Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Might Be Infected. [RESOLVED]


  • This topic is locked This topic is locked

#1
MOB1977

MOB1977

    Member

  • Member
  • PipPip
  • 12 posts
First of all, I was on here before sometime this year, however, during that time there was a death in the family and just straight drama. It's only now that I can focus on fixing this computer.

First of all, the mouse doesn't work right. What I mean by that is that it doesn't do what I want it to do. And sometimes it will just go wild and try and close windows and my browzers or hit up my task bar and make it do crazy things. Sometimes it would go to the start menu and try and start programs. The mouse just has spats. Also my computer runs slow and I have to restart it often in order to get it to work. And often times it will work not that long until it freezes. Or the mouse will often freeze and won't let me do things.

I think I might be infected with a virus or viruses or something. Here's the HiJack log

Logfile of HijackThis v1.99.1
Scan saved at 11:04:52 AM, on 1/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\LTMSG.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\2r2ivjmo.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\2r2ivjmo.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn0\ycomp5_6_0_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn0\ycomp5_6_0_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [zzzCamInSuiteIII] E:\SETUP.EXE 2***
O4 - HKLM\..\Run: [SSRunScript] "C:\Program Files\Support.com\Charter\bin\SSRunScript.exe" /script "C:\Program Files\Support.com\Charter\vbs\verifyconnection.vbs" /args //b startupdelay
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [Clear Cut] C:\Program Files\ClearCut\streamer.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\Owner\Desktop\DANCING WITH TEH STARS 2 - CHERYL BURKE\utorrent.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowso...nSSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec.../ols3/fscax.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Thank you so much for any help you might be able to provide.

  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.



* Click here to download AVG Anti Rootkit and save it to your desktop.

  • Double-click on the AVG_AntiRootkit_1.1.0.42.exe file to run it.
  • Click "I Agree" to agree to the EULA.
  • By default it will install to "G:\Program Files\GRISOFT\AVG Anti-Rootkit Beta".
  • Click "Next" to begin the installation then click "Install".
  • It will then ask you to reboot now to finish the installation.
  • Click "Finish" and your computer will reboot.
  • After it reboots, double-click on the AVG Anti-Rootkit Beta shortcut that is now on your desktop.
  • Click on the "Perform in-depth search" button to begin the scan.
  • The scan will take a while so be patient and let it complete.
  • When the scan is finished, click the "Save result to file" button.
  • Save the scan results to your desktop then come back here to copy and paste the results in your next reply to this thread.

  • 0

#3
MOB1977

MOB1977

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hey Rorschach112 you helped me before the death in the family which led to the months of drama that kept me from exclusively cleaning this thing. I was the tessagemini only I forgot the email and log in stuff so I started this account. I had some major problems getting to this website. I tried and tried to get here and all my browsers wouldn't let me get here. Anyways, I spent all day trying to get here. It's 11:11pm Saturday night and I'm so sleepy. I will do as you said after mass tomorrow. Hopefully the hard time getting here was a fluke or a bug or God forbid a browser hijacking. I've been able to get here four times already so I think tomorrow will be fine.

I just want to THANK YOU SO MUCH Rorschach112! I'll see you tomorrow as we finish what we started a long time ago. I just wanted to post so you know that I got this. Take Care & have a good Sunday since it's gotta be Sunday where you're at!
  • 0

#4
MOB1977

MOB1977

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hello!

I had a rough time getting on here as the computer is having it's spats. Sorry it took so long but COMPAQ here is acting like it's MPSing and being a massive [bleep]. Excuse my language. I guess it knows I'm trying to fix it and it's all like, "I don't want you to." Tough! geekstogo.com's very own Rorschach112 will put COMPAQ in its place. In order to make it work I deleted and uninstalled my netscape. Actually I uninstalled it when I found out they were going out of business. And after I uninstalled it... that's when my explorer allowed me to get here. THANK GOD!

Anyways, here's the scans you requested.

extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP 3000+
Percentage of Memory in Use: 61%
Physical Memory (total/avail): 447.48 MiB / 171.57 MiB
Pagefile Memory (total/avail): 1730.32 MiB / 1410.48 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.6 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 143.89 GiB total, 1.49 GiB free.
D: is Fixed (FAT32) - 5.14 GiB total, 0.96 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3160021A - 149.05 GiB - 2 partitions
\PARTITION0 - Unknown - 5.15 GiB - D:
\PARTITION1 (bootable) - Installable File System - 143.89 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Windows Live OneCare Firewall v1.0.0 (Microsoft Corporation)
AV: Windows Live OneCare v1.0.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Common Files\\AOL\\1125040945\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1125040945\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Compaq Connections\\1940576\\Program\\BackWeb-1940576.exe"="C:\\Program Files\\Compaq Connections\\1940576\\Program\\BackWeb-1940576.exe:*:Enabled:BackWeb-1940576"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\WinMX\\WinMX.exe"="C:\\Program Files\\WinMX\\WinMX.exe:*:Enabled:WinMX Application"
"C:\\Program Files\\Netscape\\Netscape\\Netscp.exe"="C:\\Program Files\\Netscape\\Netscape\\Netscp.exe:*:Enabled:Netscape"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"="C:\\Program Files\\Real\\RealOne Player\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Yahoo! Games\\Slingo Deluxe\\Slingo.exe"="C:\\Program Files\\Yahoo! Games\\Slingo Deluxe\\Slingo.exe:*:Enabled:Slingo ®"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\AWS\\WeatherBug\\Weather.exe"="C:\\Program Files\\AWS\\WeatherBug\\Weather.exe:*:Enabled:WeatherBug"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Common Files\\AOL\\1125040945\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1125040945\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:*:Enabled:ActiveSync Application"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Documents and Settings\\Owner\\Desktop\\DANCING WITH TEH STARS 2 - CHERYL BURKE\\utorrent.exe"="C:\\Documents and Settings\\Owner\\Desktop\\DANCING WITH TEH STARS 2 - CHERYL BURKE\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-W04GTXLD67
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\YOUR-W04GTXLD67
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\QuickTime\QTSystem\;C:\PROGRA~1\COMMON~1\MGISHA~1\Video
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=YOUR-W04GTXLD67
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Administrator (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
--> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvhp.inf
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
--> VTUninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Timer'
ABC (remove only) --> C:\Program Files\ABC\Uninstall.exe
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Illustrator 10 --> "C:\Program Files\InstallShield Installation Information\{412033BC-44CF-48D9-B813-4B835101F4D3}\setup.exe"
Adobe PhotoDeluxe Home Edition 4.1 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adobe\PhotoDeluxe Home Edition 4.1\Uninst.isu"
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Photoshop Album Starter Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{483616D1-867E-46F8-BEC7-3C6475933908}\apxp.ex_" -l0x9
Adobe Reader 7.0.5 Language Support --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft ShowBiz 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{791B20D4-AE59-4DE9-B45F-BA01F3D0A493}\setup.exe" -l0x9
AudibleManager --> C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
Badongo --> MsiExec.exe /X{72000767-0BD3-416C-83BE-307129B0B0F0}
Blackhawk Striker from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\F07504C6-20C5-4BFE-83A0-523FB2455E72\Uninstall.exe"
Blasterball 2 from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\75528D5F-DD82-402E-BA7C-045B7DC6A712\Uninstall.exe"
Bounce Symphony from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\29FF6D07-4A15-41F1-9D5E-E0F3A58012C6\Uninstall.exe"
Broderbund Home Design 5.1 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{9024562E-CBEC-48B5-894A-1C59269302FE}
CAM-IN SUITE III --> C:\PROGRA~1\CAM-IN~1\UNWISE.EXE C:\PROGRA~1\CAM-IN~1\INSTALL.LOG
Charter Pipeline Professor --> "C:\Program Files\Support.com\bin\tgfix.exe" /rm /nq /provider Charter
Charter Solution Controls Installation --> "C:\Program Files\Support.com\unins000.exe"
ClearCut BETA 1.0 --> C:\Program Files\ClearCut\uninst.exe
Compaq Connections --> C:\WINDOWS\BWUnin-6.2.3.66L.exe -AppId 1940576
Compaq Instant Support --> C:\PROGRA~1\COMPAQ~2\UNWISE.EXE C:\PROGRA~1\COMPAQ~2\INSTALL.LOG
Compaq Organize --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
DigitalCam Pro --> C:\WINDOWS\System32\unV2210.exe
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Documents To Go --> MsiExec.exe /X{4E7E8E6A-15F1-4E26-9352-26AD235131E9}
Dr Watson for Microsoft Windows OneCare Live v0.9.0929.18 --> MsiExec.exe /I{C544F99D-39EF-4E6D-95BE-4E41C1D8C4CB}
Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{0613467F-A45E-4CB1-9ECE-1F3DD79FB927} /l1033
ESPNMotion --> C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
Excavation from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\C679AA5F-C2C8-4EA8-9CD1-504A39AEC264\Uninstall.exe"
Five Card Frenzy from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\2FDCC229-354D-4279-ABEF-CE17E355BFFA\Uninstall.exe"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
GTOneCare --> MsiExec.exe /X{EE7C954E-2356-491D-9188-D1852ADF41FE}
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HijackThis 1.99.1 --> C:\Program Files\Hijackthis\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Deskjet Preloaded Printer Drivers --> MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Photo & Imaging 3.1 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photo and Imaging 2.0 - Photosmart Cameras --> MsiExec.exe /X{5D7F0A0E-369E-46C0-9F99-FAB21A064781}
HP PSC & OfficeJet 3.0 --> "C:\Program Files\HP\Digital Imaging\{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update --> MsiExec.exe /X{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
IntelliMover Data Transfer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{4F5CE18C-D97D-48FF-A510-A0D90C918294}
Java Web Start --> "C:\Program Files\Java\j2re1.4.2\javaws\uninst-javaws.exe"
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
KBD --> C:\HP\KBD\KBD.EXE uninstalled
Lexmark Photo Center --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{523BD5B6-E904-493C-B902-1BC9B7D44DF4} /l1033
Lexmark X1100 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBKUN5C.EXE -dLexmark X1100 Series
Lexmark Z700-P700 Series --> C:\WINDOWS\System32\spool\drivers\w32x86\3\LXBLUN5C.EXE -dLexmark Z700-P700 Series
LimeWire 4.14.8 --> "C:\Program Files\LimeWire\uninstall.exe"
Love_Yourself --> C:\WINDOWS\ss3unstl.exe "Love_Yourself"
Macromedia Dreamweaver MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Macromedia Fireworks MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{930B2432-43D4-11D5-9871-00C04F8EEB39}\Setup.exe" -l0x9 UNINSTALL
Macromedia Flash MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x9 UNINSTALL
Macromedia Flash Player 8 --> MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Macromedia FreeHand 10 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D826618-59C6-11D4-976E-00C04F8EEB39}\Setup.exe" UNINSTALL
Marketing Tips Messenger --> "C:\WINDOWS\Marketing Tips Messenger.exe" /u
Mavis Beacon Teaches Typing 17 --> C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 17\Uninstall.xml"
Memories Disc Creator 2.0 --> MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
MGI VideoWave 4 --> MsiExec.exe /I{B246C325-1C49-4572-8665-7691EFE1D06B}
Microsoft ActiveSync 3.8 --> "C:\WINDOWS\ISUNINST.EXE" -f"C:\Program Files\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Program Files\Microsoft ActiveSync\ceuninst.dll"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Outlook Connector for MSN --> MsiExec.exe /X{3A97084F-A6B7-478B-8D5E-57A6BFA8C35B}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Picture It! Express 9 --> C:\WINDOWS\System32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0900}
Microsoft Picture It! Library 9 --> C:\WINDOWS\System32\msiexec.exe /i {9F7FC79B-3059-4264-9450-39EB368E3220}
Microsoft Plus! Digital Media Edition --> MsiExec.exe /I{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}
Microsoft Protection Service --> MsiExec.exe /I{62514E51-0E57-41B8-968C-43BB55694CC6}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Microsoft Windows Live OneCare Resources v2.0.2500.14 --> MsiExec.exe /I{5660022E-F3F2-4126-8CC5-9726C47150EB}
Microsoft Windows OneCare Live AntiSpyware and AntiVirus --> MsiExec.exe /I{CB8410EA-A3D5-47F2-8653-D4EEA4BF8D4C}
Microsoft Windows OneCare Live v2.0.2500.14 --> MsiExec.exe /I{D07A8E7E-D324-4945-BA8C-E532AD008FF3}
Microsoft Windows OneCare Live v2.0.2500.14 Idcrl Install --> MsiExec.exe /I{3851147E-5A91-4469-BA4D-13FFFCC8A920}
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Owner\Application Data\Move Networks\ie_bin\Uninst.exe
Move Networks Player for Internet Explorer --> "C:\Documents and Settings\Owner\Application Data\Move Networks\ie_bin\unins000.exe"
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSN Dial Up Accelerator --> rundll32.exe advpack.dll,LaunchINFSection C:\Progra~1\MSN\MSNIA\WA\msniawa.inf,DefaultUninstall
MSN Encarta Plus Support Files --> MsiExec.exe /I{00000000-785F-478A-BAA2-87F1A136068C}
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
Netscape (7.2) --> C:\WINDOWS\NSUninst.exe /ua "7.2 (en)"
Nevada Casino --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6EE8882F-8687-4C35-8D87-59005E37FCFC}\Setup.exe"
NVIDIA GART Driver --> C:\WINDOWS\System32\nvugart.exe Uninstall C:\WINDOWS\System32\Nvgart.nvu,NVIDIA GART Driver
Orbital from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\26DC0ED6-93A7-43C1-8DC5-EC16079580F9\Uninstall.exe"
Otto from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\8A225900-C06D-41DD-B66C-43840D472758\Uninstall.exe"
Overball from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\FA7F5211-C629-4711-BD82-7DFFB08CB518\Uninstall.exe"
palmOne --> MsiExec.exe /X{FF8157AA-F640-45BD-B7C2-BAA1016B267A}
PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
Photosmart 140,240,7200,7600,7700,7900 Series --> C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat
Polar Bowler from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\05E21449-3BA3-42BF-BBDA-95205F4EA40A\Uninstall.exe"
Porsche Boxster Screen Saver --> C:\WINDOWS\system32\Porsche Boxster.scr /u
Power Affirmations Screen Saver --> C:\WINDOWS\system32\power-affirmations-sample-screensaver.scr /uninstall
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
PX Engine --> MsiExec.exe /I{6513E869-647F-40FD-A55D-CFC92579B9BA}
Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2006 --> MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickTime --> MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
R4 --> "C:\Program Files\R4\uninstall.exe"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
S3 S3Display --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display'
S3 S3Gamma2 --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2'
S3 S3Info2 --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2'
S3 S3Overlay --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay'
SBDOnHand (Palm) v 1.0.28 by Skyscape --> C:\WINDOWS\iun6002.exe "C:\Documents and Settings\Owner\Desktop\bing DT DOWNLOAD\SBDOnHandb\1.0.28\SBDOnHand\1.0.28\irunin.ini"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Slyder from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\8BA6F58B-7A91-461F-95F8-E34F8BD8AA4E\Uninstall.exe"
smARTupdate --> C:\WINDOWS\iun6002.exe "C:\Program Files\Common Files\Skyscape\irunin.ini"
Softtrends Software Pvt Ltd tApCalcCPA for PalmOS --> C:\WINDOWS\ctpu.exe -uC:\Documents and Settings\Owner\BINGs Documents\Bing's dowloads\install.log
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SpamSubtract --> C:\PROGRA~1\INTERM~1\SPAMSU~1\UNWISE.EXE /U C:\PROGRA~1\INTERM~1\SPAMSU~1\INSTALL.LOG
SplashID --> "C:\Program Files\InstallShield Installation Information\{9DBBC53C-AD7B-44ED-91A7-7568B51182F8}\setup.exe" -runfromtemp -l0x0009 -removeonly
SplashMoney --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AAE5284-700D-4AB0-B0FB-57B5C8A7D93B}\setup.exe" -l0x9
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
StumbleUpon Toolbar for IE --> "C:\Program Files\StumbleUpon\uninstall.exe"
Subliminal Power --> "C:\Program Files\Subliminal Power\unins000.exe"
Subliminal Power Add-On CD --> "C:\Program Files\Subliminal Power\unins001.exe"
ThankYouGod Screen Saver --> C:\WINDOWS\system32\ThankYouGod.scr /u
The Goodness of God Screen Saver --> C:\WINDOWS\system32\The Goodness of God.scr /u
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VIA/S3G Display Driver --> VTsetvga.exe -s -rRundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\system32\hg201hp.inf
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WebLog Expert Lite 3.0 --> "C:\Program Files\WebLog Expert Lite\unins000.exe"
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Live OneCare --> "C:\Program Files\Microsoft Windows OneCare Live\OCSetup.exe" /u
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Yahoo! Customizations --> C:\Program Files\Yahoo!\Common\unycust.exe /S
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\WINDOWS\DOWNLO~1\YINSTH~2.DLL
Yahoo! Internet Mail --> C:\WINDOWS\System32\regsvr32 /u /s C:\WINDOWS\DOWNLO~1\ymmapi.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Messenger Explorer Bar --> C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\MESSEN~1\YHEXBM~1.DLL
Yahoo! Photos Easy Upload Tool 1v6 --> C:\WINDOWS\system32\regsvr32 /u /s "C:\WINDOWS\cache\YDropper1.dll"
Yahoo! Toolbar --> rundll32.exe C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\YCOMP5~1.DLL,DllCommand uis


