IFEO: spywarexpguard.exe - svchost.exe
    IFEO: spyxx.exe - svchost.exe
    IFEO: srexe.exe - svchost.exe
    IFEO: srng.exe - svchost.exe
    IFEO: ss3edit.exe - svchost.exe
    IFEO: ssgrate.exe - svchost.exe
    IFEO: ssg_4104.exe - svchost.exe
    IFEO: st2.exe - svchost.exe
    IFEO: start.exe - svchost.exe
    IFEO: stcloader.exe - svchost.exe
    IFEO: supftrl.exe - svchost.exe
    IFEO: support.exe - svchost.exe
    IFEO: supporter5.exe - svchost.exe
    IFEO: svc.exe - svchost.exe
    IFEO: svchostc.exe - svchost.exe
    IFEO: svchosts.exe - svchost.exe
    IFEO: svshost.exe - svchost.exe
    IFEO: sweepnet.sweepsrv.sys.swnetsup.exe - svchost.exe
    IFEO: symlcsvc.exe - svchost.exe
    IFEO: symproxysvc.exe - svchost.exe
    IFEO: symtray.exe - svchost.exe
    IFEO: system.exe - svchost.exe
    IFEO: system32.exe - svchost.exe
    IFEO: sysupd.exe - svchost.exe
    IFEO: tapinstall.exe - svchost.exe
    IFEO: taumon.exe - svchost.exe
    IFEO: tc.exe - svchost.exe
    IFEO: tcm.exe - svchost.exe
    IFEO: tds-3.exe - svchost.exe
    IFEO: teekids.exe - svchost.exe
    IFEO: tfak.exe - svchost.exe
    IFEO: tfak5.exe - svchost.exe
    IFEO: tgbob.exe - svchost.exe
    IFEO: titanin.exe - svchost.exe
    IFEO: titaninxp.exe - svchost.exe
    IFEO: TPSrv.exe - svchost.exe
    IFEO: trickler.exe - svchost.exe
    IFEO: trjscan.exe - svchost.exe
    IFEO: trjsetup.exe - svchost.exe
    IFEO: trojantrap3.exe - svchost.exe
    IFEO: TrustWarrior.exe - svchost.exe
    IFEO: tsadbot.exe - svchost.exe
    IFEO: tsc.exe - svchost.exe
    IFEO: tvmd.exe - svchost.exe
    IFEO: tvtmd.exe - svchost.exe
    IFEO: undoboot.exe - svchost.exe
    IFEO: updat.exe - svchost.exe
    IFEO: upgrad.exe - svchost.exe
    IFEO: utpost.exe - svchost.exe
    IFEO: vbcmserv.exe - svchost.exe
    IFEO: vbcons.exe - svchost.exe
    IFEO: vbust.exe - svchost.exe
    IFEO: vbwin9x.exe - svchost.exe
    IFEO: vbwinntw.exe - svchost.exe
    IFEO: vcsetup.exe - svchost.exe
    IFEO: vet32.exe - svchost.exe
    IFEO: vfsetup.exe - svchost.exe
    IFEO: vir-help.exe - svchost.exe
    IFEO: virusmdpersonalfirewall.exe - svchost.exe
    IFEO: virusutilities.exe - svchost.exe
    IFEO: VisthAux.exe - svchost.exe
    IFEO: VisthLic.exe - svchost.exe
    IFEO: VisthUpd.exe - svchost.exe
    IFEO: vnlan300.exe - svchost.exe
    IFEO: vnpc3000.exe - svchost.exe
    IFEO: vpc32.exe - svchost.exe
    IFEO: vpc42.exe - svchost.exe
    IFEO: vpfw30s.exe - svchost.exe
    IFEO: vptray.exe - svchost.exe
    IFEO: vscenu6.02d30.exe - svchost.exe
    IFEO: vsched.exe - svchost.exe
    IFEO: vsisetup.exe - svchost.exe
    IFEO: vsmain.exe - svchost.exe
    IFEO: vsmon.exe - svchost.exe
    IFEO: vswin9xe.exe - svchost.exe
    IFEO: vswinntse.exe - svchost.exe
    IFEO: vswinperse.exe - svchost.exe
    IFEO: w32dsm89.exe - svchost.exe
    IFEO: W3asbas.exe - svchost.exe
    IFEO: w9x.exe - svchost.exe
    IFEO: watchdog.exe - svchost.exe
    IFEO: webdav.exe - svchost.exe
    IFEO: WebProxy.exe - svchost.exe
    IFEO: webtrap.exe - svchost.exe
    IFEO: whoswatchingme.exe - svchost.exe
    IFEO: wimmun32.exe - svchost.exe
    IFEO: win-bugsfix.exe - svchost.exe
    IFEO: win32.exe - svchost.exe
    IFEO: win32us.exe - svchost.exe
    IFEO: winactive.exe - svchost.exe
    IFEO: winav.exe - svchost.exe
    IFEO: windll32.exe - svchost.exe
    IFEO: window.exe - svchost.exe
    IFEO: windows Police Pro.exe - svchost.exe
    IFEO: windows.exe - svchost.exe
    IFEO: wininetd.exe - svchost.exe
    IFEO: wininitx.exe - svchost.exe
    IFEO: winlogin.exe - svchost.exe
    IFEO: winmain.exe - svchost.exe
    IFEO: winppr32.exe - svchost.exe
    IFEO: winrecon.exe - svchost.exe
    IFEO: winservn.exe - svchost.exe
    IFEO: winssk32.exe - svchost.exe
    IFEO: winstart.exe - svchost.exe
    IFEO: winstart001.exe - svchost.exe
    IFEO: wintsk32.exe - svchost.exe
    IFEO: winupdate.exe - svchost.exe
    IFEO: wkufind.exe - svchost.exe
    IFEO: wnad.exe - svchost.exe
    IFEO: wnt.exe - svchost.exe
    IFEO: wradmin.exe - svchost.exe
    IFEO: wrctrl.exe - svchost.exe
    IFEO: wsbgate.exe - svchost.exe
    IFEO: wscfxas.exe - svchost.exe
    IFEO: wscfxav.exe - svchost.exe
    IFEO: wscfxfw.exe - svchost.exe
    IFEO: wsctool.exe - svchost.exe
    IFEO: wupdater.exe - svchost.exe
    IFEO: wupdt.exe - svchost.exe
    IFEO: wyvernworksfirewall.exe - svchost.exe
    IFEO: xpdeluxe.exe - svchost.exe
    IFEO: xpf202en.exe - svchost.exe
    IFEO: xp_antispyware.exe - svchost.exe
    IFEO: zapro.exe - svchost.exe
    IFEO: zapsetup3001.exe - svchost.exe
    IFEO: zatutor.exe - svchost.exe
    IFEO: zonalm2601.exe - svchost.exe
    IFEO: ~1.exe - svchost.exe
    IFEO: ~2.exe - svchost.exe
    .
    ==== Installed Programs ======================
    .
    .
    Sansa Media Converter
    3ivx MPEG-4 5.0.3 (remove only)
    Acrobat.com
    Adobe AIR
    Adobe Digital Editions
    Adobe Download Manager
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.3)
    Adobe Shockwave Player 11.6
    Amazon MP3 Downloader 1.0.10
    AnswerWorks 4.0 Runtime - English
    ArcSoft PhotoImpression 5
    ArcSoft PhotoStudio 5.5
    Banctec Service Agreement
    CA Pest Patrol Realtime Protection
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon Camera Window DC_DV 5 for ZoomBrowser EX
    Canon Camera Window DC_DV 6 for ZoomBrowser EX
    Canon Camera Window MC 6 for ZoomBrowser EX
    Canon G.726 WMP-Decoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon RAW Image Task for ZoomBrowser EX
    Canon RemoteCapture Task for ZoomBrowser EX
    Canon Utilities EOS Utility
    Canon Utilities PhotoStitch
    Canon Utilities ZoomBrowser EX
    CCleaner
    CDDRV_Installer
    CK McCormick Creative Clips & fonts
    ClickArt® Fonts 2
    Comcast High-Speed Internet Install Wizard
    Comcast Toolbar 3.0
    Compatibility Pack for the 2007 Office system
    Conexant SmartHSFi V92 56K DF PCI Modem
    Creating Keepsakes Scrapbook Designer
    Critical Update for Windows Media Player 11 (KB959772)
    DAO
    Dell Digital Jukebox Driver
    Dell Picture Studio - Dell Image Expert
    Dell Solution Center
    Dell Support 5.0.0 (766)
    DesignPro 5.0 Media Edition
    Digital Line Detect
    DVDSentry
    EarthLink Free Trial
    Easy CD Creator 5 Basic
    EPSON Print CD
    EPSON Printer Software
    EPSON Stylus Photo R380 User's Guide
    erLT
    Excel 2000 Quattro Pro 7.0 Converter
    exPressit S.E. 2.2
    Facebook Plug-In
    FlipShare
    Free Window Registry Repair
    Google Chrome
    Google Earth
    Google Updater
    Helix Producer Basic 9
    Help and Support Customization
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Image Resizer Powertoy for Windows XP
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet
    Internet Explorer Q903235
    IrfanView (remove only)
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 8
    Java Auto Updater
    Java Web Start
    Java(TM) 6 Update 33
    Java(TM) 6 Update 7
    Learn2 Player (Uninstall Only)
    Lizardtech DjVu Control (autoinstall)
    Logitech Desktop Messenger
    Logitech MouseWare 9.79.1
    Logitech Resource Center
    Malwarebytes Anti-Malware version 1.61.0.1400
    MapSource - Americas BlueChart v4.00
    MediaFACE 4.0
    MediaFACE 4.0 Business Image Library
    MediaFACE 4.0 General Image Library
    MediaFACE 4.0 Lifestyle Image Library
    MediaFACE 4.0 Music Image Library
    MediaFACE 4.0 Special Occasion Image Library
    MediaFACE 4.0 Spiritual Image Library
    Microsoft .NET Framework (English)
    Microsoft .NET Framework (English) v1.0.3705
    Microsoft .NET Framework 1.0 Hotfix (KB928367)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB2656370)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Data Access Components KB870669
    Microsoft FrontPage 2002
    Microsoft Image Composer 1.5
    Microsoft Interactive Training
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Converter Pack
    Microsoft Office File Validation Add-In
    Microsoft Office Professional Edition 2003
    Microsoft Office XP Media Content
    Microsoft Office XP Web Components
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Web Publishing Wizard 1.52
    Modem Helper
    Move Networks Media Player for Internet Explorer
    Mozilla Firefox 12.0 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB973686)
    Musicnotes Software Suite 1.5.3
    Nero Suite
    NetWaiting
    NOOK for PC
    NVIDIA Display Driver
    NVIDIA Drivers
    OGA Notifier 2.0.0048.0
    PaperPort 8.0 SE
    POINT
    PowerDVD
    QuickTime
    RealPlayer
    Revo Uninstaller 1.91
    Score Writer 2.6
    Seagate Manager Installer
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB2183461)
    Security Update for Windows Internet Explorer 7 (KB2360131)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 9 (KB911565)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2124261)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2290570)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953155)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB970483)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975254)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976323)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Shockwave
    Sibelius Scorch (ActiveX Only)
    Sound Blaster Live!
    Spelling Dictionaries Support For Adobe Reader 9
    Spybot - Search & Destroy
    SpywareBlaster 4.6
    swMSM
    The Print Shop 20
    The Print Shop Premium Fonts
    TurboTax 2010
    TurboTax 2010 wiliper
    TurboTax 2010 WinPerFedFormset
    TurboTax 2010 WinPerReleaseEngine
    TurboTax 2010 WinPerTaxSupport
    TurboTax 2010 wrapper
    TurboTax 2011
    TurboTax 2011 wiliper
    TurboTax 2011 WinPerFedFormset
    TurboTax 2011 WinPerReleaseEngine
    TurboTax 2011 WinPerTaxSupport
    TurboTax 2011 wrapper
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows Internet Explorer 8 (KB2362765)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Viewpoint Manager (Remove Only)
    Viewpoint Media Player
    Visioneer OneTouch 9320
    Walmart MP3 Music Downloads
    WebFldrs XP
    Windows Defender
    Windows Defender Signatures
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage v1.3.0254.0
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WinZip
    Yahoo! Customizations
    Yahoo! Messenger
    Yahoo! Messenger Explorer Bar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/12/2012 10:51:38 AM, error: Print [19] - Sharing printer failed + 1722, Printer PaperPort Color share name Printer.
    7/11/2012 9:04:55 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdudf_xp Fips intelppm MpFilter
    7/11/2012 9:04:55 AM, error: Service Control Manager [7001] - The World Wide Web Publishing service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start.
    7/11/2012 9:04:55 AM, error: Service Control Manager [7001] - The Simple Mail Transfer Protocol (SMTP) service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start.
    7/11/2012 9:04:55 AM, error: Service Control Manager [7001] - The FTP Publishing service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start.
    7/11/2012 9:04:55 AM, error: Service Control Manager [7001] - The Fax service depends on the Print Spooler service which failed to start because of the following error: The dependency service or group failed to start.
    7/11/2012 7:39:11 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the NVIDIA Display Driver Service service to connect.
    7/11/2012 7:39:11 PM, error: Service Control Manager [7000] - The RCA CDS1000 640x480 Driver service failed to start due to the following error: The system cannot find the file specified.
    7/11/2012 7:39:11 PM, error: Service Control Manager [7000] - The NVIDIA Display Driver Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/11/2012 7:38:20 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    7/11/2012 4:28:59 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    7/11/2012 3:49:39 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    7/11/2012 11:02:54 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.1379.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    7/10/2012 4:32:53 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
    7/10/2012 4:01:51 PM, error: Service Control Manager [7000] - The 6282009drv service failed to start due to the following error: Access is denied.
    .
    ==== End Of File ===========================