-- Application Event Log -------------------------------------------------------

Event Record #/Type24781 / Error
Event Submitted/Written: 01/15/2008 08:03:42 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application aim6.exe, version 1.4.9.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type24770 / Error
Event Submitted/Written: 01/15/2008 10:09:04 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application aim6.exe, version 1.4.9.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type24759 / Warning
Event Submitted/Written: 01/15/2008 06:20:44 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type24749 / Warning
Event Submitted/Written: 01/14/2008 06:23:27 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type24748 / Error
Event Submitted/Written: 01/14/2008 06:22:37 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application Palm.exe, version 4.1.4.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type12238 / Warning
Event Submitted/Written: 01/16/2008 00:17:11 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type12214 / Error
Event Submitted/Written: 01/15/2008 07:57:54 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The nVidia WDM A/V Crossbar service failed to start due to the following error:
%%1058

Event Record #/Type12213 / Error
Event Submitted/Written: 01/15/2008 07:57:54 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The nVidia WDM Video Capture (universal) service failed to start due to the following error:
%%1058

Event Record #/Type12212 / Error
Event Submitted/Written: 01/15/2008 07:57:54 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The mrtRate service failed to start due to the following error:
%%2

Event Record #/Type12207 / Warning
Event Submitted/Written: 01/15/2008 06:18:38 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-01-16 07:43:10 ------------

main.txt

Deckard's System Scanner v20071014.68
Run by Owner on 2008-01-16 07:40:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
56: 2008-01-16 15:40:55 UTC - RP1402 - Deckard's System Scanner Restore Point
55: 2008-01-16 00:43:56 UTC - RP1401 - System Checkpoint
54: 2008-01-15 00:10:01 UTC - RP1400 - System Checkpoint
53: 2008-01-13 22:29:22 UTC - RP1399 - System Checkpoint
52: 2008-01-12 20:19:05 UTC - RP1398 - System Checkpoint


-- First Restore Point --
1: 2007-11-18 08:12:28 UTC - RP1347 - System Checkpoint


Performed disk cleanup.

Total Physical Memory: 448 MiB (512 MiB recommended).
System Drive C: has 1.49 GiB (less than 15%) free.


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 7:42:02 AM, on 1/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\LTMSG.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\2r2ivjmo.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\2r2ivjmo.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn0\ycomp5_6_0_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn0\ycomp5_6_0_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [zzzCamInSuiteIII] E:\SETUP.EXE 2***
O4 - HKLM\..\Run: [SSRunScript] "C:\Program Files\Support.com\Charter\bin\SSRunScript.exe" /script "C:\Program Files\Support.com\Charter\vbs\verifyconnection.vbs" /args //b startupdelay
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [Clear Cut] C:\Program Files\ClearCut\streamer.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\Owner\Desktop\DANCING WITH TEH STARS 2 - CHERYL BURKE\utorrent.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowso...nSSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec.../ols3/fscax.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20060607-104853-123 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.unityonli..._prosperity.htm
backup-20060607-104853-131 O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
backup-20060607-104853-136 O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
backup-20060607-104853-165 O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
backup-20060607-104853-215 O4 - HKLM\..\Run: [znmaznrnbeay] C:\WINDOWS\system32\aqyjnzxc.exe
backup-20060607-104853-218 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
backup-20060607-104853-239 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
backup-20060607-104853-248 O4 - HKLM\..\Run: [Marketing Tips Messenger] C:\WINDOWS\Marketing Tips Messenger.exe
backup-20060607-104853-285 O15 - Trusted Zone: *.stumbleupon.com
backup-20060607-104853-298 O4 - HKLM\..\Run: [Clear Cut] C:\Program Files\ClearCut\streamer.exe
backup-20060607-104853-344 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
backup-20060607-104853-346 O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
backup-20060607-104853-366 O4 - HKLM\..\Run: [SSRunScript] "C:\Program Files\Support.com\Charter\bin\SSRunScript.exe" /script "C:\Program Files\Support.com\Charter\vbs\verifyconnection.vbs" /args //b startupdelay
backup-20060607-104853-395 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022
backup-20060607-104853-407 O4 - HKLM\..\Run: [gxanqx] C:\WINDOWS\gxanqx.exe
backup-20060607-104853-426 O4 - HKCU\..\Run: [Subliminal Power] C:\Program Files\Subliminal Power\Subliminal.exe /s
backup-20060607-104853-483 O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
backup-20060607-104853-485 N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\2r2ivjmo.slt\prefs.js)
backup-20060607-104853-518 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com
backup-20060607-104853-607 O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINDOWS\system32\s1940.dll
backup-20060607-104853-684 N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\2r2ivjmo.slt\prefs.js)
backup-20060607-104853-713 O4 - HKLM\..\Run: [zbohlduytyv] C:\WINDOWS\system32\aqyjnzxc.exe
backup-20060607-104853-757 O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support2.char...oad/tgctlcm.cab
backup-20060607-104853-850 O3 - Toolbar: EMail_Notifier toolbar - {85c5b796-eda5-4353-b26e-a5d181ad9cd0} - C:\Program Files\EMail_Notifier\tbEMa1.dll
backup-20060607-104853-864 O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\system32\s1940.dll/blogimage
backup-20060607-104853-907 O2 - BHO: Toolbar Helper - {D44BBB61-E17F-4AE6-A502-8D7E0B29E616} - C:\WINDOWS\system32\s1940.dll
backup-20060609-205726-159 O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
backup-20060609-205726-324 O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
backup-20060609-205726-451 O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
backup-20060609-205726-545 O2 - BHO: (no name) - {D44BBB61-E17F-4AE6-A502-8D7E0B29E616} - (no file)
backup-20060609-205726-629 O4 - HKLM\..\Run: [znmaznrnbeay] C:\WINDOWS\system32\aqyjnzxc.exe
backup-20060609-205726-720 O4 - HKLM\..\Run: [gxanqx] C:\WINDOWS\gxanqx.exe
backup-20060610-122523-282 O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} -
backup-20060610-122523-929 O4 - HKLM\..\Run: [zbohlduytyv] C:\WINDOWS\system32\aqyjnzxc.exe
backup-20060615-183252-323 O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe,2
.js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-01-12 12:29:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-01-12 10:00:01 306 --a------ C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
2007-05-29 18:20:35 402 --ah----- C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job


-- Files created between 2007-12-16 and 2008-01-16 -----------------------------

2007-12-28 14:57:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-28 14:55:51 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-19 07:23:26 0 d-------- C:\Program Files\QuickTime


-- Find3M Report ---------------------------------------------------------------

2008-01-15 20:40:16 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-01-14 06:17:00 0 d-------- C:\Program Files\Lexmark X1100 Series
2008-01-13 18:12:39 0 d-------- C:\Program Files\Common Files
2008-01-13 18:12:38 0 d-------- C:\Documents and Settings\Owner\Application Data\Netscape
2007-12-29 08:40:50 0 d-------- C:\Pr

Attached Thumbnails

  • warning.jpg

  • 0

#5
MOB1977

MOB1977

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I guess this is a valid way to bump this by providing more information with what's wrong with my computer.

When I re-start the computer or the computer starts I get a runtime 9 error and a backlight or backweb error. Next time I start my computer I'll write it down.

THANKS FOR HELPING ME AGAIN Rorschach112 please continue to help me coz my mouse is tripping. :) :) :)

Edited by MOB1977, 20 January 2008 - 04:16 AM.

  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Sorry about that I missed your reply

Can you post a new DSS log and make sure it is all there.

Also run the Kaspersky Webscanner, then do this


Download rootchk by Ejvindh to your desktop.
  • Temporarily Disable Real Time Monitoring Programs you have running that are listed here, such as TeaTimer, Adwatch, and HIPs programs like Prevx, while we complete the fixes (see **Note below).
  • Disconnect from the internet
  • Double click rootchk.exe to run the program
  • After a short time a logfile will open.
  • Copy the contents of the log into your next reply.
  • Re-enable active protection on any program you have disabled while completing the scan

**Note:If you are using the ZoneAlarm Pro firewall or any other security program that protects your registry (Teatimer, Adwatch, Prevx), rootchk may produce false positives. That is why it is important for you to disable these programs before running a rootchk scan. To prevent ZoneAlarm Pro conflicts, first enable the Windows Firewall (click start | Control Panel | Windows Firewall and select the checkbox to turn it on). Then disable ZoneAlarm Pro before running the rootchk. Also, disable any other active protection programs including HIPs that block registry write access. After the scan, be sure re-enable ZoneAlarm Pro and any other active protection programs you have temporarily disabled.
  • 0

#7
MOB1977

MOB1977

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hello Rorschach112!

It's all good. I just wanted you to know that I appreciate your help more than you'll ever know... And I understand you're helping others.

To tell you honestly I think it's my cousins that screwed this computer up with all their downloads and stuff. This desktop is full of their crap.

Okay I did the DSS and I only got the main.txt log so here it is:

Deckard's System Scanner v20071014.68
Run by Owner on 2008-01-21 21:18:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 448 MiB (512 MiB recommended).
System Drive C: has 1.35 GiB (less than 15%) free.


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:19:05 PM, on 1/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\LTMSG.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\2r2ivjmo.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\2r2ivjmo.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn0\ycomp5_6_0_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn0\ycomp5_6_0_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [zzzCamInSuiteIII] E:\SETUP.EXE 2***
O4 - HKLM\..\Run: [SSRunScript] "C:\Program Files\Support.com\Charter\bin\SSRunScript.exe" /script "C:\Program Files\Support.com\Charter\vbs\verifyconnection.vbs" /args //b startupdelay
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [Clear Cut] C:\Program Files\ClearCut\streamer.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\Owner\Desktop\DANCING WITH TEH STARS 2 - CHERYL BURKE\utorrent.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowso...nSSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec.../ols3/fscax.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


-- Files created between 2007-12-21 and 2008-01-21 -----------------------------

2008-01-16 07:45:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-16 07:45:48 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-28 14:57:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-28 14:55:51 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard


-- Find3M Report ---------------------------------------------------------------

2008-01-21 17:53:39 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-01-14 06:17:00 0 d-------- C:\Program Files\Lexmark X1100 Series
2008-01-13 18:12:39 0 d-------- C:\Program Files\Common Files
2008-01-13 18:12:38 0 d-------- C:\Documents and Settings\Owner\Application Data\Netscape
2007-12-29 08:40:50 0 d-------- C:\Program Files\MUSICMATCH
2007-12-29 08:40:40 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-29 08:39:11 0 d-------- C:\Program Files\TrojanHunter 4.5
2007-12-28 14:59:19 0 d-------- C:\Program Files\Lavasoft
2007-12-28 14:59:17 0 d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
2007-12-19 07:24:26 0 d-------- C:\Program Files\QuickTime
2007-12-07 02:12:01 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2007-12-04 05:53:51 0 d-------- C:\Documents and Settings\Owner\Application Data\uTorrent
2007-11-28 20:51:19 0 d-------- C:\Program Files\Java
2007-11-22 10:37:03 15523 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UMT0046"="" []
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [09/13/2003 09:36 PM]
"LTMSG"="LTMSG.exe" [07/14/2003 04:52 PM C:\WINDOWS\ltmsg.exe]
"KBD"="C:\HP\KBD\KBD.EXE" [02/11/2003 07:02 PM]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 03:04 PM]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [05/23/2003 01:55 AM]
"CamMonitor"="c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe" [10/07/2002 06:23 AM]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [08/19/2003 07:01 AM]
"PS2"="C:\WINDOWS\system32\ps2.exe" [07/31/2002 07:28 PM]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"VTTimer"="VTTimer.exe" [10/22/2004 11:53 AM C:\WINDOWS\system32\VTTimer.exe]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [09/13/2002 08:42 PM]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [08/19/2003 02:43 AM]
"zzzCamInSuiteIII"="E:\SETUP.exe" []
"SSRunScript"="C:\Program Files\Support.com\Charter\bin\SSRunScript.exe" [02/19/2003 01:16 PM]
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [05/14/2003 02:21 AM]
"Clear Cut"="C:\Program Files\ClearCut\streamer.exe" [07/26/2005 06:35 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/27/2006 04:00 AM]
"@"="" []
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [12/11/2007 09:42 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 01:11 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/11/2007 10:56 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"NVIEW"="nview.dll,nViewLoadHook" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM]
"µTorrent"="C:\Documents and Settings\Owner\Desktop\DANCING WITH TEH STARS 2 - CHERYL BURKE\utorrent.exe" [12/08/2006 02:20 AM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [10/04/2007 07:20 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
palmOne Registration.lnk - C:\Program Files\palmOne\register.exe [2/22/2005 11:31:52 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [4/1/2004 1:46:39 PM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
Compaq Connections.lnk - C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe [10/11/2003 4:42:56 AM]
Dataviz Messenger.lnk - C:\WINDOWS\DvzCommon\DvzMsgr.exe [7/1/2003 9:16:46 PM]
HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [6/9/2004 2:16:08 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [7/7/2003 7:20:40 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 4:05:56 AM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIGStream]
C:\Program Files\DIGStream\digstream.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet




-- End of Deckard's System Scanner: finished at 2008-01-21 21:19:28 ------------

I'm going to do Kaspersky webscanner now. I'm going to need your assistance on how to accomplish the third item of your latest reply. Please be patient as I am computer dumb. So assume I don't know anything in terms of accomplishing the third step... because I'm honestly clueless.

Again THANK YOU SO MUCH! I appreciate it and am grateful for your assitance.
  • 0

#8
MOB1977

MOB1977

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Here's Kaspersky!

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, January 22, 2008 12:20:27 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 22/01/2008
Kaspersky Anti-Virus database records: 526348
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 161437
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 02:46:33

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\BFTS_BBC2683C\BFTSDatabase.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Support\MPLog-01102008-030546.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Protection Service\edb.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Protection Service\edbtmp.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Protection Service\MPSSVCPolicyIdLog.etl Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Support.com\profiles\Owner\triggers.log Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\AOL OCP\AIM\Storage\data\houseofbinapri\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012008012120080122\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Ent.dat Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\prov.xml Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\service.xml Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\service.xml.bak Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\user.xml Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\user.xml.bak Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\SubInfo.xml Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\Database\edb.log Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\Database\edbtmp.log Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\Database\tmp.edb Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\Database\WinSS_st.edb Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\onecaremp_log.bin Object is locked skipped
C:\Program Files\Microsoft Windows OneCare Live\WinSSSvc_log.bin Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP1407\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\MSFWSVC.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\Windows_OneCare_Evt.evt Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_9bc.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


I look forward to your instructions regarding part three of your last reply. I'm really clueless on how to do it... sorry! :)

My computer is going nuts and the mouse freezes and I have to restart my computer again. It's like my mouse and computer is haunted or is acting like the exorcist or something. So you don't understand how much I appreciate your help! Again THANKS A BUNCH!

  • 0

#9
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.r...ip/RdxIE601.cab


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Download WinPFind35U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.
  • Open the WinPFind35u folder and double-click on WinPFind35U.exe to start the program.
  • Under Additional Scans check the box beside Reg - Disabled MS Config Items.
  • Under Rootkit Search change that to Yes.
  • Under Files Created Within and Files Modified Within change that to 90 days
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.

Make sure you attach the report in your reply.
  • 0

#10
MOB1977

MOB1977

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hello My Irish Friend! I truly appreciate it again!

Before I do what you said in your latest reply... I just want to make sure you know that I haven't done this step in your previous reply before your latest. Do I do this first before I do what you just said in your latest? And if so... how do I do it. I need layman's terms in terms of the instructions on this step that I haven't done.

Thanks So Much Rorschach112!

Download rootchk by Ejvindh to your desktop.

  • Temporarily Disable Real Time Monitoring Programs you have running that are listed here, such as TeaTimer, Adwatch, and HIPs programs like Prevx, while we complete the fixes (see **Note below).
  • Disconnect from the internet
  • Double click rootchk.exe to run the program
  • After a short time a logfile will open.
  • Copy the contents of the log into your next reply.
  • Re-enable active protection on any program you have disabled while completing the scan

**Note:If you are using the ZoneAlarm Pro firewall or any other security program that protects your registry (Teatimer, Adwatch, Prevx), rootchk may produce false positives. That is why it is important for you to disable these programs before running a rootchk scan. To prevent ZoneAlarm Pro conflicts, first enable the Windows Firewall (click start | Control Panel | Windows Firewall and select the checkbox to turn it on). Then disable ZoneAlarm Pro before running the rootchk. Also, disable any other active protection programs including HIPs that block registry write access. After the scan, be sure re-enable ZoneAlarm Pro and any other active protection programs you have temporarily disabled.


  • 0

Advertisements


#11
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

I didn't forget about that

The program WinPFind35 has a rootkit scanner in it so decided to have you use that instead as it would be easier :)


You can go ahead and ignore the Rootchk step and do the WinPFind35 step
  • 0

#12
MOB1977

MOB1977

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hey Rorschach112!

Sorry to be so late in my replies. I'm working double shifts and my shifts are long. I've told my cousins to not download anything to this computer... but it's not like they listen to me. I told them if I have to delete their stuff in order to fix this thing I will. I only use this for communication purposes... they use it for God knows what.

But again I appreciate your help Rorschach112... And I'm sorry that I've been tardy in my replies. But when you're the bread winner in a family of people who puzzle you... well... you catch my drift don't you.

THANKS!

And here's the scan you requested. I hope I did it right. If not I could always do it again. I removed the code tags on top of it and on the bottom.