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-07-16 11:33:32
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3120023A rev.3.33
    Running: 5dk4i7z5.exe; Driver: C:\DOCUME~1\MARYJO~1\LOCALS~1\Temp\uxlyrpog.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xB9B2E340, 0x121A5F, 0xF8000020]
    .text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF012380, 0x25BA81, 0xF8000020]
    ? C:\DOCUME~1\MARYJO~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs InCDrec.SYS (InCD File System Recognizer/Nero AG)

    Device \FileSystem\Fastfat \Fat B283ED20

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Nero AG)

    ---- EOF - GMER 1.0.15 ----

    Thanks for your help :eek:
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,650
    Please visit Combofix Guide & Instructions for instructions for installing the recovery console and downloading and running ComboFix.

    The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

    Post the log from ComboFix when you've accomplished that.

    Important notes regarding ComboFix:

    ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

    ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.
     
  5. Ciera2455

    Ciera2455 Thread Starter

    Joined:
    Oct 14, 2002
    Messages:
    41
    ComboFix 12-07-16.01 - Mary Jo 07/18/2012 2:26.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1417 [GMT -5:00]
    Running from: c:\documents and settings\Mary Jo\Desktop\ComboFix.exe
    AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    FW: COMODO Firewall Pro *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\DirectCDUserNameE.txt
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\Mary Jo\WINDOWS
    c:\documents and settings\Rick\WINDOWS
    c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
    c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
    c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
    c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
    c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
    c:\program files\Mozilla Firefox\Plugins\npqtplugin2.dll
    c:\program files\Mozilla Firefox\Plugins\npqtplugin3.dll
    c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
    c:\program files\Mozilla Firefox\Plugins\npqtplugin5.dll
    c:\program files\Mozilla Firefox\Plugins\npqtplugin6.dll
    c:\program files\QuickTime\Plugins\npqtplugin2.dll
    c:\program files\QuickTime\Plugins\npqtplugin3.dll
    c:\program files\QuickTime\Plugins\npqtplugin4.dll
    c:\program files\QuickTime\Plugins\npqtplugin5.dll
    c:\program files\QuickTime\Plugins\npqtplugin6.dll
    c:\program files\Search Toolbar
    c:\program files\Search Toolbar\SearchToolbar.dll
    c:\program files\Search Toolbar\SearchToolbarUpdater.exe
    c:\windows\system32\Cache
    c:\windows\system32\PowerToyReadme.htm
    c:\windows\system32\SET8B.tmp
    c:\windows\system32\SET8E.tmp
    c:\windows\system32\SET91.tmp
    c:\windows\system32\SET94.tmp
    c:\windows\system32\SET97.tmp
    c:\windows\system32\SET9A.tmp
    F:\autorun.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-18 to 2012-07-18 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-18 02:45 . 2012-06-29 08:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B765DA97-88D0-4693-A9AC-DD8E16B7A417}\mpengine.dll
    2012-07-17 22:08 . 2012-07-17 22:08 1409 ----a-w- c:\windows\QTFont.for
    2012-07-16 23:40 . 2012-06-29 08:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-07-16 16:35 . 2012-07-16 16:36 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
    2012-07-16 16:35 . 2012-07-16 16:35 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
    2012-07-16 13:32 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-12 03:45 . 2012-07-12 03:47 -------- d-----w- c:\program files\SpywareBlaster
    2012-07-11 09:12 . 2012-07-11 09:12 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
    2012-07-11 08:49 . 2012-07-11 08:49 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
    2012-07-10 20:28 . 2012-07-10 20:28 106496 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
    2012-06-22 10:29 . 2012-06-22 10:28 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-12 06:30 . 2012-04-12 03:04 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-07-12 06:30 . 2011-05-15 03:08 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-06-22 10:28 . 2008-11-11 01:17 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2012-06-22 10:28 . 2010-04-25 15:23 472840 ----a-w- c:\windows\system32\deployJava1.dll
    2012-06-13 13:19 . 2002-08-29 10:00 1866112 ----a-w- c:\windows\system32\win32k.sys
    2012-06-05 15:50 . 2009-08-19 23:07 1372672 ------w- c:\windows\system32\msxml6.dll
    2012-06-05 15:50 . 2004-08-26 18:54 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-04 04:32 . 2002-08-29 10:00 152576 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 20:19 . 2007-05-31 23:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
    2012-06-02 20:19 . 2007-05-31 23:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 20:19 . 2004-08-03 19:03 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
    2012-06-02 20:19 . 2004-08-03 19:02 329240 ----a-w- c:\windows\system32\wucltui.dll
    2012-06-02 20:19 . 2004-08-03 18:59 210968 ----a-w- c:\windows\system32\wuweb.dll
    2012-06-02 20:19 . 2007-05-31 23:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
    2012-06-02 20:19 . 2005-05-26 09:16 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 20:19 . 2004-08-03 19:02 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 20:19 . 2004-08-03 18:59 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 20:19 . 2002-08-29 10:00 97304 ----a-w- c:\windows\system32\cdm.dll
    2012-06-02 20:19 . 2007-05-31 23:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2012-06-02 20:19 . 2004-08-03 19:00 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 20:19 . 2002-08-29 10:00 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 20:18 . 2007-06-01 23:31 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
    2012-06-02 20:18 . 2006-09-05 00:02 214256 ----a-w- c:\windows\system32\muweb.dll
    2012-06-02 20:18 . 2006-02-12 09:41 275696 ----a-w- c:\windows\system32\mucltui.dll
    2012-05-31 13:22 . 2002-09-23 20:10 599040 ----a-w- c:\windows\system32\crypt32.dll
    2012-05-16 15:08 . 2005-04-27 15:54 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-05-11 14:42 . 2002-08-29 10:00 43520 ------w- c:\windows\system32\licmgr10.dll
    2012-05-11 14:42 . 2002-08-29 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-05-11 11:38 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
    2012-05-04 13:12 . 1980-01-01 05:00 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 12:32 . 1980-01-01 05:00 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-05-02 13:46 . 2002-08-29 10:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2003-08-07 14:25 . 2003-08-07 14:25 11066953 ------w- c:\program files\Helix_Producer_Basic_9.0.1_Setup.exe
    2012-07-16 16:35 . 2011-09-30 15:19 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ComcastAntispyClient"="c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-12-04 1622488]
    "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]
    "NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2003-10-06 49152]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-14 28672]
    "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-01-31 98304]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-19 185872]
    "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
    "nwiz"="nwiz.exe" [2003-10-06 741376]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2003-10-06 49152]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Creating Keepsakes Scrapbook Designer Event Reminder.lnk]
    backup=c:\windows\pss\Creating Keepsakes Scrapbook Designer Event Reminder.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
    backup=c:\windows\pss\Google Updater.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
    backup=c:\windows\pss\ymetray.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
    2005-10-11 23:25 1961984 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 15:50 155648 ----a-w- c:\windows\SYSTEM32\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor]
    2003-08-18 13:12 98304 ------w- c:\program files\Visioneer OneTouch\OneTouchMon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2005-01-31 17:24 98304 ------w- c:\program files\QuickTime\qttask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2009-01-19 06:38 185872 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "24726:TCP"= 24726:TCP:FlipShareServer
    "24727:TCP"= 24727:TCP:FlipShareServer
    .
    R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [3/16/2009 4:37 PM 616408]
    R2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [5/6/2011 12:58 PM 1085440]
    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/26/2009 12:32 AM 189736]
    R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 6:53 PM 13672]
    S1 areawcjv;areawcjv;\??\c:\windows\system32\drivers\areawcjv.sys --> c:\windows\system32\drivers\areawcjv.sys [?]
    S2 USBDriver;RCA CDS1000 640x480 Driver;c:\windows\system32\Drivers\cds1000.sys --> c:\windows\system32\Drivers\cds1000.sys [?]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe [4/11/2012 10:04 PM 250056]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6/3/2012 9:03 PM 113120]
    S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-18 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 06:30]
    .
    2012-07-17 c:\windows\Tasks\Backup.job
    - c:\windows\SYSTEM32\ntbackup.exe [2002-08-29 00:12]
    .
    2012-07-17 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-31 23:20]
    .
    2012-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2589259409-1540086843-2969841051-1005Core.job
    - c:\documents and settings\Mary Jo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-01 03:33]
    .
    2012-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2589259409-1540086843-2969841051-1005UA.job
    - c:\documents and settings\Mary Jo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-01 03:33]
    .
    2009-05-19 c:\windows\Tasks\Initial Backup.job
    - c:\windows\system32\ntbackup.exe [2002-08-29 00:12]
    .
    2003-05-15 c:\windows\Tasks\ISP signup reminder 1.job
    - c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 00:12]
    .
    2012-07-18 c:\windows\Tasks\User_Feed_Synchronization-{C3B178F0-672A-40FB-BCFD-2061D6CE3E75}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.comcast.net/a/
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    mWindow Title = Windows Internet Explorer provided by Comcast
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?p=%s
    IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: sumtotalsystems.com\allstate
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://69.129.103.82:8000/activex/AMC.cab
    FF - ProfilePath - c:\documents and settings\Mary Jo\Application Data\Mozilla\Firefox\Profiles\aapazohb.default\
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    AddRemove-Free Window Registry Repair - c:\progra~1\FREEWI~1\UNWISE.EXE
    AddRemove-Motorola USB Modem Installation - c:\program files\Motorola Inc.\Motorola USB Modem Installation\Uninst.isu
    AddRemove-Score Writer 2.6 - c:\windows\unvise32.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-07-18 02:39
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2589259409-1540086843-2969841051-1005\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(512)
    c:\program files\CA\PPRT\bin\CACheck.dll
    c:\program files\CA\PPRT\bin\CAHook.dll
    c:\program files\CA\PPRT\bin\CAServer.dll
    .
    Completion time: 2012-07-18 02:45:13
    ComboFix-quarantined-files.txt 2012-07-18 07:44
    .
    Pre-Run: 66,632,929,280 bytes free
    Post-Run: 67,259,162,624 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
    .
    - - End Of File - - 3CC7AB5ECA67B0125EF8FCA614D9D587
     
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,650
    Download OTL to your Desktop.
    • Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under Custom Scans/Fixes type in Netsvcs
    • Click the Run Scan button. Do not change any other settings unless otherwise instructed. The scan won't take long.
    • When the scan completes, it will open two Notepad windows called OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy and paste the contents of both of these files here in your next reply.
     
  7. Ciera2455

    Ciera2455 Thread Starter

    Joined:
    Oct 14, 2002
    Messages:
    41
    Have downloaded OTL 4 times and keep getting an error message when trying to run.

    "OTL has encountered a problem and needs to close". See attached.

    Any suggestions???

    Thanks for your help.
     

    Attached Files:

  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,650
    Go to Start - Run and copy and paste the following then click OK:

    regedit /e C:\look.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options"

    You won't see anything happen and it will only take a second. You will find the report it creates at C:\look.txt. Please open it in Notepad and then copy and paste the report here.
     
  9. Ciera2455

    Ciera2455 Thread Starter

    Joined:
    Oct 14, 2002
    Messages:
    41
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apitrap.dll]
    "CheckAppHelp"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASSTE.dll]
    "CheckAppHelp"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSTE.dll]
    "CheckAppHelp"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleanup.dll]
    "CheckAppHelp"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe]
    "ApplicationGoo"=hex:14,02,00,00,10,02,00,00,00,02,00,00,90,04,34,00,00,00,56,\
    00,53,00,5f,00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,\
    46,00,4f,00,00,00,00,00,bd,04,ef,fe,00,00,01,00,00,00,07,00,0b,00,00,00,00,\
    00,07,00,0b,00,00,00,3f,00,00,00,02,00,00,00,04,00,01,00,01,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,44,00,00,00,01,00,56,00,61,00,72,00,46,00,69,\
    00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,00,00,24,00,04,00,00,00,54,00,\
    72,00,61,00,6e,00,73,00,6c,00,61,00,74,00,69,00,6f,00,6e,00,00,00,00,00,09,\
    04,e4,04,f0,03,00,00,01,00,53,00,74,00,72,00,69,00,6e,00,67,00,46,00,69,00,\
    6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,cc,03,00,00,01,00,30,00,34,00,30,\
    00,39,00,30,00,34,00,45,00,34,00,00,00,4a,00,19,00,01,00,43,00,6f,00,6d,00,\
    6d,00,65,00,6e,00,74,00,73,00,00,00,43,00,72,00,79,00,73,00,74,00,61,00,6c,\
    00,20,00,53,00,51,00,4c,00,20,00,44,00,65,00,73,00,69,00,67,00,6e,00,65,00,\
    72,00,20,00,37,00,2e,00,30,00,00,00,00,00,88,00,34,00,01,00,43,00,6f,00,6d,\
    00,70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00,00,00,53,00,65,00,\
    61,00,67,00,61,00,74,00,65,00,20,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,\
    00,65,00,20,00,49,00,6e,00,66,00,6f,00,72,00,6d,00,61,00,74,00,69,00,6f,00,\
    6e,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,20,\
    00,47,00,72,00,6f,00,75,00,70,00,2c,00,20,00,49,00,6e,00,63,00,2e,00,00,00,\
    ae,00,45,00,01,00,4c,00,65,00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,00,72,\
    00,69,00,67,00,68,00,74,00,00,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,\
    68,00,74,00,20,00,28,00,63,00,29,00,20,00,31,00,39,00,39,00,31,00,2d,00,31,\
    00,39,00,39,00,10,00,00,00,00,00,00,00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.dll]
    "CheckAppHelp"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divxdec.ax]
    "CheckAppHelp"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DJSMAR00.dll]
    "CheckAppHelp"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRMINST.dll]
    "CheckAppHelp"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE]
    "DisableHeapLookAside"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncodeDivXExt.dll]
    "CheckAppHelp"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncryptPatchVer.dll]
    "CheckAppHelp"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe]
    "ApplicationGoo"=hex:54,09,00,00,54,02,00,00,00,02,00,00,8c,03,34,00,00,00,56,\
    00,53,00,5f,00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,\
    46,00,4f,00,00,00,00,00,bd,04,ef,fe,00,00,01,00,02,00,a8,11,2e,04,00,00,02,\
    00,a8,11,2e,04,00,00,3f,00,00,00,20,00,00,00,04,00,00,00,01,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,ec,02,00,00,01,00,53,00,74,00,72,00,69,00,6e,\
    00,67,00,46,00,69,00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,c8,02,00,00,\
    01,00,30,00,30,00,30,00,30,00,30,00,34,00,62,00,30,00,00,00,38,00,10,00,01,\
    00,43,00,6f,00,6d,00,6d,00,65,00,6e,00,74,00,73,00,00,00,4f,00,72,00,69,00,\
    67,00,6e,00,61,00,6c,00,20,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,\
    00,42,00,11,00,01,00,43,00,6f,00,6d,00,70,00,61,00,6e,00,79,00,4e,00,61,00,\
    6d,00,65,00,00,00,00,00,53,00,41,00,50,00,20,00,41,00,47,00,2c,00,20,00,57,\
    00,61,00,6c,00,6c,00,64,00,6f,00,72,00,66,00,00,00,00,00,5a,00,19,00,01,00,\
    46,00,69,00,6c,00,65,00,44,00,65,00,73,00,63,00,72,00,69,00,70,00,74,00,69,\
    00,6f,00,6e,00,00,00,00,00,53,00,41,00,50,00,20,00,46,00,72,00,6f,00,6e,00,\
    74,00,65,00,6e,00,64,00,20,00,66,00,6f,00,72,00,20,00,57,00,69,00,6e,00,64,\
    00,6f,00,77,00,73,00,00,00,00,00,3c,00,0e,00,01,00,46,00,69,00,6c,00,65,00,\
    56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,00,00,00,34,00,35,00,32,00,30,\
    00,2e,00,32,00,2e,00,30,00,2e,00,31,00,30,00,37,00,30,00,00,00,32,00,09,00,\
    01,00,49,00,6e,00,74,00,65,00,72,00,6e,00,61,00,6c,00,4e,00,61,00,6d,00,65,\
    00,00,00,46,00,45,00,57,00,46,00,52,00,4f,00,4e,00,54,00,00,00,00,00,7a,00,\
    2b,00,01,00,4c,00,65,00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,00,72,00,69,\
    00,67,00,68,00,02,00,00,00,00,00,00,00,01,00,00,00,4c,00,00,00,3c,fd,06,00,\
    04,00,00,00,00,00,00,00,65,05,00,00,02,00,00,00,03,00,00,00,00,00,01,00,53,\
    00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,61,00,63,00,6b,00,20,00,\
    33,00,00,00,23,00,54,02,00,00,00,02,00,00,8c,03,34,00,00,00,56,00,53,00,5f,\
    00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,46,00,4f,00,\
    00,00,00,00,bd,04,ef,fe,00,00,01,00,03,00,9e,11,26,04,00,00,03,00,9e,11,26,\
    04,00,00,3f,00,00,00,20,00,00,00,04,00,00,00,01,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,ec,02,00,00,01,00,53,00,74,00,72,00,69,00,6e,00,67,00,46,\
    00,69,00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,c8,02,00,00,01,00,30,00,\
    30,00,30,00,30,00,30,00,34,00,62,00,30,00,00,00,38,00,10,00,01,00,43,00,6f,\
    00,6d,00,6d,00,65,00,6e,00,74,00,73,00,00,00,4f,00,72,00,69,00,67,00,6e,00,\
    61,00,6c,00,20,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,00,42,00,11,\
    00,01,00,43,00,6f,00,6d,00,70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,\
    00,00,00,00,53,00,41,00,50,00,20,00,41,00,47,00,2c,00,20,00,57,00,61,00,6c,\
    00,6c,00,64,00,6f,00,72,00,66,00,00,00,00,00,5a,00,19,00,01,00,46,00,69,00,\
    6c,00,65,00,44,00,65,00,73,00,63,00,72,00,69,00,70,00,74,00,69,00,6f,00,6e,\
    00,00,00,00,00,53,00,41,00,50,00,20,00,46,00,72,00,6f,00,6e,00,74,00,65,00,\
    6e,00,64,00,20,00,66,00,6f,00,72,00,20,00,57,00,69,00,6e,00,64,00,6f,00,77,\
    00,73,00,00,00,00,00,3c,00,0e,00,01,00,46,00,69,00,6c,00,65,00,56,00,65,00,\
    72,00,73,00,69,00,6f,00,6e,00,00,00,00,00,34,00,35,00,31,00,30,00,2e,00,33,\
    00,2e,00,30,00,2e,00,31,00,30,00,36,00,32,00,00,00,32,00,09,00,01,00,49,00,\
    6e,00,74,00,65,00,72,00,6e,00,61,00,6c,00,4e,00,61,00,6d,00,65,00,00,00,46,\
    00,45,00,57,00,46,00,52,00,4f,00,4e,00,54,00,00,00,00,00,7a,00,2b,00,01,00,\
    4c,00,65,00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,\
    00,02,00,00,00,00,00,00,00,01,00,00,00,4c,00,00,00,3c,fd,06,00,04,00,00,00,\
    00,00,00,00,65,05,00,00,02,00,00,00,03,00,00,00,00,00,01,00,53,00,65,00,72,\
    00,76,00,69,00,63,00,65,00,20,00,50,00,61,00,63,00,6b,00,20,00,33,00,00,00,\
    23,00,54,02,00,00,00,02,00,00,20,03,34,00,00,00,56,00,53,00,5f,00,56,00,45,\
    00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,46,00,4f,00,00,00,00,00,\
    bd,04,ef,fe,00,00,01,00,00,00,04,00,f0,03,00,00,00,00,04,00,f0,03,00,00,3f,\
    00,00,00,00,00,00,00,04,00,01,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,7e,02,00,00,01,00,53,00,74,00,72,00,69,00,6e,00,67,00,46,00,69,00,6c,\
    00,65,00,49,00,6e,00,66,00,6f,00,00,00,5a,02,00,00,01,00,30,00,34,00,30,00,\
    39,00,30,00,34,00,45,00,34,00,00,00,2e,00,07,00,01,00,43,00,6f,00,6d,00,70,\