WinPFind35 logfile created on: 1/25/2008 1:23:06 AM
WinPFind35U Version Beta37 Folder = C:\Documents and Settings\Owner\Desktop\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)

447.48 Mb Total Physical Memory | 93.26 Mb Available Physical Memory | 20.84% Memory free
1.69 Gb Paging File | 1.32 Gb Available in Paging File | 77.87% Paging File free
Paging file location(s): C:\pagefile.sys 1344 1344;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.89 Gb Total Space | 0.99 Gb Free Space | 0.69% Space Free | Partition Type: NTFS
Drive D: | 5.14 Gb Total Space | 0.96 Gb Free Space | 18.71% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: YOUR-W04GTXLD67
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 5 | Size = 587096 bytes | Modified Date = 10/29/2007 1:27:04 PM | Attr = ]
lexbces.exe -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.29 | Size = 303104 bytes | Modified Date = 8/18/2003 2:37:09 AM | Attr = ]
lexpps.exe -> %System32%\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 8.29 | Size = 174592 bytes | Modified Date = 8/18/2003 2:32:55 AM | Attr = ]
wkufind.exe -> %CommonProgramFiles%\Microsoft Shared\Works Shared\WkUFind.exe -> Microsoft® Corporation [Ver = 9.00.0912.0 | Size = 50688 bytes | Modified Date = 9/13/2003 9:36:52 PM | Attr = ]
ltmsg.exe -> %SystemRoot%\ltmsg.exe -> Agere Systems [Ver = 3, 0, 0, 4 | Size = 40960 bytes | Modified Date = 7/14/2003 4:52:44 PM | Attr = ]
kbd.exe -> %SystemDrive%\hp\KBD\kbd.exe -> Hewlett-Packard Company [Ver = 1.0.2.0 | Size = 61440 bytes | Modified Date = 2/11/2003 7:02:48 PM | Attr = ]
hpsysdrv.exe -> %SystemRoot%\system\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 5/7/1998 3:04:38 PM | Attr = ]
hphmon05.exe -> %System32%\hphmon05.exe -> Hewlett-Packard [Ver = 5,0,84 | Size = 483328 bytes | Modified Date = 5/23/2003 1:55:38 AM | Attr = ]
hpqcmon.exe -> %ProgramFiles%\HP\Digital Imaging\Unload\HpqCmon.exe -> [Ver = 2.0.0.133 | Size = 90112 bytes | Modified Date = 10/7/2002 6:23:20 AM | Attr = ]
vttimer.exe -> %System32%\VTTimer.exe -> S3 Graphics, Inc. [Ver = 1.04.06-1020 | Size = 53248 bytes | Modified Date = 10/22/2004 11:53:06 AM | Attr = ]
lxbkbmgr.exe -> %ProgramFiles%\Lexmark X1100 Series\lxbkbmgr.exe -> Lexmark International, Inc. [Ver = 0.1.1.1 | Size = 57344 bytes | Modified Date = 8/19/2003 2:43:46 AM | Attr = ]
tgcmd.exe -> %ProgramFiles%\Support.com\bin\tgcmd.exe -> Support.com, Inc. [Ver = 5,5,700,0 | Size = 1847296 bytes | Modified Date = 5/14/2003 2:21:28 AM | Attr = ]
lxbkbmon.exe -> %ProgramFiles%\Lexmark X1100 Series\lxbkbmon.exe -> Lexmark International, Inc. [Ver = 0.1.1.1 | Size = 53248 bytes | Modified Date = 8/19/2003 3:00:39 AM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:35 AM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 11/15/2007 1:11:04 PM | Attr = ]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 10/31/2007 2:09:16 PM | Attr = ]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1, 8, 54, 478 | Size = 819352 bytes | Modified Date = 4/30/2005 2:13:31 PM | Attr = ]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 1:38:08 PM | Attr = ]
aim6.exe -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 10/4/2007 7:20:54 AM | Attr = ]
dvzmsgr.exe -> %SystemRoot%\DvzCommon\DvzMsgr.exe -> [Ver = | Size = 24576 bytes | Modified Date = 7/1/2003 9:16:46 PM | Attr = ]
hotsync.exe -> %ProgramFiles%\palmOne\Hotsync.exe -> PalmSource, Inc [Ver = 6.0.1 | Size = 471040 bytes | Modified Date = 6/9/2004 2:16:08 PM | Attr = ]
hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 5.31.0.147 | Size = 233472 bytes | Modified Date = 7/7/2003 7:20:40 AM | Attr = ]
aolsoftware.exe -> %ProgramFiles%\AIM6\aolsoftware.exe -> AOL LLC [Ver = 15.5.1.2 | Size = 42032 bytes | Modified Date = 5/25/2007 9:16:08 AM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 11/15/2007 1:10:54 PM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 4/27/2006 4:00:38 AM | Attr = ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 307712 bytes | Modified Date = 1/24/2008 5:27:04 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 5 | Size = 587096 bytes | Modified Date = 10/29/2007 1:27:04 PM | Attr = ]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 10/31/2007 2:09:16 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/3/2004 11:56:48 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/3/2005 11:41:10 PM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 11/15/2007 1:10:54 PM | Attr = ]
(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.29 | Size = 303104 bytes | Modified Date = 8/18/2003 2:37:09 AM | Attr = ]
(NVSvc) NVIDIA Driver Helper Service [Win32_Own | Auto | Stopped] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.4528 | Size = 77824 bytes | Modified Date = 8/19/2003 1:56:00 AM | Attr = ]
(Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1, 8, 54, 478 | Size = 819352 bytes | Modified Date = 4/30/2005 2:13:31 PM | Attr = ]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 1:38:08 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
-> -> File not found
CamMonitor -> %ProgramFiles%\HP\Digital Imaging\Unload\HpqCmon.exe -> [Ver = 2.0.0.133 | Size = 90112 bytes | Modified Date = 10/7/2002 6:23:20 AM | Attr = ]
Clear Cut -> %ProgramFiles%\ClearCut\streamer.exe -> GMA NMI Inc. [Ver = 1.00.0003 | Size = 126976 bytes | Modified Date = 7/26/2005 6:35:31 AM | Attr = ]
HPHmon05 -> %System32%\hphmon05.exe -> Hewlett-Packard [Ver = 5,0,84 | Size = 483328 bytes | Modified Date = 5/23/2003 1:55:38 AM | Attr = ]
hpsysdrv -> %SystemRoot%\system\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 5/7/1998 3:04:38 PM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 11/15/2007 1:11:04 PM | Attr = ]
KBD -> %SystemDrive%\hp\KBD\kbd.exe -> Hewlett-Packard Company [Ver = 1.0.2.0 | Size = 61440 bytes | Modified Date = 2/11/2003 7:02:48 PM | Attr = ]
Lexmark X1100 Series -> %ProgramFiles%\Lexmark X1100 Series\lxbkbmgr.exe -> Lexmark International, Inc. [Ver = 0.1.1.1 | Size = 57344 bytes | Modified Date = 8/19/2003 2:43:46 AM | Attr = ]
LTMSG -> %SystemRoot%\ltmsg.exe -> Agere Systems [Ver = 3, 0, 0, 4 | Size = 40960 bytes | Modified Date = 7/14/2003 4:52:44 PM | Attr = ]
Microsoft Works Update Detection -> %CommonProgramFiles%\Microsoft Shared\Works Shared\WkUFind.exe -> Microsoft® Corporation [Ver = 9.00.0912.0 | Size = 50688 bytes | Modified Date = 9/13/2003 9:36:52 PM | Attr = ]
NeroCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 11:50:42 AM | Attr = ]
PS2 -> %System32%\ps2.EXE -> Hewlett-Packard Company [Ver = 1.0.2.1 | Size = 81920 bytes | Modified Date = 7/31/2002 7:28:38 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.3.1 | Size = 286720 bytes | Modified Date = 12/11/2007 10:56:54 AM | Attr = ]
Recguard -> %SystemRoot%\SMINST\Recguard.exe -> [Ver = 1, 0, 0, 1 | Size = 212992 bytes | Modified Date = 9/13/2002 8:42:26 PM | Attr = ]
SSRunScript -> %ProgramFiles%\Support.com\Charter\bin\SSRunScript.exe -> [Ver = | Size = 40960 bytes | Modified Date = 2/19/2003 1:16:18 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:35 AM | Attr = ]
tgcmd -> %ProgramFiles%\Support.com\bin\tgcmd.exe -> Support.com, Inc. [Ver = 5,5,700,0 | Size = 1847296 bytes | Modified Date = 5/14/2003 2:21:28 AM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 4/27/2006 4:00:38 AM | Attr = ]
UMT0046 -> -> File not found
UpdateManager -> %CommonProgramFiles%\Sonic\Update Manager\sgtray.exe -> Sonic Solutions [Ver = 1.01.32a | Size = 110592 bytes | Modified Date = 8/19/2003 7:01:00 AM | Attr = ]
VTTimer -> %System32%\VTTimer.exe -> S3 Graphics, Inc. [Ver = 1.04.06-1020 | Size = 53248 bytes | Modified Date = 10/22/2004 11:53:06 AM | Attr = ]
zzzCamInSuiteIII -> E:\SETUP.EXE -> File not found
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
µTorrent -> %UserDesktop%\DANCING WITH TEH STARS 2 - CHERYL BURKE\utorrent.exe -> [Ver = | Size = 174163 bytes | Modified Date = 12/8/2006 2:20:37 AM | Attr = ]
Aim6 -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 10/4/2007 7:20:54 AM | Attr = ]
NVIEW -> %System32%\nview.dll -> NVIDIA Corporation [Ver = 6.14.10.4528 | Size = 852038 bytes | Modified Date = 8/19/2003 1:56:00 AM | Attr = ]
RecordNow! -> -> File not found
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 110592 bytes | Modified Date = 8/24/2000 1:16:34 PM | Attr = ]
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ]
%AllUsersStartup%\Compaq Connections.lnk -> %ProgramFiles%\Compaq Connections\1940576\Program\BackWeb-1940576.exe -> [Ver = | Size = 16384 bytes | Modified Date = 10/11/2003 4:42:55 AM | Attr = ]
%AllUsersStartup%\Dataviz Messenger.lnk -> %SystemRoot%\DvzCommon\DvzMsgr.exe -> [Ver = | Size = 24576 bytes | Modified Date = 7/1/2003 9:16:46 PM | Attr = ]
%AllUsersStartup%\HotSync Manager.lnk -> %ProgramFiles%\palmOne\Hotsync.exe -> PalmSource, Inc [Ver = 6.0.1 | Size = 471040 bytes | Modified Date = 6/9/2004 2:16:08 PM | Attr = ]
%AllUsersStartup%\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 5.31.0.147 | Size = 233472 bytes | Modified Date = 7/7/2003 7:20:40 AM | Attr = ]
< Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup ->
%UserStartup%\palmOne Registration.lnk -> %ProgramFiles%\palmOne\register.exe -> palmOne/Leader Technologies [Ver = 5.13 | Size = 2301952 bytes | Modified Date = 2/22/2005 11:31:52 AM | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3,0,0,2104 | Size = 315392 bytes | Modified Date = 4/7/2003 6:06:48 AM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< HOSTS File > (945 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft....k/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft....k/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft....k/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft....k/?LinkId=69157 ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Bar -> http://ie.search.msn...st/srchasst.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://go.microsoft....k/?LinkId=54896 ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://ie.search.msn...st/srchasst.htm[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\companion\Installs\cpn0\ycomp5_6_0_0.dll [Yahoo! Companion BHO] -> Yahoo! Inc. [Ver = 2005, 3, 4, 2 | Size = 327246 bytes | Modified Date = 3/4/2005 6:34:42 PM | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 4:16:42 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 8:05:30 PM | Attr = R ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 8:05:30 PM | Attr = R ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\companion\Installs\cpn0\ycomp5_6_0_0.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 3, 4, 2 | Size = 327246 bytes | Modified Date = 3/4/2005 6:34:42 PM | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{22D003CE-6952-46C5-80B9-D19B479620AB} [HKEY_LOCAL_MACHINE] -> %System32%\s1940.dll [Stumble&Upon] -> [Ver = 1, 0, 0, 0 | Size = 544768 bytes | Modified Date = 4/21/2006 2:05:37 PM | Attr = ]
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{22D003CE-6952-46C5-80B9-D19B479620AB} [HKEY_LOCAL_MACHINE] -> %System32%\s1940.dll [Stumble&Upon] -> [Ver = 1, 0, 0, 0 | Size = 544768 bytes | Modified Date = 4/21/2006 2:05:37 PM | Attr = ]
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 8:05:30 PM | Attr = R ]
WebBrowser\\{40D41A8B-D79B-43D7-99A7-9EE0F344C385} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM Toolbar\AIMBar.dll [AIM Search] -> File not found
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\companion\Installs\cpn0\ycomp5_6_0_0.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 3, 4, 2 | Size = 327246 bytes | Modified Date = 3/4/2005 6:34:42 PM | Attr = ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr = ]
{4528BBE0-4E08-11D5-AD55-00010333D0AD}:{4C171D40-8277-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Messenger\yhexbmes0411.dll [Messenger] -> Yahoo! Inc. [Ver = 2003, 4, 11, 1 | Size = 296120 bytes | Modified Date = 5/1/2004 12:01:34 AM | Attr = ]
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 8/5/2005 2:08:26 PM | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\ButtonText [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\CLSID [HKEY_LOCAL_MACHINE] -> [{0000031A-0000-0000-C000-000000000046}] -> File not found
{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\ClsidExtension [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\Default Visible [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\Exec [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\HotIcon [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\Icon [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %System32%\msjava.dll [Web Browser Applet Control] -> File not found
CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Messenger\yhexbmes0411.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2003, 4, 11, 1 | Size = 296120 bytes | Modified Date = 5/1/2004 12:01:34 AM | Attr = ]
CmdMapping\\{6685509E-B47B-4f47-8E16-9A5F3A62F683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 8/5/2005 2:08:26 PM | Attr = ]
CmdMapping\\{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.micro...d...=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{3D6FDA7B-6D49-4656-9684-9DF87657B92F} -> (1394 Net Adapter) ->
{BA2AB463-5919-4669-A7F4-A397D431C3AB} -> () ->
{DFCE7A33-37A7-4487-AC20-BC451993C5CA} -> (VIA Rhine II Fast Ethernet Adapter) ->
{F89B3A35-94C2-4D0E-9342-5902BB2B4CF4} -> (Motorola SURFboard 4100 USB Cable Modem) ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
Protocol_Catalog9\Catalog_Entries\000000000001 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000002 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000003 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000004 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000005 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000006 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000007 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000008 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000009 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000010 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000011 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000012 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000013 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000014 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000015 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000016 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000017 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000018 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000019 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000020 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000021 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000022 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000023 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000024 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000025 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000026 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000027 -> SSpSubLSP.dll -> File not found
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://a1540.g.akama...ex/qtplugin.cab[QuickTime Object] ->
{0B79F48A-E8D6-11DB-9283-E25056D89593}[HKEY_LOCAL_MACHINE] -> http://support.f-sec...m/ols/fscax.cab[F-Secure Online Scanner 3.1] ->
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}[HKEY_LOCAL_MACHINE] -> http://www.kaspersky...can_unicode.cab[CKAVWebScan Object] ->
{13EC55CF-D993-475B-9ACA-F4A384957956}[HKEY_LOCAL_MACHINE] -> https://www.windowso...nSSWebAgent.CAB[Controller Class] ->
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft....k/?LinkID=39204[Windows Genuine Advantage Validation Tool] ->
{19E28AFC-EAE3-4CE5-AC83-2407B42F57C9}[HKEY_LOCAL_MACHINE] -> http://download.micr...b?1083625511468[MSSecurityAdvisor Class] ->
{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}[HKEY_LOCAL_MACHINE] -> http://download.yaho...s/yinst0401.cab[YInstStarter Class] ->
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}[HKEY_LOCAL_MACHINE] -> http://office.micros...ontent/opuc.cab[Office Update Installation Engine] ->
{48DD0448-9209-4F81-9F6D-D83562940134}[HKEY_LOCAL_MACHINE] -> http://lads.myspace....ploader1005.cab[MySpace Uploader Control] ->
{4B48D5DF-9021-45F7-A240-60304302A215}[HKEY_LOCAL_MACHINE] -> http://download.micr.../WebCleaner.cab[Malicious Software Removal Tool] ->
{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0}[HKEY_LOCAL_MACHINE] -> http://upload.facebo...toUploader3.cab[Facebook Photo Uploader 4 Control] ->
{5F8469B4-B055-49DD-83F7-62B522420ECC}[HKEY_LOCAL_MACHINE] -> http://upload.facebo...otoUploader.cab[Facebook Photo Uploader Control] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.ma...t/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->
{90C9629E-CD32-11D3-BBFB-00105A1F0D68}[HKEY_LOCAL_MACHINE] -> http://www.installen...gine/isetup.cab[InstallShield International Setup Player] ->
{9D190AE6-C81E-4039-8061-978EBAD10073}[HKEY_LOCAL_MACHINE] -> http://support.f-sec.../ols3/fscax.cab[F-Secure Online Scanner 3.0] ->
{A17E30C4-A9BA-11D4-8673-60DB54C10000}[HKEY_LOCAL_MACHINE] -> http://us.dl1.yimg.c.../ymmapi_416.dll[YahooYMailTo Class] ->
{A8658086-E6AC-4957-BC8E-7D54A7E8A78E}[HKEY_LOCAL_MACHINE] -> http://www.microsoft...ols/SassCln.CAB[SassCln Object] ->
{B49C4597-8721-4789-9250-315DFBD9F525}[HKEY_LOCAL_MACHINE] -> http://cdn.digitalci....1.11_en_dl.cab[IWinAmpActiveX Class] ->
{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_02] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.ma...ent/swflash.cab[Shockwave Flash Object] ->