    00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00,00,00,53,00,41,00,50,00,\
    20,00,41,00,47,00,00,00,00,00,5a,00,19,00,01,00,46,00,69,00,6c,00,65,00,44,\
    00,65,00,73,00,63,00,72,00,69,00,70,00,74,00,69,00,6f,00,6e,00,00,00,00,00,\
    53,00,41,00,50,00,20,00,46,00,72,00,6f,00,6e,00,74,00,65,00,6e,00,64,00,20,\
    00,66,00,6f,00,72,00,20,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,00,00,\
    00,00,36,00,0b,00,01,00,46,00,69,00,6c,00,65,00,56,00,65,00,72,00,73,00,69,\
    00,6f,00,6e,00,00,00,00,00,34,00,2e,00,30,00,2e,00,30,00,2e,00,31,00,30,00,\
    30,00,38,00,00,00,00,00,2c,00,06,00,01,00,49,00,6e,00,74,00,65,00,72,00,6e,\
    00,61,00,6c,00,4e,00,61,00,6d,00,65,00,00,00,46,00,52,00,4f,00,4e,00,54,00,\
    00,00,5e,00,1d,00,01,00,4c,00,65,00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,\
    00,72,00,69,00,67,00,68,00,74,00,00,00,43,00,6f,00,70,00,79,00,72,00,69,00,\
    67,00,68,00,74,00,20,00,a9,00,20,00,31,00,39,00,39,00,33,00,2d,00,31,00,39,\
    00,39,00,37,00,20,00,53,00,41,00,50,00,20,00,41,00,47,00,00,00,00,00,28,00,\
    00,00,01,00,4c,00,65,00,67,00,61,00,6c,00,54,00,72,00,61,00,64,00,02,00,00,\
    00,00,00,00,00,01,00,00,00,4c,00,00,00,3c,fd,06,00,04,00,00,00,00,00,00,00,\
    65,05,00,00,02,00,00,00,03,00,00,00,00,00,01,00,53,00,65,00,72,00,76,00,69,\
    00,63,00,65,00,20,00,50,00,61,00,63,00,6b,00,20,00,33,00,00,00,23,00,54,02,\
    00,00,00,02,00,00,18,03,34,00,00,00,56,00,53,00,5f,00,56,00,45,00,52,00,53,\
    00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,46,00,4f,00,00,00,00,00,bd,04,ef,fe,\
    00,00,01,00,00,00,04,00,dd,03,00,00,00,00,04,00,dd,03,00,00,3f,00,00,00,00,\
    00,00,00,04,00,01,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,78,02,\
    00,00,01,00,53,00,74,00,72,00,69,00,6e,00,67,00,46,00,69,00,6c,00,65,00,49,\
    00,6e,00,66,00,6f,00,00,00,54,02,00,00,01,00,30,00,34,00,30,00,39,00,30,00,\
    34,00,45,00,34,00,00,00,2e,00,07,00,01,00,43,00,6f,00,6d,00,70,00,61,00,6e,\
    00,79,00,4e,00,61,00,6d,00,65,00,00,00,00,00,53,00,41,00,50,00,20,00,41,00,\
    47,00,00,00,00,00,5a,00,19,00,01,00,46,00,69,00,6c,00,65,00,44,00,65,00,73,\
    00,63,00,72,00,69,00,70,00,74,00,69,00,6f,00,6e,00,00,00,00,00,53,00,41,00,\
    50,00,20,00,46,00,72,00,6f,00,6e,00,74,00,65,00,6e,00,64,00,20,00,66,00,6f,\
    00,72,00,20,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,00,00,00,00,34,00,\
    0a,00,01,00,46,00,69,00,6c,00,65,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e,\
    00,00,00,00,00,34,00,2e,00,30,00,2e,00,30,00,2e,00,39,00,38,00,39,00,00,00,\
    2c,00,06,00,01,00,49,00,6e,00,74,00,65,00,72,00,6e,00,61,00,6c,00,4e,00,61,\
    00,6d,00,65,00,00,00,46,00,52,00,4f,00,4e,00,54,00,00,00,5e,00,1d,00,01,00,\
    4c,00,65,00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,\
    00,74,00,00,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,00,74,00,20,00,\
    a9,00,20,00,31,00,39,00,39,00,33,00,2d,00,31,00,39,00,39,00,37,00,20,00,53,\
    00,41,00,50,00,20,00,41,00,47,00,00,00,00,00,28,00,00,00,01,00,4c,00,65,00,\
    67,00,61,00,6c,00,54,00,72,00,61,00,64,00,65,00,6d,00,02,00,00,00,00,00,00,\
    00,01,00,00,00,4c,00,00,00,3c,fd,06,00,04,00,00,00,00,00,00,00,65,05,00,00,\
    02,00,00,00,03,00,00,00,00,00,01,00,53,00,65,00,72,00,76,00,69,00,63,00,65,\
    00,20,00,50,00,61,00,63,00,6b,00,20,00,33,00,00,00,23,00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fullsoft.dll]
    "CheckAppHelp"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBROWSER.DLL]
    "CheckAppHelp"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmarq.ocx]
    "CheckAppHelp"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmm.ocx]
    "CheckAppHelp"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe]
    "ApplicationGoo"=hex:58,02,00,00,54,02,00,00,00,02,00,00,6c,07,34,00,00,00,56,\
    00,53,00,5f,00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,\
    46,00,4f,00,00,00,00,00,bd,04,ef,fe,00,00,01,00,05,00,05,00,07,00,a8,07,05,\
    00,05,00,07,00,a8,07,3f,00,00,00,00,00,00,00,04,00,04,00,01,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,cc,06,00,00,01,00,53,00,74,00,72,00,69,00,6e,\
    00,67,00,46,00,69,00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,54,03,00,00,\
    01,00,30,00,34,00,30,00,39,00,30,00,34,00,42,00,30,00,00,00,18,00,00,00,01,\
    00,43,00,6f,00,6d,00,6d,00,65,00,6e,00,74,00,73,00,00,00,4c,00,16,00,01,00,\
    43,00,6f,00,6d,00,70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00,00,\
    00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,43,00,6f,00,\
    72,00,70,00,6f,00,72,00,61,00,74,00,69,00,6f,00,6e,00,00,00,68,00,20,00,01,\
    00,46,00,69,00,6c,00,65,00,44,00,65,00,73,00,63,00,72,00,69,00,70,00,74,00,\
    69,00,6f,00,6e,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,\
    00,74,00,20,00,45,00,78,00,63,00,68,00,61,00,6e,00,67,00,65,00,20,00,53,00,\
    65,00,72,00,76,00,65,00,72,00,20,00,53,00,65,00,74,00,75,00,70,00,00,00,36,\
    00,0b,00,01,00,46,00,69,00,6c,00,65,00,56,00,65,00,72,00,73,00,69,00,6f,00,\
    6e,00,00,00,00,00,35,00,2e,00,35,00,2e,00,31,00,39,00,36,00,30,00,2e,00,37,\
    00,00,00,00,00,2c,00,06,00,01,00,49,00,6e,00,74,00,65,00,72,00,6e,00,61,00,\
    6c,00,4e,00,61,00,6d,00,65,00,00,00,53,00,65,00,74,00,75,00,70,00,00,00,9c,\
    00,3c,00,01,00,4c,00,65,00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,00,72,00,\
    69,00,67,00,68,00,74,00,00,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,\
    00,74,00,20,00,02,00,00,00,00,00,00,00,01,00,00,00,4c,00,00,00,3c,fd,06,00,\
    05,00,00,00,00,00,00,00,65,05,00,00,02,00,00,00,03,00,00,00,02,00,00,00,53,\
    00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,61,00,63,00,6b,00,20,00,\
    34,00,00,00,23,00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishscan.dll]
    "CheckAppHelp"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISSTE.dll]
    "CheckAppHelp"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\javai.dll]
    "CheckAppHelp"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm.dll]
    "CheckAppHelp"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm_g.dll]
    "CheckAppHelp"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\main123w.dll]
    "CheckAppHelp"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe]
    "ApplicationGoo"=hex:58,02,00,00,54,02,00,00,00,02,00,00,44,02,34,00,00,00,56,\
    00,53,00,5f,00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,\
    46,00,4f,00,00,00,00,00,bd,04,ef,fe,00,00,01,00,01,00,01,00,0c,00,00,00,01,\
    00,01,00,0c,00,00,00,00,00,00,00,00,00,00,00,04,00,00,00,01,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,44,00,00,00,00,00,56,00,61,00,72,00,46,00,69,\
    00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,00,00,24,00,04,00,00,00,54,00,\
    72,00,61,00,6e,00,73,00,6c,00,61,00,74,00,69,00,6f,00,6e,00,00,00,00,00,09,\
    04,b0,04,a4,01,00,00,01,00,53,00,74,00,72,00,69,00,6e,00,67,00,46,00,69,00,\
    6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,80,01,00,00,01,00,30,00,34,00,30,\
    00,39,00,30,00,34,00,42,00,30,00,00,00,40,00,20,00,01,00,43,00,6f,00,6d,00,\
    70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00,00,00,44,00,65,00,4c,\
    00,6f,00,72,00,6d,00,65,00,20,00,4d,00,61,00,70,00,70,00,69,00,6e,00,67,00,\
    00,00,44,00,22,00,01,00,50,00,72,00,6f,00,64,00,75,00,63,00,74,00,4e,00,61,\
    00,6d,00,65,00,00,00,00,00,52,00,65,00,67,00,20,00,28,00,44,00,4c,00,69,00,\
    62,00,62,00,79,00,5c,00,6d,00,73,00,66,00,29,00,00,00,00,00,34,00,14,00,01,\
    00,46,00,69,00,6c,00,65,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,00,\
    00,00,31,00,2e,00,30,00,31,00,2e,00,30,00,30,00,31,00,32,00,00,00,38,00,14,\
    00,01,00,50,00,72,00,6f,00,64,00,75,00,63,00,74,00,56,00,65,00,72,00,73,00,\
    69,00,6f,00,6e,00,00,00,31,00,2e,00,30,00,31,00,2e,00,30,00,30,00,31,00,32,\
    00,00,00,34,00,12,00,01,00,49,00,6e,00,74,00,65,00,72,00,6e,00,61,00,6c,00,\
    4e,00,61,00,6d,00,65,00,00,00,4d,00,4e,00,47,00,52,00,45,00,47,00,33,00,32,\
    00,00,00,00,00,02,00,00,00,00,00,00,00,01,00,00,00,4c,00,00,00,3c,fd,06,00,\
    04,00,00,00,00,00,00,00,65,05,00,00,02,00,00,00,03,00,00,00,00,00,01,00,53,\
    00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,61,00,63,00,6b,00,20,00,\
    33,00,00,00,23,00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msci_uno.dll]
    "CheckAppHelp"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll]
    "CheckAppHelp"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvr.dll]
    "CheckAppHelp"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll]
    "CheckAppHelp"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msjava.dll]
    "CheckAppHelp"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mso.dll]
    "CheckAppHelp"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVOPTRF.dll]
    "CheckAppHelp"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeVideoFX.dll]
    "CheckAppHelp"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPMLIC.dll]
    "CheckAppHelp"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSWSTE.dll]
    "CheckAppHelp"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE]
    "GlobalFlag"="0x00200000"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMSTE.dll]
    "CheckAppHelp"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppw32hlp.dll]
    "CheckAppHelp"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE]
    "GlobalFlag"="0x00200000"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE]
    "DisableHeapLookAside"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE]
    "DisableHeapLookAside"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe]
    "ApplicationGoo"=hex:14,02,00,00,10,02,00,00,00,02,00,00,b4,02,34,00,00,00,56,\
    00,53,00,5f,00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,\
    46,00,4f,00,00,00,00,00,bd,04,ef,fe,00,00,01,00,35,00,07,00,00,00,00,00,35,\
    00,07,00,00,00,00,00,3f,00,00,00,00,00,00,00,04,00,00,00,01,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,12,02,00,00,01,00,53,00,74,00,72,00,69,00,6e,\
    00,67,00,46,00,69,00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,ee,01,00,00,\
    01,00,30,00,34,00,30,00,39,00,30,00,34,00,62,00,30,00,00,00,42,00,11,00,01,\
    00,43,00,6f,00,6d,00,70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00,\
    00,00,50,00,65,00,6f,00,70,00,6c,00,65,00,53,00,6f,00,66,00,74,00,2c,00,20,\
    00,49,00,6e,00,63,00,2e,00,00,00,00,00,28,00,00,00,01,00,46,00,69,00,6c,00,\
    65,00,44,00,65,00,73,00,63,00,72,00,69,00,70,00,74,00,69,00,6f,00,6e,00,00,\
    00,00,00,2a,00,05,00,01,00,46,00,69,00,6c,00,65,00,56,00,65,00,72,00,73,00,\
    69,00,6f,00,6e,00,00,00,00,00,37,00,2e,00,35,00,33,00,00,00,00,00,9c,00,3c,\
    00,01,00,4c,00,65,00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,00,72,00,69,00,\
    67,00,68,00,74,00,00,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,00,74,\
    00,20,00,a9,00,20,00,31,00,39,00,38,00,38,00,2d,00,31,00,39,00,39,00,38,00,\
    20,00,50,00,65,00,6f,00,70,00,6c,00,65,00,53,00,6f,00,66,00,74,00,2c,00,20,\
    00,49,00,6e,00,63,00,2e,00,20,00,20,00,41,00,6c,00,6c,00,20,00,52,00,69,00,\
    67,00,68,00,74,00,73,00,20,00,52,00,65,00,73,00,65,00,72,00,76,00,65,00,64,\
    00,00,00,3c,00,0a,00,01,00,4f,00,72,00,69,00,67,00,69,00,6e,00,61,00,6c,00,\
    46,00,69,00,6c,00,65,00,6e,00,61,00,6d,00,65,00,00,00,70,00,73,00,64,00,6d,\
    00,74,00,2e,00,10,00,00,00,00,00,00,00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qfinder.EXE]
    "DisableHeapLookAside"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE]
    "DisableHeapLookAside"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\salwrap.dll]
    "CheckAppHelp"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe]
    "ApplicationGoo"=hex:00,07,00,00,54,02,00,00,00,02,00,00,84,07,34,00,00,00,56,\
    00,53,00,5f,00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,\
    46,00,4f,00,00,00,00,00,bd,04,ef,fe,00,00,01,00,05,00,05,00,07,00,a8,07,05,\
    00,05,00,07,00,a8,07,3f,00,00,00,00,00,00,00,04,00,04,00,01,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,e4,06,00,00,01,00,53,00,74,00,72,00,69,00,6e,\
    00,67,00,46,00,69,00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,60,03,00,00,\
    01,00,30,00,34,00,30,00,39,00,30,00,34,00,42,00,30,00,00,00,18,00,00,00,01,\
    00,43,00,6f,00,6d,00,6d,00,65,00,6e,00,74,00,73,00,00,00,4c,00,16,00,01,00,\
    43,00,6f,00,6d,00,70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00,00,\
    00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,43,00,6f,00,\
    72,00,70,00,6f,00,72,00,61,00,74,00,69,00,6f,00,6e,00,00,00,68,00,20,00,01,\
    00,46,00,69,00,6c,00,65,00,44,00,65,00,73,00,63,00,72,00,69,00,70,00,74,00,\
    69,00,6f,00,6e,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,\
    00,74,00,20,00,45,00,78,00,63,00,68,00,61,00,6e,00,67,00,65,00,20,00,53,00,\
    65,00,72,00,76,00,65,00,72,00,20,00,53,00,65,00,74,00,75,00,70,00,00,00,36,\
    00,0b,00,01,00,46,00,69,00,6c,00,65,00,56,00,65,00,72,00,73,00,69,00,6f,00,\
    6e,00,00,00,00,00,35,00,2e,00,35,00,2e,00,31,00,39,00,36,00,30,00,2e,00,37,\
    00,00,00,00,00,2c,00,06,00,01,00,49,00,6e,00,74,00,65,00,72,00,6e,00,61,00,\
    6c,00,4e,00,61,00,6d,00,65,00,00,00,53,00,65,00,74,00,75,00,70,00,00,00,9e,\
    00,3d,00,01,00,4c,00,65,00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,00,72,00,\
    69,00,67,00,68,00,74,00,00,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,\
    00,74,00,20,00,02,00,00,00,00,00,00,00,01,00,00,00,4c,00,00,00,3c,fd,06,00,\
    05,00,00,00,00,00,00,00,65,05,00,00,02,00,00,00,00,00,00,00,00,00,00,00,53,\
    00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,61,00,63,00,6b,00,20,00,\
    33,00,00,00,24,00,54,02,00,00,00,02,00,00,a4,08,34,00,00,00,56,00,53,00,5f,\
    00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,46,00,4f,00,\
    00,00,00,00,bd,04,ef,fe,00,00,01,00,05,00,05,00,07,00,a8,07,05,00,05,00,07,\
    00,a8,07,3f,00,00,00,00,00,00,00,04,00,04,00,01,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,04,08,00,00,01,00,53,00,74,00,72,00,69,00,6e,00,67,00,46,\
    00,69,00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,f0,03,00,00,01,00,30,00,\
    34,00,30,00,39,00,30,00,34,00,42,00,30,00,00,00,18,00,00,00,01,00,43,00,6f,\
    00,6d,00,6d,00,65,00,6e,00,74,00,73,00,00,00,4c,00,16,00,01,00,43,00,6f,00,\
    6d,00,70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00,00,00,4d,00,69,\
    00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,43,00,6f,00,72,00,70,00,\
    6f,00,72,00,61,00,74,00,69,00,6f,00,6e,00,00,00,68,00,20,00,01,00,46,00,69,\
    00,6c,00,65,00,44,00,65,00,73,00,63,00,72,00,69,00,70,00,74,00,69,00,6f,00,\
    6e,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,\
    00,45,00,78,00,63,00,68,00,61,00,6e,00,67,00,65,00,20,00,53,00,65,00,72,00,\
    76,00,65,00,72,00,20,00,53,00,65,00,74,00,75,00,70,00,00,00,36,00,0b,00,01,\
    00,46,00,69,00,6c,00,65,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,00,\
    00,00,35,00,2e,00,35,00,2e,00,31,00,39,00,36,00,30,00,2e,00,37,00,00,00,00,\
    00,2c,00,06,00,01,00,49,00,6e,00,74,00,65,00,72,00,6e,00,61,00,6c,00,4e,00,\
    61,00,6d,00,65,00,00,00,53,00,65,00,74,00,75,00,70,00,00,00,a6,00,41,00,01,\
    00,4c,00,65,00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,\
    68,00,74,00,00,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,00,74,00,20,\
    00,02,00,00,00,00,00,00,00,01,00,00,00,4c,00,00,00,3c,fd,06,00,05,00,00,00,\
    00,00,00,00,65,05,00,00,02,00,00,00,00,00,00,00,00,00,00,00,53,00,65,00,72,\
    00,76,00,69,00,63,00,65,00,20,00,50,00,61,00,63,00,6b,00,20,00,33,00,00,00,\
    24,00,54,02,00,00,00,02,00,00,18,04,34,00,00,00,56,00,53,00,5f,00,56,00,45,\
    00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,46,00,4f,00,00,00,00,00,\
    bd,04,ef,fe,00,00,01,00,05,00,05,00,07,00,a8,07,05,00,05,00,07,00,a8,07,3f,\
    00,00,00,00,00,00,00,04,00,04,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,78,03,00,00,01,00,53,00,74,00,72,00,69,00,6e,00,67,00,46,00,69,00,6c,\
    00,65,00,49,00,6e,00,66,00,6f,00,00,00,54,03,00,00,01,00,30,00,34,00,30,00,\
    39,00,30,00,34,00,42,00,30,00,00,00,18,00,00,00,01,00,43,00,6f,00,6d,00,6d,\
    00,65,00,6e,00,74,00,73,00,00,00,4c,00,16,00,01,00,43,00,6f,00,6d,00,70,00,\
    61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00,00,00,4d,00,69,00,63,00,72,\
    00,6f,00,73,00,6f,00,66,00,74,00,20,00,43,00,6f,00,72,00,70,00,6f,00,72,00,\
    61,00,74,00,69,00,6f,00,6e,00,00,00,68,00,20,00,01,00,46,00,69,00,6c,00,65,\
    00,44,00,65,00,73,00,63,00,72,00,69,00,70,00,74,00,69,00,6f,00,6e,00,00,00,\
    00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,45,00,78,\
    00,63,00,68,00,61,00,6e,00,67,00,65,00,20,00,53,00,65,00,72,00,76,00,65,00,\
    72,00,20,00,53,00,65,00,74,00,75,00,70,00,00,00,36,00,0b,00,01,00,46,00,69,\
    00,6c,00,65,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,00,00,00,35,00,\
    2e,00,35,00,2e,00,31,00,39,00,36,00,30,00,2e,00,37,00,00,00,00,00,2c,00,06,\
    00,01,00,49,00,6e,00,74,00,65,00,72,00,6e,00,61,00,6c,00,4e,00,61,00,6d,00,\
    65,00,00,00,53,00,65,00,74,00,75,00,70,00,00,00,9a,00,3b,00,01,00,4c,00,65,\
    00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,00,74,00,\