[Registry - Additional Scans - Non-Microsoft Only]
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ ->
Adobe Photo Downloader hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 6/6/2005 11:46:24 PM | Attr = ]
AlcxMonitor hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemRoot%\ALCXMNTR.EXE -> Realtek Semiconductor Corp. [Ver = 1.5 | Size = 57344 bytes | Modified Date = 9/7/2004 1:47:52 PM | Attr = ]
DIGStream hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\DIGStream\digstream.exe -> File not found
HotKeysCmds hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3,0,0,2104 | Size = 114688 bytes | Modified Date = 4/7/2003 6:07:38 AM | Attr = ]
QuickTime Task hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.3.1 | Size = 286720 bytes | Modified Date = 12/11/2007 10:56:54 AM | Attr = ]
TkBellExe hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 4/27/2006 4:00:38 AM | Attr = ]
WinampAgent hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Winamp\winampa.exe -> [Ver = | Size = 33792 bytes | Modified Date = 12/12/2003 4:50:34 PM | Attr = ]
Yahoo! Pager hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Yahoo!\Messenger\YPager.exe -> Yahoo! Inc. [Ver = 5, 6, 0, 1358 | Size = 1531904 bytes | Modified Date = 12/26/2003 2:57:44 PM | Attr = ]


[Files/Folders - Created Within 30 days]
Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 1/16/2008 7:40:01 AM | Attr = ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Created Date = 1/16/2008 7:45:48 AM | Attr = ]
4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
OEMINFO.PNF -> %System32%\OEMINFO.PNF -> [Ver = | Size = 3676 bytes | Created Date = 1/10/2008 5:36:01 AM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 1/21/2008 8:23:15 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 1/21/2008 8:23:15 AM | Attr = H ]

[Files/Folders - Modified Within 90 days]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 1/10/2008 3:11:51 AM | Attr = H ]
Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 1/16/2008 7:40:01 AM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 469291008 bytes | Modified Date = 1/21/2008 8:23:42 PM | Attr = HS]
IPH.PH -> %SystemDrive%\IPH.PH -> [Ver = | Size = 1345 bytes | Modified Date = 11/8/2007 9:56:42 AM | Attr = H ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 1/13/2008 6:17:49 PM | Attr = R ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 1/21/2008 8:23:15 AM | Attr = ]
quartz.dll -> %System32%\dllcache\quartz.dll -> [Ver = | Size = 1287680 bytes | Modified Date = 10/29/2007 2:43:03 PM | Attr = ]
secdrv.sys -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 2:25:53 AM | Attr = ]
bits -> %System32%\bits -> [Folder | Modified Date = 1/10/2008 3:05:01 AM | Attr = ]
4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 11/25/2007 6:23:56 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 1/23/2008 9:47:00 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 1/10/2008 3:05:01 AM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 1/10/2008 3:06:34 AM | Attr = ]
DRVSTORE -> %System32%\DRVSTORE -> [Folder | Modified Date = 1/10/2008 3:06:19 AM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 806696 bytes | Modified Date = 11/8/2007 9:09:58 PM | Attr = ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Modified Date = 1/16/2008 7:45:48 AM | Attr = ]
Macromed -> %System32%\Macromed -> [Folder | Modified Date = 12/8/2007 7:18:29 AM | Attr = ]
OEMINFO.PNF -> %System32%\OEMINFO.PNF -> [Ver = | Size = 3676 bytes | Modified Date = 1/10/2008 5:36:01 AM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 63016 bytes | Modified Date = 11/6/2007 7:22:45 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 402406 bytes | Modified Date = 11/6/2007 7:22:46 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 473400 bytes | Modified Date = 11/6/2007 7:22:45 PM | Attr = ]
quartz.dll -> %System32%\quartz.dll -> [Ver = | Size = 1287680 bytes | Modified Date = 10/29/2007 2:43:03 PM | Attr = ]
QuickTime.qts -> %System32%\QuickTime.qts -> Apple Inc. [Ver = 7.3.1 | Size = 49152 bytes | Modified Date = 12/11/2007 10:57:06 AM | Attr = ]
QuickTimeVR.qtx -> %System32%\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.3.1 | Size = 65536 bytes | Modified Date = 12/11/2007 10:57:06 AM | Attr = ]
thxcfg.ini -> %System32%\thxcfg.ini -> [Ver = | Size = 32 bytes | Modified Date = 12/21/2007 7:55:09 AM | Attr = ]
web -> %System32%\web -> [Folder | Modified Date = 1/21/2008 8:24:45 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 1/21/2008 8:25:18 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 1/10/2008 3:04:09 AM | Attr = H ]
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 11/8/2007 8:22:16 PM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 1/21/2008 8:23:43 PM | Attr = S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 1/16/2008 7:45:50 AM | Attr = S]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 11/8/2007 8:20:32 PM | Attr = R S]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 12/12/2007 3:05:30 AM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 1/10/2008 3:05:09 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 1/16/2008 7:45:48 AM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 1/10/2008 3:07:28 AM | Attr = HS]
lexstat.ini -> %SystemRoot%\lexstat.ini -> [Ver = | Size = 765 bytes | Modified Date = 1/12/2008 7:42:46 AM | Attr = ]
mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 15523 bytes | Modified Date = 11/22/2007 10:37:03 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 1/25/2008 1:20:21 AM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 1/21/2008 8:23:15 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 1/21/2008 8:23:57 PM | Attr = H ]
SxsCaPendDel -> %SystemRoot%\SxsCaPendDel -> [Folder | Modified Date = 11/17/2007 12:04:14 AM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 1/16/2008 7:45:48 AM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 11/16/2007 2:31:44 PM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 1/24/2008 3:17:50 AM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 467 bytes | Modified Date = 12/12/2007 3:03:53 AM | Attr = ]
winamp.ini -> %SystemRoot%\winamp.ini -> [Ver = | Size = 1125 bytes | Modified Date = 1/14/2008 8:33:02 PM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 1/19/2008 12:29:06 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 1/21/2008 8:23:48 PM | Attr = H ]
Spybot - Search & Destroy - Scheduled Task.job -> %SystemRoot%\tasks\Spybot - Search & Destroy - Scheduled Task.job -> [Ver = | Size = 306 bytes | Modified Date = 1/24/2008 10:00:00 AM | Attr = ]

[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 738
< Document and Settings folder & sub folders >
scanning hidden files ...
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\.limewire\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's downloads\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\April-Liesel Collection\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\Menez Event\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\bing jpegs\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\bing jpegs\Travel pics\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\Candid Shots\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\Diancin_Latimer\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\eBusiness\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\for splashClock\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\jpgs scene\My Dream Car\My Luxury Coach\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\jpgs scene\My Dream Car\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\jpgs scene\My Dream House\Desert Oasis\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\jpgs scene\My Dream House\Ocean Dreams\23324 MALIBU COLONY ROAD\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\jpgs scene\My Dream House\Ocean Dreams\32013 Point Pl LB\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\jpgs scene\My Dream House\Ocean Dreams\Coastal Homes\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\jpgs scene\My Dream House\Ocean Dreams\Malibu Colon\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\jpgs scene\My Dream House\Ocean Dreams\Paradise Cove- Malibu\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\jpgs scene\My Dream House\Ocean Dreams\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\jpgs scene\My Dream House\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\jpgs scene\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\jpgs scene\Laguna Beach\My Dream Vacation\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\jpgs scene\Laguna Beach\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\Social events\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\USTHS68\reunion2\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\USTHS68\reunion2\ustwebsite\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\USTHS68\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Empower-your-vision\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Humor_Inspiration\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\My Space\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Pope JPII Funeral homily_files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\TungstenE\PhotoDesktop\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\TungstenE\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\my space\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\my space\images\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\camera stuff\591 Park Avenue Townhome\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\camera stuff\adjustedpix\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\camera stuff\December 2007\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\camera stuff\fourth batch\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\camera stuff\jan282007\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\camera stuff\JULY\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\camera stuff\second batch\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\camera stuff\Sept\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\camera stuff\THIRD BATCH\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\camera stuff\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\camera stuff\TOT\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\camera stuff\TOT\TOT 2\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\camera stuff\TOT\TOT 2\totsc2\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\camera stuff\TOT\TOT 3\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\camera stuff\TOT\TOT 3B\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\camera stuff\TOT\TOT 4\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\camera stuff\TOT\TOT 5\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\camera stuff\June Folder 1\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\Carrols Wedding Pictures\2006-11 (Nov)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DANCING WITH TEH STARS 2 - CHERYL BURKE\dancing with the stars s03e01-04 usa 2006\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DANCING WITH TEH STARS 2 - CHERYL BURKE\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DANCING WITH THE STARS 3 - CHERYL BURKE\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\Running With Scissors Extra Pix\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\SB's FOLDER\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\THOB WEBSITE PROJECTS\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\Roman Catholic Cardinals\college\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\Roman Catholic Cardinals\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\New Folder\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\old computer contents\777\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\old computer contents\batch 12\THE HOUSE OF BINAPRI THE OFFICIAL WEBSITE OF APRIL-LIESEL BINAPRI!_files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\old computer contents\batch eight\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\old computer contents\batch five from old computer\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\old computer contents\batch four from old computer\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\old computer contents\batch seven\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\old computer contents\batch six contents from old computer\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\old computer contents\batch three from old computer\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\old computer contents\batch two from old computer\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\old computer contents\THE HOUSE OF BINAPRI THE OFFICIAL WEBSITE OF APRIL-LIESEL BINAPRI!2_files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\old computer contents\THE HOUSE OF BINAPRI THE OFFICIAL WEBSITE OF APRIL-LIESEL BINAPRI!_files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\old computer contents\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\wavs\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\Cardinals By Consistory\profile pix\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\Cardinals By Consistory\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\catholic music\Thumbs.db:encryptable 0 bytes

Edited by MOB1977, 25 January 2008 - 03:46 AM.

  • 0

#13
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Start WinPFind35U. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> UMT0046 ->
YN -> zzzCamInSuiteIII -> E:\SETUP.EXE
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> RecordNow! ->
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{40D41A8B-D79B-43D7-99A7-9EE0F344C385} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM Toolbar\AIMBar.dll [AIM Search]
YN -> WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\ButtonText [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\CLSID [HKEY_LOCAL_MACHINE] -> [{0000031A-0000-0000-C000-000000000046}]
YN -> {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\ClsidExtension [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\Default Visible [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\Exec [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\HotIcon [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\Icon [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %System32%\msjava.dll [Web Browser Applet Control]
YN -> CmdMapping\\{6685509E-B47B-4f47-8E16-9A5F3A62F683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
[Registry - Additional Scans - Non-Microsoft Only]
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
YY -> AlcxMonitor hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemRoot%\ALCXMNTR.EXE
YN -> DIGStream hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\DIGStream\digstream.exe
[Files/Folders - Created Within 30 days]
YN -> 4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
[Files/Folders - Modified Within 90 days]
YN -> 4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
YY -> thxcfg.ini -> %System32%\thxcfg.ini
YN -> 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Start Explorer]
[Reboot]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind3u scan(attach the WinPFind3 scan report).

I will review the information when it comes back in.


Also post a new HijackThis log and tell me how your PC is running
  • 0

#14
MOB1977

MOB1977

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hello Rorschach112,

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind3u scan(attach the WinPFind3 scan report).

I will review the information when it comes back in.


I did the first step and it said it had to reboot my computer. So my cousin said she chose to reboot it. And when my computer restarted no popup came up with a NotePad with the actions taken during the fix happened. :) I don't know what happened?

Oh and for some time now whenever the computer restarts I get the two following prompt errors

The first one goes like

"Run-time error '9'
Subscript out of Range

And the next one goes something to the effect of:

Could not load target dll(C:\Program Files\BackWeb\BackWeb Client\6.2.3.bbl\Program BackWeb.dll", error code 126)

Edited by MOB1977, 25 January 2008 - 11:06 AM.

  • 0

#15
MOB1977

MOB1977

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Here's the WinPFind35 scan


WinPFind35 logfile created on: 1/25/2008 8:41:59 AM
WinPFind35U Version Beta37 Folder = C:\Documents and Settings\Owner\Desktop\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)