    00,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,00,74,00,20,00,02,00,00,\
    00,00,00,00,00,01,00,00,00,4c,00,00,00,3c,fd,06,00,05,00,00,00,00,00,00,00,\
    65,05,00,00,02,00,00,00,00,00,00,00,00,00,00,00,53,00,65,00,72,00,76,00,69,\
    00,63,00,65,00,20,00,50,00,61,00,63,00,6b,00,20,00,33,00,00,00,24,00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll]
    "ApplicationGoo"=hex:14,02,00,00,10,02,00,00,00,02,00,00,04,03,34,00,00,00,56,\
    00,53,00,5f,00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,\
    46,00,4f,00,00,00,00,00,bd,04,ef,fe,00,00,01,00,1c,00,08,00,00,00,00,00,00,\
    00,08,00,00,00,00,00,3f,00,00,00,00,00,00,00,04,00,00,00,01,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,64,02,00,00,01,00,53,00,74,00,72,00,69,00,6e,\
    00,67,00,46,00,69,00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,40,02,00,00,\
    01,00,30,00,34,00,30,00,39,00,30,00,34,00,62,00,30,00,00,00,44,00,12,00,01,\
    00,43,00,6f,00,6d,00,70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00,\
    00,00,43,00,6f,00,72,00,65,00,6c,00,20,00,43,00,6f,00,72,00,70,00,6f,00,72,\
    00,61,00,74,00,69,00,6f,00,6e,00,00,00,4e,00,13,00,01,00,46,00,69,00,6c,00,\
    65,00,44,00,65,00,73,00,63,00,72,00,69,00,70,00,74,00,69,00,6f,00,6e,00,00,\
    00,00,00,43,00,6f,00,72,00,65,00,6c,00,20,00,53,00,65,00,74,00,75,00,70,00,\
    20,00,57,00,69,00,7a,00,61,00,72,00,64,00,00,00,00,00,2c,00,06,00,01,00,46,\
    00,69,00,6c,00,65,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,00,00,00,\
    38,00,2e,00,30,00,32,00,38,00,00,00,46,00,13,00,01,00,49,00,6e,00,74,00,65,\
    00,72,00,6e,00,61,00,6c,00,4e,00,61,00,6d,00,65,00,00,00,43,00,6f,00,72,00,\
    65,00,6c,00,20,00,53,00,65,00,74,00,75,00,70,00,20,00,57,00,69,00,7a,00,61,\
    00,72,00,64,00,00,00,00,00,6c,00,24,00,01,00,4c,00,65,00,67,00,61,00,6c,00,\
    43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,00,74,00,00,00,43,00,6f,00,70,\
    00,79,00,72,00,69,00,67,00,68,00,74,00,20,00,a9,00,20,00,31,00,39,00,39,00,\
    37,00,2c,00,20,00,43,00,6f,00,72,00,65,00,6c,00,20,00,43,00,6f,00,72,00,70,\
    00,6f,00,72,00,08,00,00,00,00,00,00,00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sevinst.exe]
    "ApplicationGoo"=hex:14,02,00,00,10,02,00,00,00,02,00,00,38,03,34,00,00,00,56,\
    00,53,00,5f,00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,\
    46,00,4f,00,00,00,00,00,bd,04,ef,fe,00,00,01,00,02,00,0a,00,01,00,0a,00,02,\
    00,0a,00,01,00,0a,00,00,00,00,00,00,00,00,00,04,00,01,00,01,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,98,02,00,00,01,00,53,00,74,00,72,00,69,00,6e,\
    00,67,00,46,00,69,00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,74,02,00,00,\
    01,00,30,00,34,00,30,00,39,00,30,00,34,00,45,00,34,00,00,00,4a,00,15,00,01,\
    00,43,00,6f,00,6d,00,70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00,\
    00,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,20,00,43,00,6f,00,72,\
    00,70,00,6f,00,72,00,61,00,74,00,69,00,6f,00,6e,00,00,00,00,00,60,00,1c,00,\
    01,00,46,00,69,00,6c,00,65,00,44,00,65,00,73,00,63,00,72,00,69,00,70,00,74,\
    00,69,00,6f,00,6e,00,00,00,00,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,\
    63,00,20,00,53,00,79,00,6d,00,65,00,76,00,65,00,6e,00,74,00,20,00,49,00,6e,\
    00,73,00,74,00,61,00,6c,00,6c,00,65,00,72,00,00,00,34,00,0a,00,01,00,46,00,\
    69,00,6c,00,65,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,00,00,00,31,\
    00,30,00,2e,00,32,00,2e,00,31,00,30,00,2e,00,31,00,00,00,30,00,08,00,01,00,\
    49,00,6e,00,74,00,65,00,72,00,6e,00,61,00,6c,00,4e,00,61,00,6d,00,65,00,00,\
    00,53,00,45,00,56,00,49,00,4e,00,53,00,54,00,00,00,7e,00,2d,00,01,00,4c,00,\
    65,00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,00,74,\
    00,00,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,00,74,00,20,00,28,00,\
    43,00,29,00,20,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,20,00,43,\
    00,6f,00,72,00,01,00,00,00,00,00,00,00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcnet.dll]
    "CheckAppHelp"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcore_ebook.dll]
    "CheckAppHelp"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFDTCTT8.DLL]
    "CheckAppHelp"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE]
    "DisableHeapLookAside"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udtapi.dll]
    "CheckAppHelp"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ums.dll]
    "CheckAppHelp"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb40032.dll]
    "CheckAppHelp"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbe6.dll]
    "CheckAppHelp"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE]
    "DisableHeapLookAside"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xlmlEN.dll]
    "CheckAppHelp"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE]
    "ApplicationGoo"=hex:14,02,00,00,10,02,00,00,00,02,00,00,7c,03,34,00,00,00,56,\
    00,53,00,5f,00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,\
    46,00,4f,00,00,00,00,00,bd,04,ef,fe,00,00,01,00,00,00,01,00,09,00,26,00,00,\
    00,01,00,09,00,26,00,3f,00,00,00,00,00,00,00,04,00,00,00,01,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,dc,02,00,00,01,00,53,00,74,00,72,00,69,00,6e,\
    00,67,00,46,00,69,00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,b8,02,00,00,\
    01,00,30,00,34,00,30,00,39,00,30,00,34,00,62,00,30,00,00,00,66,00,27,00,01,\
    00,43,00,6f,00,6d,00,6d,00,65,00,6e,00,74,00,73,00,00,00,42,00,75,00,73,00,\
    69,00,6e,00,65,00,73,00,73,00,20,00,49,00,6e,00,74,00,65,00,6c,00,6c,00,69,\
    00,67,00,65,00,6e,00,63,00,65,00,20,00,6f,00,6e,00,20,00,45,00,76,00,65,00,\
    72,00,79,00,20,00,44,00,65,00,73,00,6b,00,74,00,6f,00,70,00,00,00,00,00,48,\
    00,14,00,01,00,43,00,6f,00,6d,00,70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,\
    65,00,00,00,00,00,43,00,6f,00,67,00,6e,00,6f,00,73,00,20,00,49,00,6e,00,63,\
    00,6f,00,72,00,70,00,6f,00,72,00,61,00,74,00,65,00,64,00,00,00,60,00,1c,00,\
    01,00,46,00,69,00,6c,00,65,00,44,00,65,00,73,00,63,00,72,00,69,00,70,00,74,\
    00,69,00,6f,00,6e,00,00,00,00,00,43,00,6f,00,67,00,6e,00,6f,00,73,00,20,00,\
    47,00,65,00,6e,00,65,00,72,00,69,00,63,00,20,00,49,00,6e,00,73,00,74,00,61,\
    00,6c,00,6c,00,61,00,74,00,69,00,6f,00,6e,00,00,00,38,00,0c,00,01,00,46,00,\
    69,00,6c,00,65,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,00,00,00,31,\
    00,2c,00,20,00,30,00,2c,00,20,00,33,00,38,00,2c,00,20,00,39,00,00,00,30,00,\
    08,00,01,00,49,00,6e,00,74,00,65,00,72,00,6e,00,61,00,6c,00,4e,00,61,00,6d,\
    00,65,00,00,00,01,00,00,00,00,00,00,00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path]
    "Debugger"="ntsd -d"
    "GlobalFlag"="0x000010F0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE]
    "ApplicationGoo"=hex:14,02,00,00,10,02,00,00,00,02,00,00,a4,02,34,00,00,00,56,\
    00,53,00,5f,00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,\
    46,00,4f,00,00,00,00,00,bd,04,ef,fe,00,00,01,00,00,00,01,00,01,00,00,00,00,\
    00,01,00,01,00,00,00,3f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,04,02,00,00,01,00,53,00,74,00,72,00,69,00,6e,\
    00,67,00,46,00,69,00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,e0,01,00,00,\
    01,00,30,00,34,00,30,00,39,00,30,00,34,00,45,00,34,00,00,00,20,00,00,00,01,\
    00,43,00,6f,00,6d,00,70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00,\
    00,00,58,00,18,00,01,00,46,00,69,00,6c,00,65,00,44,00,65,00,73,00,63,00,72,\
    00,69,00,70,00,74,00,69,00,6f,00,6e,00,00,00,00,00,49,00,4e,00,53,00,54,00,\
    41,00,4c,00,4c,00,20,00,4d,00,46,00,43,00,20,00,41,00,70,00,70,00,6c,00,69,\
    00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,30,00,08,00,01,00,46,00,69,00,\
    6c,00,65,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,00,00,00,31,00,2e,\
    00,30,00,2e,00,30,00,30,00,31,00,00,00,30,00,08,00,01,00,49,00,6e,00,74,00,\
    65,00,72,00,6e,00,61,00,6c,00,4e,00,61,00,6d,00,65,00,00,00,49,00,4e,00,53,\
    00,54,00,41,00,4c,00,4c,00,00,00,24,00,00,00,01,00,4c,00,65,00,67,00,61,00,\
    6c,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,00,74,00,00,00,28,00,00,\
    00,01,00,4c,00,65,00,67,00,61,00,6c,00,54,00,72,00,61,00,64,00,65,00,6d,00,\
    61,00,72,00,6b,00,73,00,00,00,00,00,40,00,0c,00,01,00,4f,00,72,00,69,00,67,\
    00,69,00,6e,00,61,00,6c,00,46,00,69,00,6c,00,65,00,6e,00,61,00,6d,00,65,00,\
    00,00,49,00,4e,00,53,00,54,00,41,00,4c,00,4c,00,2e,00,45,00,58,00,45,00,00,\
    00,30,00,08,00,08,00,00,00,00,00,00,00
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,650
    Please run DDS again and post both logs.
     
  11. Ciera2455

    Ciera2455 Thread Starter

    Joined:
    Oct 14, 2002
    Messages:
    41
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_33
    Run by Mary Jo at 13:08:53 on 2012-07-30
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1203 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    FW: COMODO Firewall Pro *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
    C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\DSentry.exe
    C:\WINDOWS\Logi_MwX.Exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\lexpps.exe
    C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe
    C:\Documents and Settings\Mary Jo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Mary Jo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Mary Jo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Mary Jo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Documents and Settings\Mary Jo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Mary Jo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Mary Jo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.comcast.net/a/
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    mWindow Title = Windows Internet Explorer provided by Comcast
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?p=%s
    uURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes0411.dll
    uRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide
    uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
    uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
    mRun: [DVDSentry] c:\windows\system32\DSentry.exe
    mRun: [Logitech Utility] Logi_MwX.Exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
    mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    mPolicies-explorer: <NO NAME> =
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
    IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: sumtotalsystems.com\allstate
    DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: Yahoo! Backgammon - hxxp://download.games.yahoo.com/games/clients/y/at1_x.cab
    DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - hxxp://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
    DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - hxxp://housecall60.trendmicro.com/housecall/xscan60.cab
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
    DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
    DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
    DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://download.yahoo.com/dl/installs/yinst0401.cab
    DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
    DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
    DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {A8658086-E6AC-4957-BC8E-8D54A7E8A790} - hxxp://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB
    DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
    DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
    DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://69.129.103.82:8000/activex/AMC.cab
    DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} - hxxp://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{99B2922A-F756-441F-AD63-68DAAE86535E} : DhcpNameServer = 75.75.75.75 75.75.76.76
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\mary jo\application data\mozilla\firefox\profiles\aapazohb.default\
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/
    FF - plugin: c:\documents and settings\mary jo\application data\facebook\npfbplugin_1_0_1.dll
    FF - plugin: c:\documents and settings\mary jo\application data\facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\documents and settings\mary jo\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
    FF - plugin: c:\program files\musicnotes\npmusicn.dll
    FF - plugin: c:\program files\musicnotes\NPSibelius.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
    FF - plugin: c:\windows\system32\npdeployJava1.dll
    FF - plugin: c:\windows\system32\NPPLG90N.DLL
    FF - plugin: c:\windows\system32\npptools.dll
    FF - plugin: c:\windows\system32\npwmsdrm.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 171064]
    R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-3-16 616408]
    R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2011-5-6 1085440]
    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-26 189736]
    R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
    S1 areawcjv;areawcjv;\??\c:\windows\system32\drivers\areawcjv.sys --> c:\windows\system32\drivers\areawcjv.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 USBDriver;RCA CDS1000 640x480 Driver;c:\windows\system32\drivers\cds1000.sys --> c:\windows\system32\drivers\cds1000.sys [?]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-11 250056]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-3 113120]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
    .
    =============== Created Last 30 ================
    .
    2012-07-29 15:21:49 6891424 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e03009aa-b72c-42c9-8db6-54cc8fa091a9}\mpengine.dll
    2012-07-27 18:07:45 6891424 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2012-07-27 05:30:08 9821896 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
    2012-07-18 07:22:04 -------- d-sha-r- C:\cmdcons
    2012-07-18 07:18:18 98816 ----a-w- c:\windows\sed.exe
    2012-07-18 07:18:18 518144 ----a-w- c:\windows\SWREG.exe
    2012-07-18 07:18:18 256000 ----a-w- c:\windows\PEV.exe
    2012-07-18 07:18:18 208896 ----a-w- c:\windows\MBR.exe
    2012-07-17 22:08:27 1409 ----a-w- c:\windows\QTFont.for
    2012-07-16 16:35:59 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
    2012-07-16 16:35:59 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
    2012-07-16 13:32:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-12 03:45:09 -------- d-----w- c:\program files\SpywareBlaster
    2012-07-10 20:28:00 106496 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll
    .
    ==================== Find3M ====================
    .
    2012-07-27 05:30:56 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-07-27 05:30:54 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-06-22 10:28:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2012-06-22 10:28:32 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-06-22 10:28:31 472840 ----a-w- c:\windows\system32\deployJava1.dll
    2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
    2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
    2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
    2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
    2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
    2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
    2012-06-02 20:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
    2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
    2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
    2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
    2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
    2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 12:32:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2003-08-07 14:25:26 11066953 ------w- c:\program files\Helix_Producer_Basic_9.0.1_Setup.exe
    .
    ============= FINISH: 13:11:49.12 ===============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 5/14/2003 8:58:21 PM
    System Uptime: 7/30/2012 8:44:12 AM (5 hours ago)
    .
    Motherboard: Dell Computer Corp. | | 0G0728
    Processor: Intel(R) Pentium(R) 4 CPU 2.66GHz | Microprocessor | 2660/533mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 112 GiB total, 61.999 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is FIXED (NTFS) - 466 GiB total, 447.667 GiB free.
    G: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP2254: 7/16/2012 10:45:50 PM - Software Distribution Service 3.0
    RP2255: 7/17/2012 9:45:15 PM - Software Distribution Service 3.0
    RP2256: 7/18/2012 11:17:17 PM - Software Distribution Service 3.0
    RP2257: 7/20/2012 9:44:14 AM - Software Distribution Service 3.0
    RP2258: 7/21/2012 10:07:34 AM - Software Distribution Service 3.0
    RP2259: 7/22/2012 2:43:04 PM - System Checkpoint
    RP2260: 7/22/2012 8:38:53 PM - Software Distribution Service 3.0
    RP2261: 7/24/2012 1:49:14 PM - System Checkpoint
    RP2262: 7/25/2012 12:24:39 AM - Software Distribution Service 3.0
    RP2263: 7/26/2012 9:56:41 AM - Software Distribution Service 3.0
    RP2264: 7/27/2012 1:07:22 PM - Software Distribution Service 3.0
    RP2265: 7/28/2012 5:14:22 PM - System Checkpoint
    RP2266: 7/29/2012 10:21:14 AM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    .
    Sansa Media Converter
    3ivx MPEG-4 5.0.3 (remove only)
    Acrobat.com
    Adobe AIR
    Adobe Digital Editions
    Adobe Download Manager
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.3)
    Adobe Shockwave Player 11.6
    Amazon MP3 Downloader 1.0.10
    AnswerWorks 4.0 Runtime - English
    ArcSoft PhotoImpression 5
    ArcSoft PhotoStudio 5.5
    Banctec Service Agreement
    CA Pest Patrol Realtime Protection
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon Camera Window DC_DV 5 for ZoomBrowser EX
    Canon Camera Window DC_DV 6 for ZoomBrowser EX
    Canon Camera Window MC 6 for ZoomBrowser EX
    Canon G.726 WMP-Decoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon RAW Image Task for ZoomBrowser EX
    Canon RemoteCapture Task for ZoomBrowser EX
    Canon Utilities EOS Utility
    Canon Utilities PhotoStitch
    Canon Utilities ZoomBrowser EX
    CCleaner
    CDDRV_Installer
    CK McCormick Creative Clips & fonts
    ClickArt® Fonts 2
    Comcast High-Speed Internet Install Wizard
    Comcast Toolbar 3.0
    Compatibility Pack for the 2007 Office system
    Conexant SmartHSFi V92 56K DF PCI Modem
    Creating Keepsakes Scrapbook Designer
    Critical Update for Windows Media Player 11 (KB959772)
    DAO
    Dell Digital Jukebox Driver
    Dell Picture Studio - Dell Image Expert
    Dell Solution Center
    Dell Support 5.0.0 (766)
    DesignPro 5.0 Media Edition
    Digital Line Detect
    DVDSentry
    EarthLink Free Trial
    Easy CD Creator 5 Basic
    EPSON Print CD
    EPSON Printer Software
    EPSON Stylus Photo R380 User's Guide
    erLT
    Excel 2000 Quattro Pro 7.0 Converter
    exPressit S.E. 2.2
    Facebook Plug-In
    FlipShare
    Google Chrome
    Google Earth
    Google Updater
    Helix Producer Basic 9
    Help and Support Customization
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Image Resizer Powertoy for Windows XP
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet
    Internet Explorer Q903235
    IrfanView (remove only)
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 8
    Java Auto Updater
    Java Web Start
    Java(TM) 6 Update 33
    Java(TM) 6 Update 7
    Learn2 Player (Uninstall Only)
    Lizardtech DjVu Control (autoinstall)
    Logitech Desktop Messenger
    Logitech MouseWare 9.79.1
    Logitech Resource Center
    Malwarebytes Anti-Malware version 1.62.0.1300
    MapSource - Americas BlueChart v4.00
    MediaFACE 4.0
    MediaFACE 4.0 Business Image Library
    MediaFACE 4.0 General Image Library
    MediaFACE 4.0 Lifestyle Image Library
    MediaFACE 4.0 Music Image Library
    MediaFACE 4.0 Special Occasion Image Library
    MediaFACE 4.0 Spiritual Image Library
    Microsoft .NET Framework (English)
    Microsoft .NET Framework (English) v1.0.3705
    Microsoft .NET Framework 1.0 Hotfix (KB928367)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB2656370)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Data Access Components KB870669
    Microsoft FrontPage 2002
    Microsoft Image Composer 1.5
    Microsoft Interactive Training
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Converter Pack
    Microsoft Office File Validation Add-In
    Microsoft Office Professional Edition 2003
    Microsoft Office XP Media Content
    Microsoft Office XP Web Components
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Web Publishing Wizard 1.52
    Modem Helper
    Move Networks Media Player for Internet Explorer
    Mozilla Firefox 13.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB973686)
    Musicnotes Software Suite 1.5.3
    Nero Suite
    NetWaiting
    NOOK for PC
    NVIDIA Display Driver
    NVIDIA Drivers
    OGA Notifier 2.0.0048.0
    PaperPort 8.0 SE
    POINT
    PowerDVD
    QuickTime
    RealPlayer
    Revo Uninstaller 1.91
    Seagate Manager Installer
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB2183461)
    Security Update for Windows Internet Explorer 7 (KB2360131)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 9 (KB911565)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2124261)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2290570)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953155)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB970483)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975254)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976323)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Shockwave
    Sibelius Scorch (ActiveX Only)
    Sound Blaster Live!
    Spelling Dictionaries Support For Adobe Reader 9
    Spybot - Search & Destroy
    SpywareBlaster 4.6
    swMSM
    The Print Shop 20
    The Print Shop Premium Fonts
    TurboTax 2010
    TurboTax 2010 wiliper
    TurboTax 2010 WinPerFedFormset
    TurboTax 2010 WinPerReleaseEngine
    TurboTax 2010 WinPerTaxSupport
    TurboTax 2010 wrapper
    TurboTax 2011
    TurboTax 2011 wiliper
    TurboTax 2011 WinPerFedFormset
    TurboTax 2011 WinPerReleaseEngine
    TurboTax 2011 WinPerTaxSupport
    TurboTax 2011 wrapper
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows Internet Explorer 8 (KB2362765)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Viewpoint Manager (Remove Only)
    Viewpoint Media Player
    Visioneer OneTouch 9320
    Walmart MP3 Music Downloads
    WebFldrs XP
    Windows Defender
    Windows Defender Signatures
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage v1.3.0254.0
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WinZip
    Yahoo! Customizations
    Yahoo! Messenger
    Yahoo! Messenger Explorer Bar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/25/2012 12:10:35 AM, error: Print [19] - Sharing printer failed + 1722, Printer PaperPort Color share name Printer.
    7/24/2012 10:40:23 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.445.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80072efd Error description: A connection with the server could not be established
    7/24/2012 10:32:15 AM, error: Service Control Manager [7031] - The Google Software Updater service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 900000 milliseconds: Restart the service.
    7/24/2012 10:32:15 AM, error: Service Control Manager [7022] - The FlipShare Service service hung on starting.
    7/24/2012 10:30:45 AM, error: Service Control Manager [7001] - The World Wide Web Publishing service depends on the IIS Admin service which failed to start because of the following error: The executable program that this service is configured to run in does not implement the service.
    7/24/2012 10:30:45 AM, error: Service Control Manager [7001] - The Simple Mail Transfer Protocol (SMTP) service depends on the IIS Admin service which failed to start because of the following error: The executable program that this service is configured to run in does not implement the service.
    7/24/2012 10:30:45 AM, error: Service Control Manager [7001] - The FTP Publishing service depends on the IIS Admin service which failed to start because of the following error: The executable program that this service is configured to run in does not implement the service.
    7/24/2012 10:30:45 AM, error: Service Control Manager [7000] - The RCA CDS1000 640x480 Driver service failed to start due to the following error: The system cannot find the file specified.
    7/24/2012 10:30:45 AM, error: Service Control Manager [7000] - The IIS Admin service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
    .
    ==== End Of File ===========================
     
  12. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,650
    Go to Control Panel - Add or Remove Programs and remove these older versions of Java:

    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 8
    Java(TM) 6 Update 7

    and the following as well:
    Viewpoint Manager (Remove Only)
    Viewpoint Media Player


    Open Notepad and copy and paste the text in the code box below into it:

    Code:
    File::
    c:\windows\system32\drivers\areawcjv.sys
    
    Driver::
    areawcjv
    
    DDS::
    uURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
     
    Save the file to your desktop and name it CFScript.txt

    Referring to the picture below, drag CFScript.txt into ComboFix.exe

    [​IMG]


    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

    Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.
     
  13. Ciera2455

    Ciera2455 Thread Starter

    Joined:
    Oct 14, 2002
    Messages:
    41
    Sorry for the delay, busy week.

    ComboFix 12-07-16.01 - Mary Jo 08/11/2012 14:51:42.2.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1450 [GMT -5:00]
    Running from: c:\documents and settings\Mary Jo\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Mary Jo\Desktop\CFScript.txt
    AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    FW: COMODO Firewall Pro *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
    .
    FILE ::
    "c:\windows\system32\drivers\areawcjv.sys"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\program files\INSTALL.LOG
    c:\windows\help\wmplayer.bak
    c:\windows\MailSwitch.ocx
    c:\windows\patch.exe
    c:\windows\system32\drivers\etc\hosts.ics
    c:\windows\system32\rnaph.dll
    F:\autorun.inf
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_areawcjv
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-11 to 2012-08-11 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-11 11:25 . 2012-06-29 08:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C9F4BF13-C1E1-4E9E-B543-981B726850BF}\mpengine.dll
    2012-08-10 10:40 . 2012-06-29 08:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-07-31 16:58 . 2012-07-31 16:58 -------- d-----w- c:\program files\Wondershare
    2012-07-31 07:07 . 2012-07-31 07:07 -------- d-----w- c:\documents and settings\Mary Jo\Local Settings\Application Data\Wondershare
    2012-07-31 07:07 . 2012-07-31 07:07 -------- d-----w- c:\program files\Common Files\Wondershare
    2012-07-17 22:08 . 2012-07-17 22:08 1409 ----a-w- c:\windows\QTFont.for
    2012-07-16 16:35 . 2012-07-16 16:36 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
    2012-07-16 16:35 . 2012-07-16 16:35 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
    2012-07-16 13:32 . 2012-07-03 18:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-02 17:30 . 2012-04-12 03:04 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-08-02 17:30 . 2011-05-15 03:08 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-06-22 10:28 . 2008-11-11 01:17 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2012-06-22 10:28 . 2012-06-22 10:29 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-06-22 10:28 . 2010-04-25 15:23 472840 ----a-w- c:\windows\system32\deployJava1.dll
    2012-06-13 13:19 . 2002-08-29 10:00 1866112 ----a-w- c:\windows\system32\win32k.sys
    2012-06-05 15:50 . 2009-08-19 23:07 1372672 ------w- c:\windows\system32\msxml6.dll
    2012-06-05 15:50 . 2004-08-26 18:54 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-04 04:32 . 2002-08-29 10:00 152576 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 20:19 . 2007-05-31 23:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
    2012-06-02 20:19 . 2007-05-31 23:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 20:19 . 2004-08-03 19:03 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
    2012-06-02 20:19 . 2004-08-03 19:02 329240 ----a-w- c:\windows\system32\wucltui.dll
    2012-06-02 20:19 . 2004-08-03 18:59 210968 ----a-w- c:\windows\system32\wuweb.dll
    2012-06-02 20:19 . 2007-05-31 23:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
    2012-06-02 20:19 . 2005-05-26 09:16 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 20:19 . 2004-08-03 19:02 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 20:19 . 2004-08-03 18:59 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 20:19 . 2002-08-29 10:00 97304 ----a-w- c:\windows\system32\cdm.dll
    2012-06-02 20:19 . 2007-05-31 23:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2012-06-02 20:19 . 2004-08-03 19:00 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 20:19 . 2002-08-29 10:00 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 20:18 . 2007-06-01 23:31 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
    2012-06-02 20:18 . 2006-09-05 00:02 214256 ----a-w- c:\windows\system32\muweb.dll
    2012-06-02 20:18 . 2006-02-12 09:41 275696 ----a-w- c:\windows\system32\mucltui.dll
    2012-05-31 13:22 . 2002-09-23 20:10 599040 ----a-w- c:\windows\system32\crypt32.dll
    2012-05-16 15:08 . 2005-04-27 15:54 916992 ----a-w- c:\windows\system32\wininet.dll
    2003-08-07 14:25 . 2003-08-07 14:25 11066953 ------w- c:\program files\Helix_Producer_Basic_9.0.1_Setup.exe
    2012-08-06 03:35 . 2011-09-30 15:19 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ComcastAntispyClient"="c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-12-04 1622488]
    "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]
    "NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2003-10-06 49152]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-14 28672]
    "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-01-31 98304]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-19 185872]
    "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
    "nwiz"="nwiz.exe" [2003-10-06 741376]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2003-10-06 49152]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
    "Wondershare Helper Compact.exe"="c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-20 1679360]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Creating Keepsakes Scrapbook Designer Event Reminder.lnk]
    backup=c:\windows\pss\Creating Keepsakes Scrapbook Designer Event Reminder.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
    backup=c:\windows\pss\Google Updater.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
    backup=c:\windows\pss\ymetray.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
    2005-10-11 23:25 1961984 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 15:50 155648 ----a-w- c:\windows\SYSTEM32\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor]
    2003-08-18 13:12 98304 ------w- c:\program files\Visioneer OneTouch\OneTouchMon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2005-01-31 17:24 98304 ------w- c:\program files\QuickTime\qttask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2009-01-19 06:38 185872 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "24726:TCP"= 24726:TCP:FlipShareServer
    "24727:TCP"= 24727:TCP:FlipShareServer
    .
    R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [3/16/2009 4:37 PM 616408]
    R2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [5/6/2011 12:58 PM 1085440]
    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/26/2009 12:32 AM 189736]
    R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 6:53 PM 13672]
    S1 MpKsl85cb5d01;MpKsl85cb5d01;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C9F4BF13-C1E1-4E9E-B543-981B726850BF}\MpKsl85cb5d01.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C9F4BF13-C1E1-4E9E-B543-981B726850BF}\MpKsl85cb5d01.sys [?]
    S2 USBDriver;RCA CDS1000 640x480 Driver;c:\windows\system32\Drivers\cds1000.sys --> c:\windows\system32\Drivers\cds1000.sys [?]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe [4/11/2012 10:04 PM 250056]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6/3/2012 9:03 PM 113120]
    S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-11 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 17:30]
    .
    2012-08-11 c:\windows\Tasks\Backup.job
    - c:\windows\SYSTEM32\ntbackup.exe [2002-08-29 00:12]
    .
    2012-08-09 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-31 23:20]
    .
    2012-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2589259409-1540086843-2969841051-1005Core.job
    - c:\documents and settings\Mary Jo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-01 03:33]
    .
    2012-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2589259409-1540086843-2969841051-1005UA.job
    - c:\documents and settings\Mary Jo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-01 03:33]
    .
    2009-05-19 c:\windows\Tasks\Initial Backup.job
    - c:\windows\system32\ntbackup.exe [2002-08-29 00:12]
    .
    2003-05-15 c:\windows\Tasks\ISP signup reminder 1.job
    - c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 00:12]
    .
    2012-08-11 c:\windows\Tasks\User_Feed_Synchronization-{C3B178F0-672A-40FB-BCFD-2061D6CE3E75}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    mWindow Title = Windows Internet Explorer provided by Comcast
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?p=%s
    IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: sumtotalsystems.com\allstate
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://69.129.103.82:8000/activex/AMC.cab
    FF - ProfilePath - c:\documents and settings\Mary Jo\Application Data\Mozilla\Firefox\Profiles\aapazohb.default\
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-08-11 15:17
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2589259409-1540086843-2969841051-1005\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(2932)
    c:\windows\system32\WININET.dll
    c:\progra~1\WINDOW~2\wmpband.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\mshtml.dll
    c:\windows\system32\msls31.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Microsoft Security Client\MsMpEng.exe
    c:\program files\Ahead\InCD\InCDsrv.exe
    c:\windows\system32\LEXBCES.EXE
    c:\windows\system32\LEXPPS.EXE
    c:\windows\System32\CTsvcCDA.exe
    c:\program files\Flip Video\FlipShare\FlipShareService.exe
    c:\windows\System32\inetsrv\inetinfo.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\System32\tcpsvcs.exe
    c:\windows\System32\MsPMSPSv.exe
    c:\windows\system32\fxssvc.exe
    c:\program files\Canon\CAL\CALMAIN.exe
    c:\windows\System32\wbem\unsecapp.exe
    c:\windows\Logi_MwX.Exe
    c:\windows\system32\RUNDLL32.EXE
    .
    **************************************************************************
    .
    Completion time: 2012-08-11 15:32:13 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-11 20:32
    ComboFix2.txt 2012-07-18 07:45
    .
    Pre-Run: 52,091,936,768 bytes free
    Post-Run: 51,931,934,720 bytes free
    .
    - - End Of File - - D021A0A22FD9F21D8A6E77BD412F41F7
     
  14. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,650
    Can you update MalwareBytes and get it to run now? If so please do a quick scan.

    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.
    Extra Note:

    If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
     
  15. Ciera2455

    Ciera2455 Thread Starter

    Joined:
    Oct 14, 2002
    Messages:
    41
    Nothing Found!!! :)


    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.03.05

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Mary Jo :: PHUNKYTOWN [administrator]

    8/18/2012 3:54:58 PM
    mbam-log-2012-08-18 (15-54-58).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 251383
    Time elapsed: 33 minute(s), 43 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1060468