447.48 Mb Total Physical Memory | 78.89 Mb Available Physical Memory | 17.63% Memory free
1.69 Gb Paging File | 1.35 Gb Available in Paging File | 79.85% Paging File free
Paging file location(s): C:\pagefile.sys 1344 1344;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.89 Gb Total Space | 0.99 Gb Free Space | 0.69% Space Free | Partition Type: NTFS
Drive D: | 5.14 Gb Total Space | 0.96 Gb Free Space | 18.71% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: YOUR-W04GTXLD67
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 5 | Size = 587096 bytes | Modified Date = 10/29/2007 1:27:04 PM | Attr = ]
lexbces.exe -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.29 | Size = 303104 bytes | Modified Date = 8/18/2003 2:37:09 AM | Attr = ]
lexpps.exe -> %System32%\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 8.29 | Size = 174592 bytes | Modified Date = 8/18/2003 2:32:55 AM | Attr = ]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 10/31/2007 2:09:16 PM | Attr = ]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1, 8, 54, 478 | Size = 819352 bytes | Modified Date = 4/30/2005 2:13:31 PM | Attr = ]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 1:38:08 PM | Attr = ]
wkufind.exe -> %CommonProgramFiles%\Microsoft Shared\Works Shared\WkUFind.exe -> Microsoft® Corporation [Ver = 9.00.0912.0 | Size = 50688 bytes | Modified Date = 9/13/2003 9:36:52 PM | Attr = ]
ltmsg.exe -> %SystemRoot%\ltmsg.exe -> Agere Systems [Ver = 3, 0, 0, 4 | Size = 40960 bytes | Modified Date = 7/14/2003 4:52:44 PM | Attr = ]
kbd.exe -> %SystemDrive%\hp\KBD\kbd.exe -> Hewlett-Packard Company [Ver = 1.0.2.0 | Size = 61440 bytes | Modified Date = 2/11/2003 7:02:48 PM | Attr = ]
hpsysdrv.exe -> %SystemRoot%\system\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 5/7/1998 3:04:38 PM | Attr = ]
hphmon05.exe -> %System32%\hphmon05.exe -> Hewlett-Packard [Ver = 5,0,84 | Size = 483328 bytes | Modified Date = 5/23/2003 1:55:38 AM | Attr = ]
hpqcmon.exe -> %ProgramFiles%\HP\Digital Imaging\Unload\HpqCmon.exe -> [Ver = 2.0.0.133 | Size = 90112 bytes | Modified Date = 10/7/2002 6:23:20 AM | Attr = ]
vttimer.exe -> %System32%\VTTimer.exe -> S3 Graphics, Inc. [Ver = 1.04.06-1020 | Size = 53248 bytes | Modified Date = 10/22/2004 11:53:06 AM | Attr = ]
lxbkbmgr.exe -> %ProgramFiles%\Lexmark X1100 Series\lxbkbmgr.exe -> Lexmark International, Inc. [Ver = 0.1.1.1 | Size = 57344 bytes | Modified Date = 8/19/2003 2:43:46 AM | Attr = ]
lxbkbmon.exe -> %ProgramFiles%\Lexmark X1100 Series\lxbkbmon.exe -> Lexmark International, Inc. [Ver = 0.1.1.1 | Size = 53248 bytes | Modified Date = 8/19/2003 3:00:39 AM | Attr = ]
tgcmd.exe -> %ProgramFiles%\Support.com\bin\tgcmd.exe -> Support.com, Inc. [Ver = 5,5,700,0 | Size = 1847296 bytes | Modified Date = 5/14/2003 2:21:28 AM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 4/27/2006 4:00:38 AM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:35 AM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 11/15/2007 1:11:04 PM | Attr = ]
aim6.exe -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 10/4/2007 7:20:54 AM | Attr = ]
dvzmsgr.exe -> %SystemRoot%\DvzCommon\DvzMsgr.exe -> [Ver = | Size = 24576 bytes | Modified Date = 7/1/2003 9:16:46 PM | Attr = ]
hotsync.exe -> %ProgramFiles%\palmOne\Hotsync.exe -> PalmSource, Inc [Ver = 6.0.1 | Size = 471040 bytes | Modified Date = 6/9/2004 2:16:08 PM | Attr = ]
hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 5.31.0.147 | Size = 233472 bytes | Modified Date = 7/7/2003 7:20:40 AM | Attr = ]
aolsoftware.exe -> %ProgramFiles%\AIM6\aolsoftware.exe -> AOL LLC [Ver = 15.5.1.2 | Size = 42032 bytes | Modified Date = 5/25/2007 9:16:08 AM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 11/15/2007 1:10:54 PM | Attr = ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 307712 bytes | Modified Date = 1/24/2008 5:27:04 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 5 | Size = 587096 bytes | Modified Date = 10/29/2007 1:27:04 PM | Attr = ]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 10/31/2007 2:09:16 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/3/2004 11:56:48 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/3/2005 11:41:10 PM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 11/15/2007 1:10:54 PM | Attr = ]
(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.29 | Size = 303104 bytes | Modified Date = 8/18/2003 2:37:09 AM | Attr = ]
(NVSvc) NVIDIA Driver Helper Service [Win32_Own | Auto | Stopped] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.4528 | Size = 77824 bytes | Modified Date = 8/19/2003 1:56:00 AM | Attr = ]
(Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1, 8, 54, 478 | Size = 819352 bytes | Modified Date = 4/30/2005 2:13:31 PM | Attr = ]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 1:38:08 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
-> -> File not found
CamMonitor -> %ProgramFiles%\HP\Digital Imaging\Unload\HpqCmon.exe -> [Ver = 2.0.0.133 | Size = 90112 bytes | Modified Date = 10/7/2002 6:23:20 AM | Attr = ]
Clear Cut -> %ProgramFiles%\ClearCut\streamer.exe -> GMA NMI Inc. [Ver = 1.00.0003 | Size = 126976 bytes | Modified Date = 7/26/2005 6:35:31 AM | Attr = ]
HPHmon05 -> %System32%\hphmon05.exe -> Hewlett-Packard [Ver = 5,0,84 | Size = 483328 bytes | Modified Date = 5/23/2003 1:55:38 AM | Attr = ]
hpsysdrv -> %SystemRoot%\system\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 5/7/1998 3:04:38 PM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 11/15/2007 1:11:04 PM | Attr = ]
KBD -> %SystemDrive%\hp\KBD\kbd.exe -> Hewlett-Packard Company [Ver = 1.0.2.0 | Size = 61440 bytes | Modified Date = 2/11/2003 7:02:48 PM | Attr = ]
Lexmark X1100 Series -> %ProgramFiles%\Lexmark X1100 Series\lxbkbmgr.exe -> Lexmark International, Inc. [Ver = 0.1.1.1 | Size = 57344 bytes | Modified Date = 8/19/2003 2:43:46 AM | Attr = ]
LTMSG -> %SystemRoot%\ltmsg.exe -> Agere Systems [Ver = 3, 0, 0, 4 | Size = 40960 bytes | Modified Date = 7/14/2003 4:52:44 PM | Attr = ]
Microsoft Works Update Detection -> %CommonProgramFiles%\Microsoft Shared\Works Shared\WkUFind.exe -> Microsoft® Corporation [Ver = 9.00.0912.0 | Size = 50688 bytes | Modified Date = 9/13/2003 9:36:52 PM | Attr = ]
NeroCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 11:50:42 AM | Attr = ]
PS2 -> %System32%\ps2.EXE -> Hewlett-Packard Company [Ver = 1.0.2.1 | Size = 81920 bytes | Modified Date = 7/31/2002 7:28:38 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.3.1 | Size = 286720 bytes | Modified Date = 12/11/2007 10:56:54 AM | Attr = ]
Recguard -> %SystemRoot%\SMINST\Recguard.exe -> [Ver = 1, 0, 0, 1 | Size = 212992 bytes | Modified Date = 9/13/2002 8:42:26 PM | Attr = ]
SSRunScript -> %ProgramFiles%\Support.com\Charter\bin\SSRunScript.exe -> [Ver = | Size = 40960 bytes | Modified Date = 2/19/2003 1:16:18 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:35 AM | Attr = ]
tgcmd -> %ProgramFiles%\Support.com\bin\tgcmd.exe -> Support.com, Inc. [Ver = 5,5,700,0 | Size = 1847296 bytes | Modified Date = 5/14/2003 2:21:28 AM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 4/27/2006 4:00:38 AM | Attr = ]
UpdateManager -> %CommonProgramFiles%\Sonic\Update Manager\sgtray.exe -> Sonic Solutions [Ver = 1.01.32a | Size = 110592 bytes | Modified Date = 8/19/2003 7:01:00 AM | Attr = ]
VTTimer -> %System32%\VTTimer.exe -> S3 Graphics, Inc. [Ver = 1.04.06-1020 | Size = 53248 bytes | Modified Date = 10/22/2004 11:53:06 AM | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
µTorrent -> %UserDesktop%\DANCING WITH TEH STARS 2 - CHERYL BURKE\utorrent.exe -> [Ver = | Size = 174163 bytes | Modified Date = 12/8/2006 2:20:37 AM | Attr = ]
Aim6 -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 10/4/2007 7:20:54 AM | Attr = ]
NVIEW -> %System32%\nview.dll -> NVIDIA Corporation [Ver = 6.14.10.4528 | Size = 852038 bytes | Modified Date = 8/19/2003 1:56:00 AM | Attr = ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 110592 bytes | Modified Date = 8/24/2000 1:16:34 PM | Attr = ]
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ]
%AllUsersStartup%\Compaq Connections.lnk -> %ProgramFiles%\Compaq Connections\1940576\Program\BackWeb-1940576.exe -> [Ver = | Size = 16384 bytes | Modified Date = 10/11/2003 4:42:55 AM | Attr = ]
%AllUsersStartup%\Dataviz Messenger.lnk -> %SystemRoot%\DvzCommon\DvzMsgr.exe -> [Ver = | Size = 24576 bytes | Modified Date = 7/1/2003 9:16:46 PM | Attr = ]
%AllUsersStartup%\HotSync Manager.lnk -> %ProgramFiles%\palmOne\Hotsync.exe -> PalmSource, Inc [Ver = 6.0.1 | Size = 471040 bytes | Modified Date = 6/9/2004 2:16:08 PM | Attr = ]
%AllUsersStartup%\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 5.31.0.147 | Size = 233472 bytes | Modified Date = 7/7/2003 7:20:40 AM | Attr = ]
< Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup ->
%UserStartup%\palmOne Registration.lnk -> %ProgramFiles%\palmOne\register.exe -> palmOne/Leader Technologies [Ver = 5.13 | Size = 2301952 bytes | Modified Date = 2/22/2005 11:31:52 AM | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3,0,0,2104 | Size = 315392 bytes | Modified Date = 4/7/2003 6:06:48 AM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< HOSTS File > (945 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft....k/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft....k/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft....k/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft....k/?LinkId=69157 ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Bar -> http://ie.search.msn...st/srchasst.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://go.microsoft....k/?LinkId=54896 ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://ie.search.msn...st/srchasst.htm[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\companion\Installs\cpn0\ycomp5_6_0_0.dll [Yahoo! Companion BHO] -> Yahoo! Inc. [Ver = 2005, 3, 4, 2 | Size = 327246 bytes | Modified Date = 3/4/2005 6:34:42 PM | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 4:16:42 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 8:05:30 PM | Attr = R ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 8:05:30 PM | Attr = R ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\companion\Installs\cpn0\ycomp5_6_0_0.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 3, 4, 2 | Size = 327246 bytes | Modified Date = 3/4/2005 6:34:42 PM | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{22D003CE-6952-46C5-80B9-D19B479620AB} [HKEY_LOCAL_MACHINE] -> %System32%\s1940.dll [Stumble&Upon] -> [Ver = 1, 0, 0, 0 | Size = 544768 bytes | Modified Date = 4/21/2006 2:05:37 PM | Attr = ]
WebBrowser\\{22D003CE-6952-46C5-80B9-D19B479620AB} [HKEY_LOCAL_MACHINE] -> %System32%\s1940.dll [Stumble&Upon] -> [Ver = 1, 0, 0, 0 | Size = 544768 bytes | Modified Date = 4/21/2006 2:05:37 PM | Attr = ]
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 8:05:30 PM | Attr = R ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\companion\Installs\cpn0\ycomp5_6_0_0.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 3, 4, 2 | Size = 327246 bytes | Modified Date = 3/4/2005 6:34:42 PM | Attr = ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr = ]
{4528BBE0-4E08-11D5-AD55-00010333D0AD}:{4C171D40-8277-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Messenger\yhexbmes0411.dll [Messenger] -> Yahoo! Inc. [Ver = 2003, 4, 11, 1 | Size = 296120 bytes | Modified Date = 5/1/2004 12:01:34 AM | Attr = ]
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 8/5/2005 2:08:26 PM | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Messenger\yhexbmes0411.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2003, 4, 11, 1 | Size = 296120 bytes | Modified Date = 5/1/2004 12:01:34 AM | Attr = ]
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 8/5/2005 2:08:26 PM | Attr = ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.micro...d...=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{3D6FDA7B-6D49-4656-9684-9DF87657B92F} -> (1394 Net Adapter) ->
{BA2AB463-5919-4669-A7F4-A397D431C3AB} -> () ->
{DFCE7A33-37A7-4487-AC20-BC451993C5CA} -> (VIA Rhine II Fast Ethernet Adapter) ->
{F89B3A35-94C2-4D0E-9342-5902BB2B4CF4} -> (Motorola SURFboard 4100 USB Cable Modem) ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
Protocol_Catalog9\Catalog_Entries\000000000001 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000002 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000003 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000004 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000005 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000006 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000007 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000008 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000009 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000010 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000011 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000012 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000013 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000014 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000015 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000016 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000017 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000018 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000019 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000020 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000021 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000022 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000023 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000024 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000025 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000026 -> SSpSubLSP.dll -> File not found
Protocol_Catalog9\Catalog_Entries\000000000027 -> SSpSubLSP.dll -> File not found
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://a1540.g.akama...ex/qtplugin.cab[QuickTime Object] ->
{0B79F48A-E8D6-11DB-9283-E25056D89593}[HKEY_LOCAL_MACHINE] -> http://support.f-sec...m/ols/fscax.cab[F-Secure Online Scanner 3.1] ->
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}[HKEY_LOCAL_MACHINE] -> http://www.kaspersky...can_unicode.cab[CKAVWebScan Object] ->
{13EC55CF-D993-475B-9ACA-F4A384957956}[HKEY_LOCAL_MACHINE] -> https://www.windowso...nSSWebAgent.CAB[Controller Class] ->
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft....k/?LinkID=39204[Windows Genuine Advantage Validation Tool] ->
{19E28AFC-EAE3-4CE5-AC83-2407B42F57C9}[HKEY_LOCAL_MACHINE] -> http://download.micr...b?1083625511468[MSSecurityAdvisor Class] ->
{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}[HKEY_LOCAL_MACHINE] -> http://download.yaho...s/yinst0401.cab[YInstStarter Class] ->
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}[HKEY_LOCAL_MACHINE] -> http://office.micros...ontent/opuc.cab[Office Update Installation Engine] ->
{48DD0448-9209-4F81-9F6D-D83562940134}[HKEY_LOCAL_MACHINE] -> http://lads.myspace....ploader1005.cab[MySpace Uploader Control] ->
{4B48D5DF-9021-45F7-A240-60304302A215}[HKEY_LOCAL_MACHINE] -> http://download.micr.../WebCleaner.cab[Malicious Software Removal Tool] ->
{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0}[HKEY_LOCAL_MACHINE] -> http://upload.facebo...toUploader3.cab[Facebook Photo Uploader 4 Control] ->
{5F8469B4-B055-49DD-83F7-62B522420ECC}[HKEY_LOCAL_MACHINE] -> http://upload.facebo...otoUploader.cab[Facebook Photo Uploader Control] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.ma...t/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->
{90C9629E-CD32-11D3-BBFB-00105A1F0D68}[HKEY_LOCAL_MACHINE] -> http://www.installen...gine/isetup.cab[InstallShield International Setup Player] ->
{9D190AE6-C81E-4039-8061-978EBAD10073}[HKEY_LOCAL_MACHINE] -> http://support.f-sec.../ols3/fscax.cab[F-Secure Online Scanner 3.0] ->
{A17E30C4-A9BA-11D4-8673-60DB54C10000}[HKEY_LOCAL_MACHINE] -> http://us.dl1.yimg.c.../ymmapi_416.dll[YahooYMailTo Class] ->
{A8658086-E6AC-4957-BC8E-7D54A7E8A78E}[HKEY_LOCAL_MACHINE] -> http://www.microsoft...ols/SassCln.CAB[SassCln Object] ->
{B49C4597-8721-4789-9250-315DFBD9F525}[HKEY_LOCAL_MACHINE] -> http://cdn.digitalci....1.11_en_dl.cab[IWinAmpActiveX Class] ->
{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_02] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.ma...ent/swflash.cab[Shockwave Flash Object] ->


[Registry - Additional Scans - Non-Microsoft Only]
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ ->
Adobe Photo Downloader hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 6/6/2005 11:46:24 PM | Attr = ]
AlcxMonitor hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> ALCXMNTR.EXE -> File not found
DIGStream hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\DIGStream\digstream.exe -> File not found
HotKeysCmds hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3,0,0,2104 | Size = 114688 bytes | Modified Date = 4/7/2003 6:07:38 AM | Attr = ]
QuickTime Task hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.3.1 | Size = 286720 bytes | Modified Date = 12/11/2007 10:56:54 AM | Attr = ]
TkBellExe hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 4/27/2006 4:00:38 AM | Attr = ]
WinampAgent hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Winamp\winampa.exe -> [Ver = | Size = 33792 bytes | Modified Date = 12/12/2003 4:50:34 PM | Attr = ]
Yahoo! Pager hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Yahoo!\Messenger\YPager.exe -> Yahoo! Inc. [Ver = 5, 6, 0, 1358 | Size = 1531904 bytes | Modified Date = 12/26/2003 2:57:44 PM | Attr = ]


[Files/Folders - Created Within 90 days]
Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 1/16/2008 7:40:01 AM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 469291008 bytes | Created Date = 12/4/2007 4:55:58 PM | Attr = HS]
quartz.dll -> %System32%\dllcache\quartz.dll -> [Ver = | Size = 1287680 bytes | Created Date = 10/29/2007 2:43:03 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 11/28/2007 8:51:20 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 11/28/2007 8:51:20 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 11/28/2007 8:51:20 PM | Attr = ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Created Date = 1/16/2008 7:45:48 AM | Attr = ]
OEMINFO.PNF -> %System32%\OEMINFO.PNF -> [Ver = | Size = 3676 bytes | Created Date = 1/10/2008 5:36:01 AM | Attr = ]
QuickTime.qts -> %System32%\QuickTime.qts -> Apple Inc. [Ver = 7.3.1 | Size = 49152 bytes | Created Date = 12/11/2007 10:57:06 AM | Attr = ]
QuickTimeVR.qtx -> %System32%\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.3.1 | Size = 65536 bytes | Created Date = 12/11/2007 10:57:06 AM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 1/21/2008 8:23:15 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 1/21/2008 8:23:15 AM | Attr = H ]
SxsCaPendDel -> %SystemRoot%\SxsCaPendDel -> [Folder | Created Date = 11/16/2007 11:52:33 PM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Created Date = 11/16/2007 2:31:44 PM | Attr = ]

[Files/Folders - Modified Within 90 days]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 1/10/2008 3:11:51 AM | Attr = H ]
Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 1/16/2008 7:40:01 AM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 469291008 bytes | Modified Date = 1/25/2008 8:02:16 AM | Attr = HS]
IPH.PH -> %SystemDrive%\IPH.PH -> [Ver = | Size = 1345 bytes | Modified Date = 11/8/2007 9:56:42 AM | Attr = H ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 1/13/2008 6:17:49 PM | Attr = R ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 1/25/2008 7:58:43 AM | Attr = ]
quartz.dll -> %System32%\dllcache\quartz.dll -> [Ver = | Size = 1287680 bytes | Modified Date = 10/29/2007 2:43:03 PM | Attr = ]
secdrv.sys -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 2:25:53 AM | Attr = ]
bits -> %System32%\bits -> [Folder | Modified Date = 1/10/2008 3:05:01 AM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 11/25/2007 6:23:56 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 1/25/2008 8:02:55 AM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 1/10/2008 3:05:01 AM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 1/10/2008 3:06:34 AM | Attr = ]
DRVSTORE -> %System32%\DRVSTORE -> [Folder | Modified Date = 1/10/2008 3:06:19 AM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 806696 bytes | Modified Date = 11/8/2007 9:09:58 PM | Attr = ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Modified Date = 1/16/2008 7:45:48 AM | Attr = ]
Macromed -> %System32%\Macromed -> [Folder | Modified Date = 12/8/2007 7:18:29 AM | Attr = ]
OEMINFO.PNF -> %System32%\OEMINFO.PNF -> [Ver = | Size = 3676 bytes | Modified Date = 1/10/2008 5:36:01 AM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 63016 bytes | Modified Date = 11/6/2007 7:22:45 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 402406 bytes | Modified Date = 11/6/2007 7:22:46 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 473400 bytes | Modified Date = 11/6/2007 7:22:45 PM | Attr = ]
quartz.dll -> %System32%\quartz.dll -> [Ver = | Size = 1287680 bytes | Modified Date = 10/29/2007 2:43:03 PM | Attr = ]
QuickTime.qts -> %System32%\QuickTime.qts -> Apple Inc. [Ver = 7.3.1 | Size = 49152 bytes | Modified Date = 12/11/2007 10:57:06 AM | Attr = ]
QuickTimeVR.qtx -> %System32%\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.3.1 | Size = 65536 bytes | Modified Date = 12/11/2007 10:57:06 AM | Attr = ]
web -> %System32%\web -> [Folder | Modified Date = 1/25/2008 8:06:31 AM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 1/25/2008 8:03:09 AM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 1/10/2008 3:04:09 AM | Attr = H ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 11/8/2007 8:22:16 PM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 1/25/2008 8:02:17 AM | Attr = S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 1/16/2008 7:45:50 AM | Attr = S]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 11/8/2007 8:20:32 PM | Attr = R S]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 12/12/2007 3:05:30 AM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 1/10/2008 3:05:09 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 1/16/2008 7:45:48 AM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 1/10/2008 3:07:28 AM | Attr = HS]
lexstat.ini -> %SystemRoot%\lexstat.ini -> [Ver = | Size = 765 bytes | Modified Date = 1/12/2008 7:42:46 AM | Attr = ]
mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 15523 bytes | Modified Date = 11/22/2007 10:37:03 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 1/25/2008 1:23:26 AM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 1/21/2008 8:23:15 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 1/25/2008 8:03:48 AM | Attr = H ]
SxsCaPendDel -> %SystemRoot%\SxsCaPendDel -> [Folder | Modified Date = 11/17/2007 12:04:14 AM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 1/25/2008 7:58:43 AM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 11/16/2007 2:31:44 PM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 1/25/2008 8:05:34 AM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 467 bytes | Modified Date = 12/12/2007 3:03:53 AM | Attr = ]
winamp.ini -> %SystemRoot%\winamp.ini -> [Ver = | Size = 1125 bytes | Modified Date = 1/14/2008 8:33:02 PM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 1/19/2008 12:29:06 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 1/25/2008 8:02:22 AM | Attr = H ]
Spybot - Search & Destroy - Scheduled Task.job -> %SystemRoot%\tasks\Spybot - Search & Destroy - Scheduled Task.job -> [Ver = | Size = 306 bytes | Modified Date = 1/24/2008 10:00:00 AM | Attr = ]

[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 738
< Document and Settings folder & sub folders >
scanning hidden files ...
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\.limewire\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's downloads\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\April-Liesel Collection\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\Menez Event\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\bing jpegs\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\bing jpegs\Travel pics\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\Candid Shots\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\Diancin_Latimer\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\eBusiness\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\for splashClock\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\jpgs scene\My Dream Car\My Luxury Coach\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\jpgs scene\My Dream Car\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\jpgs scene\My Dream House\Desert Oasis\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\jpgs scene\My Dream House\Ocean Dreams\23324 MALIBU COLONY ROAD\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\jpgs scene\My Dream House\Ocean Dreams\32013 Point Pl LB\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\jpgs scene\My Dream House\Ocean Dreams\Coastal Homes\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\jpgs scene\My Dream House\Ocean Dreams\Malibu Colon\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\jpgs scene\My Dream House\Ocean Dreams\Paradise Cove- Malibu\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\jpgs scene\My Dream House\Ocean Dreams\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\jpgs scene\My Dream House\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\jpgs scene\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\jpgs scene\Laguna Beach\My Dream Vacation\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\jpgs scene\Laguna Beach\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\Social events\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\USTHS68\reunion2\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\USTHS68\reunion2\ustwebsite\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Bing's pics\USTHS68\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Empower-your-vision\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Humor_Inspiration\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\My Space\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Pope JPII Funeral homily_files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\TungstenE\PhotoDesktop\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\BINGs Documents\TungstenE\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\my space\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\my space\images\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\camera stuff\591 Park Avenue Townhome\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\camera stuff\adjustedpix\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\camera stuff\December 2007\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\camera stuff\fourth batch\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\camera stuff\jan282007\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\camera stuff\JULY\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\camera stuff\second batch\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\camera stuff\Sept\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\camera stuff\THIRD BATCH\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\camera stuff\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\camera stuff\TOT\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\camera stuff\TOT\TOT 2\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\camera stuff\TOT\TOT 2\totsc2\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\camera stuff\TOT\TOT 3\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\camera stuff\TOT\TOT 3B\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\camera stuff\TOT\TOT 4\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\camera stuff\TOT\TOT 5\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\camera stuff\June Folder 1\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\Carrols Wedding Pictures\2006-11 (Nov)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DANCING WITH TEH STARS 2 - CHERYL BURKE\dancing with the stars s03e01-04 usa 2006\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DANCING WITH TEH STARS 2 - CHERYL BURKE\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DANCING WITH THE STARS 3 - CHERYL BURKE\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\Running With Scissors Extra Pix\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\SB's FOLDER\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\THOB WEBSITE PROJECTS\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\Roman Catholic Cardinals\college\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\Roman Catholic Cardinals\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\New Folder\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\old computer contents\777\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\old computer contents\batch 12\THE HOUSE OF BINAPRI THE OFFICIAL WEBSITE OF APRIL-LIESEL BINAPRI!_files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\old computer contents\batch eight\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\old computer contents\batch five from old computer\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\old computer contents\batch four from old computer\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\old computer contents\batch seven\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\old computer contents\batch six contents from old computer\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\old computer contents\batch three from old computer\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\old computer contents\batch two from old computer\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\old computer contents\THE HOUSE OF BINAPRI THE OFFICIAL WEBSITE OF APRIL-LIESEL BINAPRI!2_files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\old computer contents\THE HOUSE OF BINAPRI THE OFFICIAL WEBSITE OF APRIL-LIESEL BINAPRI!_files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\old computer contents\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\wavs\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\Cardinals By Consistory\profile pix\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\Cardinals By Consistory\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\catholic music\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\catholic stuff\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\catholic stuff\cache_files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\catholic stuff\4405997.stm_files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\catholic stuff\cardinali_bio_ratzinger_j_en_files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\catholic stuff\mccarrick1_files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\catholic stuff\mccarrick2_files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\catholic stuff\mccarrick3_files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\catholic stuff\Santa Messa per l'inizio del Ministero Petrino del Vescovo di Roma Benedetto XVI_files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\catholic stuff\uscardinalsbios_files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\catholic stuff\20050408PrezBushaboutJP2Funeral_files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\catholic stuff\A32506-2005Apr6_files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\catholic stuff\A6132-2005Apr20_files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\cellpix for myspace marquee\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\DESKTOP ITEMS NEED TO BE SORTED\DESIREE CAPS\VIVA Entertainment_files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Desktop\
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP