Jump to content

Welcome Guest to Geeks to Go - Register now for FREE
Geeks To Go is a helpful hub, where thousands of friendly volunteers serve up answers and support. Get free advice from the experts. Feel free to browse the site as a guest. However, you must log in to reply to existing topics or start a new topic of your own, and enjoy all this forum has to offer. Additionally, if you can assist another member by sharing your knowledge, please post a reply! Best of all - Registration and all assistance, is FREE! Learn more about How it Works. Infected? Malware Cleaning Guide. What are you waiting for?
Create an Account Login to Account

Dr. Watson Postmortem Debugger


  • This topic is locked This topic is locked

#1
Anne12345

Anne12345

    Member

  • Member
  • PipPip
  • 17 posts
Sometimes when I turn on my computer I get a message saying "Dr. Watson Postmortem Debugger" has done something wrong and needs to close, usually followed by a message saying that Windows Explorer needs to close. The computer either then freezes, or, windows explorer closes- only to reappear in a few seconds with the same error message to follow.

Someone please help, I don't know what to do!
  • 0

Similar Topics: Dr. Watson Postmortem Debugger     x


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello Anne12345

Welcome to G2Go. :)
==================
* Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\Hijack This.
  • Click on I agree
  • Then Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

  • 0

#3
Anne12345

Anne12345

    Member

  • Member
  • PipPip
  • 17 posts
Thanks for getting back so quick,
Here it is:




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:11:06 PM, on 1/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\AOL\1151416086\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1151416086\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {050A3800-6C03-48A5-A6D7-14CCF18A700D} (v4 silent install) - http://internet.ican...om/v4rdpchk.cab
O16 - DPF: {30439117-02CA-4FBA-ADAF-84C2D8E2004D} (v3 silent install) - http://internet.ican...om/v3rdpchk.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish...fishActivia.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mpix.com/...geUploader4.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://internet.icanotes.com/msrdp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 10081 bytes
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
I am not seeing any malware in your log but you can try this:

Go to Start >Run type in cmd.
In the black box that pops up type in this >chkdsk /f /r
It will prompt you to reboot your computer then type in Y at the prompt.
Reboot your computer and then post back here to let me know how it goes. :)
  • 0

#5
Anne12345

Anne12345

    Member

  • Member
  • PipPip
  • 17 posts
OK well I didn't get the pop-up thing this time...Is that because it's been fixed?
I've noticed sometimes it will happen a few times in a row, then not happen.
It makes me a bit nervous to turn off my computer because when I go to turn it back on, it may or may not work...

But, it's working alright right now. Thanks so much!!
  • 0

#6
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Try to reboot your computer a few times to see if it still happens.

Do whatever you used to do to get it to happen to see if it is fixed.
Let me know how it goes. :)
  • 0

#7
Anne12345

Anne12345

    Member

  • Member
  • PipPip
  • 17 posts
I restarted my computer, and as soon as I logged in I got the message "Data Execution Prevention-Microsoft Windows" that said "Windows has closed this program: Windows Explorer". I clicked "close message." then It said Windows encountered a problem and needs to close. Then it said the same two messages but with Dr. Watson Postmortem Debugger.

Just now I restarted my computer again, and as I type this I see "Fax Service" "Fax Service has encountered a problem and needs to close."
I just clicked "don't send error report"...expecting something to happen...but nothing has just yet.

Edited by Anne12345, 29 January 2008 - 07:30 PM.

  • 0

#8
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hmmm let's take a closer look.


Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#9
Anne12345

Anne12345

    Member

  • Member
  • PipPip
  • 17 posts
I tried it twice and both times while it's backing up..something...Hives, it says "dss.exe has encountered a problem and needs to close."
  • 0

#10
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      Reg - File Associations
      Reg - Uninstall List
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.
  • 0

#11
Anne12345

Anne12345

    Member

  • Member
  • PipPip
  • 17 posts
WinPFind3 logfile created on: 1/30/2008 8:57:15 PM
WinPFind3U by OldTimer - Version 1.0.44 Folder = C:\Documents and Settings\Anne\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

2.00 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 70.52% Memory free
3.85 Gb Paging File | 3.22 Gb Available in Paging File | 83.66% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 169.93 Gb Total Space | 58.13 Gb Free Space | 34.21% Space Free
Drive D: | 58.19 Gb Total Space | 56.16 Gb Free Space | 96.51% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: DAD
Current User Name: Anne
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr = ]
aolacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> AOL LLC [Ver = 4.6.1.2 | Size = 46640 bytes | Modified Date = 10/23/2006 7:50:36 AM | Attr = ]
aolload.exe -> %CommonProgramFiles%\AOL\Loader\aolload.exe -> AOL LLC [Ver = 9.3.2.2 | Size = 10800 bytes | Modified Date = 11/3/2006 2:17:28 AM | Attr = ]
aolsoftware.exe -> %CommonProgramFiles%\AOL\1151416086\ee\AOLSoftware.exe -> AOL LLC [Ver = 15.5.1.2 | Size = 42032 bytes | Modified Date = 5/25/2007 12:16:08 PM | Attr = ]
aolsoftware.exe -> %CommonProgramFiles%\AOL\1151416086\ee\AOLSoftware.exe -> AOL LLC [Ver = 15.5.1.2 | Size = 42032 bytes | Modified Date = 5/25/2007 12:16:08 PM | Attr = ]
aolsoftware.exe -> %CommonProgramFiles%\AOL\1151416086\ee\AOLSoftware.exe -> AOL LLC [Ver = 15.5.1.2 | Size = 42032 bytes | Modified Date = 5/25/2007 12:16:08 PM | Attr = ]
aoltpsd3.exe -> %CommonProgramFiles%\AOL\TopSpeed\3.0\aoltpsd3.exe -> AOL LLC [Ver = 3, 0, 0, 4 | Size = 63120 bytes | Modified Date = 4/2/2007 7:33:34 AM | Attr = ]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 1/15/2008 2:40:04 AM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 8/4/2005 3:02:58 AM | Attr = ]
calmain.exe -> %ProgramFiles%\Canon\CAL\CALMAIN.exe -> Canon Inc. [Ver = 8, 1, 0, 14 | Size = 96341 bytes | Modified Date = 9/30/2005 6:22:50 PM | Attr = ]
dsagnt.exe -> %ProgramFiles%\DellSupport\DSAgnt.exe -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 460784 bytes | Modified Date = 3/15/2007 10:09:36 AM | Attr = ]
dsbrws.exe -> %ProgramFiles%\DellSupport\DSBrws.exe -> Gteko Ltd. [Ver = 3, 1, 1, 203 | Size = 582128 bytes | Modified Date = 3/15/2007 10:09:48 AM | Attr = ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.11: 2007112718 | Size = 7650416 bytes | Modified Date = 12/1/2007 8:17:50 AM | Attr = ]
hwapi.exe -> %CommonProgramFiles%\McAfee\HackerWatch\HWAPI.exe -> McAfee, Inc. [Ver = 8.3.105.0 | Size = 540776 bytes | Modified Date = 2/13/2007 12:09:12 PM | Attr = ]
iaantmon.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTMon.exe -> Intel Corporation [Ver = 5.1.0.1022 | Size = 86140 bytes | Modified Date = 6/17/2005 6:55:58 AM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 504104 bytes | Modified Date = 1/15/2008 3:22:44 AM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 267048 bytes | Modified Date = 1/15/2008 3:22:56 AM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 267048 bytes | Modified Date = 1/15/2008 3:22:56 AM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 267048 bytes | Modified Date = 1/15/2008 3:22:56 AM | Attr = ]
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 566872 bytes | Modified Date = 1/5/2007 4:21:16 PM | Attr = ]
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 566872 bytes | Modified Date = 1/5/2007 4:21:16 PM | Attr = ]
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 566872 bytes | Modified Date = 1/5/2007 4:21:16 PM | Attr = ]
mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 361560 bytes | Modified Date = 1/5/2007 4:22:12 PM | Attr = ]
mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 1,2,108,0 | Size = 2213416 bytes | Modified Date = 3/9/2007 4:36:10 AM | Attr = ]
mcods.exe -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 11,2,121,0 | Size = 362064 bytes | Modified Date = 1/16/2007 6:03:36 PM | Attr = ]
mcpromgr.exe -> %ProgramFiles%\McAfee\MSC\mcpromgr.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 493144 bytes | Modified Date = 1/5/2007 4:21:40 PM | Attr = ]
mcshield.exe -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> McAfee, Inc. [Ver = VSCORE.13.3.2.116.x86 | Size = 144960 bytes | Modified Date = 6/25/2007 10:56:42 AM | Attr = ]
mcsysmon.exe -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 11,2,131,0 | Size = 643664 bytes | Modified Date = 1/25/2007 4:01:58 PM | Attr = ]
mcvsshld.exe -> %ProgramFiles%\McAfee\VirusScan\mcvsshld.exe -> McAfee, Inc. [Ver = 11,2,121,0 | Size = 370256 bytes | Modified Date = 1/16/2007 6:03:34 PM | Attr = ]
mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 8.2.122.0 | Size = 841256 bytes | Modified Date = 6/19/2007 8:55:24 AM | Attr = ]
photoshopelementsfileagent.exe -> %ProgramFiles%\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -> [Ver = | Size = 98304 bytes | Modified Date = 10/4/2004 3:47:04 AM | Attr = ]
photoshopelementsfileagent.exe -> %ProgramFiles%\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -> [Ver = | Size = 102400 bytes | Modified Date = 9/14/2006 7:56:06 AM | Attr = ]
photostudio.exe -> %ProgramFiles%\ArcSoft\Camera Suite\PhotoStudio\PhotoStudio.exe -> ArcSoft, Inc. [Ver = 5,0,0,44 | Size = 851968 bytes | Modified Date = 7/2/2002 11:01:28 AM | Attr = ]
redirsvc.exe -> %CommonProgramFiles%\McAfee\RedirSvc\RedirSvc.exe -> McAfee, Inc. [Ver = 1,3,109,0 | Size = 256096 bytes | Modified Date = 3/8/2007 3:42:42 PM | Attr = ]
shellmon.exe -> %ProgramFiles%\AOL 9.1\shellmon.exe -> AOL, LLC. [Ver = 9.05.001 | Size = 54624 bytes | Modified Date = 10/27/2007 12:45:06 PM | Attr = ]
transferagent.exe -> %AllUsersAppData%\Dell\TransferAgent\TransferAgent.exe -> [Ver = 1.0.2873.20447 | Size = 135168 bytes | Modified Date = 11/13/2007 4:46:00 PM | Attr = ]
viewmgr.exe -> %ProgramFiles%\Viewpoint\Viewpoint Manager\ViewMgr.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 112336 bytes | Modified Date = 1/4/2007 4:38:20 PM | Attr = ]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 4:38:10 PM | Attr = ]
wanmpsvc.exe -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 9, 0, 0, 0 | Size = 65536 bytes | Modified Date = 8/27/2003 9:29:46 AM | Attr = ]
waol.exe -> %ProgramFiles%\AOL 9.1\waol.exe -> AOL, LLC. [Ver = 9.05.001 | Size = 39264 bytes | Modified Date = 10/27/2007 12:45:08 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.44.0 | Size = 371200 bytes | Modified Date = 11/21/2007 9:19:46 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr = ]
(AdobeActiveFileMonitor) Adobe Active File Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -> [Ver = | Size = 98304 bytes | Modified Date = 10/4/2004 3:47:04 AM | Attr = ]
(AdobeActiveFileMonitor5.0) Adobe Active File Monitor V5 [Win32_Own | Auto | Running] -> %ProgramFiles%\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -> [Ver = | Size = 102400 bytes | Modified Date = 9/14/2006 7:56:06 AM | Attr = ]
(AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> AOL LLC [Ver = 4.6.1.2 | Size = 46640 bytes | Modified Date = 10/23/2006 7:50:36 AM | Attr = ]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 1/15/2008 2:40:04 AM | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 8/4/2005 3:02:58 AM | Attr = ]
(CCALib8) Canon Camera Access Library 8 [Win32_Own | Auto | Running] -> %ProgramFiles%\Canon\CAL\CALMAIN.exe -> Canon Inc. [Ver = 8, 1, 0, 14 | Size = 96341 bytes | Modified Date = 9/30/2005 6:22:50 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr = ]
(DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe -> [Ver = 1, 0, 0, 8 | Size = 76848 bytes | Modified Date = 3/7/2007 2:47:46 PM | Attr = ]
(Emproxy) McAfee E-mail Proxy [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\McAfee\EmProxy\emproxy.exe -> McAfee, Inc. [Ver = 11,2,214,0 | Size = 341328 bytes | Modified Date = 10/5/2007 5:33:26 PM | Attr = ]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 1/1/2007 3:42:42 PM | Attr = ]
(IAANTMon) Intel® Matrix Storage Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTMon.exe -> Intel Corporation [Ver = 5.1.0.1022 | Size = 86140 bytes | Modified Date = 6/17/2005 6:55:58 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 3:24:18 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 504104 bytes | Modified Date = 1/15/2008 3:22:44 AM | Attr = ]
(McAfee HackerWatch Service) McAfee HackerWatch Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\HackerWatch\HWAPI.exe -> McAfee, Inc. [Ver = 8.3.105.0 | Size = 540776 bytes | Modified Date = 2/13/2007 12:09:12 PM | Attr = ]
(mcmispupdmgr) McAfee Update Manager [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\MSC\mcupdmgr.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 689752 bytes | Modified Date = 1/5/2007 4:22:18 PM | Attr = ]
(mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 361560 bytes | Modified Date = 1/5/2007 4:22:12 PM | Attr = ]
(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 1,2,108,0 | Size = 2213416 bytes | Modified Date = 3/9/2007 4:36:10 AM | Attr = ]
(McODS) McAfee Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 11,2,121,0 | Size = 362064 bytes | Modified Date = 1/16/2007 6:03:36 PM | Attr = ]
(mcpromgr) McAfee Protection Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcpromgr.exe -> McAfee, Inc. [Ver = 7,2,142,0 | Size = 493144 bytes | Modified Date = 1/5/2007 4:21:40 PM | Attr = ]
(McRedirector) McAfee Redirector Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\RedirSvc\RedirSvc.exe -> McAfee, Inc. [Ver = 1,3,109,0 | Size = 256096 bytes | Modified Date = 3/8/2007 3:42:42 PM | Attr = ]
(McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] -> -> File not found
(McSysmon) McAfee SystemGuards [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 11,2,131,0 | Size = 643664 bytes | Modified Date = 1/25/2007 4:01:58 PM | Attr = ]
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 8.2.122.0 | Size = 841256 bytes | Modified Date = 6/19/2007 8:55:24 AM | Attr = ]
(NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Intel\PROSetWired\NCS\Sync\NetSvc.exe -> Intel® Corporation [Ver = 2.2.7.0 | Size = 147456 bytes | Modified Date = 11/19/2004 10:26:40 AM | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] -> %System32%\HPZipm12.exe -> HP [Ver = 7, 0, 0, 0 | Size = 65795 bytes | Modified Date = 5/14/2003 1:45:04 AM | Attr = R ]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 4:38:10 PM | Attr = ]
(WANMiniportService) WAN Miniport (ATW) Service [Win32_Own | Auto | Running] -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 9, 0, 0, 0 | Size = 65536 bytes | Modified Date = 8/27/2003 9:29:46 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
-> -> File not found
HostManager -> %CommonProgramFiles%\AOL\1151416086\ee\AOLSoftware.exe -> AOL LLC [Ver = 15.5.1.2 | Size = 42032 bytes | Modified Date = 5/25/2007 12:16:08 PM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 267048 bytes | Modified Date = 1/15/2008 3:22:56 AM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.4 | Size = 385024 bytes | Modified Date = 1/10/2008 3:27:36 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> [Ver = | Size = 111616 bytes | Modified Date = 6/5/2006 6:36:12 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.theme ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Main\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKLM: Start Page -> http://www.msn.com/ ->
HKLM: CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Default_Page_URL -> http://www.google.co...l...&channel=us ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://www.google.com/ ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr = ]
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} [HKLM] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar Launcher] -> AOL LLC [Ver = 5.0.17.1 | Size = 1025584 bytes | Modified Date = 3/23/2007 3:35:32 PM | Attr = ]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> %ProgramFiles%\McAfee\VirusScan\scriptcl.dll [scriptproxy] -> McAfee, Inc. [Ver = VSCORE.13.3.2.126.x86 | Size = 58688 bytes | Modified Date = 1/9/2008 9:09:38 AM | Attr = ]
{AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 9:47:04 PM | Attr = ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 9:47:04 PM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 9:47:04 PM | Attr = ]
{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKLM] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar] -> AOL LLC [Ver = 5.0.17.1 | Size = 1025584 bytes | Modified Date = 3/23/2007 3:35:32 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 9:47:04 PM | Attr = ]
WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKLM] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar] -> AOL LLC [Ver = 5.0.17.1 | Size = 1025584 bytes | Modified Date = 3/23/2007 3:35:32 PM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Data - Key not found [MenuText: Sun Java Console] -> File not found
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -> Reg Data - Value does not exist [ButtonText: Create Mobile Favorite] -> File not found
{3369AF0D-62E9-4bda-8103-B4C75499B578} -> Reg Data - Value does not exist [ButtonText: AOL Toolbar] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&AOL Toolbar Search -> %ProgramFiles%\aol\aol toolbar 5.0\resources\en-us\local\search.htm -> File not found
Append to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIECaptureSelLinks.htm -> File not found
Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIEAppendSelLinks.htm -> File not found
Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
E&xport to Microsoft Excel -> -> File not found
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{3BD6B6D2-C2A5-4722-9C92-5F50D4A3DB0D} -> (NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter) ->
{577AB72A-8198-4EDD-A12B-4E1DC0734DC8} -> (Intel® PRO/100 VE Network Connection) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{050A3800-6C03-48A5-A6D7-14CCF18A700D} -> v4 silent install - CodeBase = http://internet.ican...om/v4rdpchk.cab ->
{30439117-02CA-4FBA-ADAF-84C2D8E2004D} -> v3 silent install - CodeBase = http://internet.ican...om/v3rdpchk.cab ->
{406B5949-7190-4245-91A9-30A17DE16AD0} -> Snapfish Activia - CodeBase = http://www1.snapfish...fishActivia.cab ->
{5F8469B4-B055-49DD-83F7-62B522420ECC} -> Facebook Photo Uploader Control - CodeBase = http://upload.facebo...otoUploader.cab ->
{6E5E167B-1566-4316-B27F-0DDAB3484CF7} -> Image Uploader Control - CodeBase = http://www.mpix.com/...geUploader4.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.4.2_03 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} -> Microsoft RDP Client Control (redist) - CodeBase = http://internet.icanotes.com/msrdp.cab ->
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} -> Java Plug-in 1.4.2_03 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.ma...ent/swflash.cab ->


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate not found. -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos;msv1_0;schannel;wdigest; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 988 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> )iHhbO,3e67e2c2
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> N~ ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> no ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> IISSUBA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> ћ=˒%΍ `b ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> \ ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 20782 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1151416086\ee\AOLServiceHost.exe -> C:\Program Files\Common Files\AOL\1151416086\ee\AOLServiceHost.exe:*:Enabled:AOL Services ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\rapimgr.exe -> C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\wcescomm.exe -> C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\WCESMgr.exe -> C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\26675:TCP -> 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe -> C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1151416086\ee\AOLServiceHost.exe -> C:\Program Files\Common Files\AOL\1151416086\ee\AOLServiceHost.exe:*:Enabled:AOL Services ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe -> C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\rapimgr.exe -> C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\wcescomm.exe -> C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\WCESMgr.exe -> C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1151416086\ee\aolsoftware.exe -> C:\Program Files\Common Files\AOL\1151416086\ee\aolsoftware.exe:*:Enabled:AOL Services ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM\aim.exe -> C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AOL 9.0\waol.exe -> C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\System Information\sinf.exe -> C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AOL 9.1\waol.exe -> C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -> C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\26675:TCP -> 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\S
  • 0

#12
Anne12345

Anne12345

    Member

  • Member
  • PipPip
  • 17 posts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe -k LocalService ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS;TCPIP;NTLMSSP; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.bat [@ = batfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.chm [@ = chm.file] -> PersistentHandler = Reg Data - Key not found ->
.cmd [@ = cmdfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.com [@ = comfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.cpl [@ = cplfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.exe [@ = exefile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.hlp [@ = hlpfile] -> PersistentHandler = Reg Data - Key not found ->
.hta [@ = htafile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} ->
.html [@ = FirefoxHTML] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} ->
.inf [@ = inffile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.ini [@ = inifile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.url [@ = InternetShortcut] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.js [@ = JSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.jse [@ = JSEFile] -> PersistentHandler = Reg Data - Key not found ->
.pif [@ = piffile] -> PersistentHandler = Reg Data - Key not found ->
.reg [@ = regfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.scr [@ = scrfile] -> PersistentHandler = Reg Data - Key not found ->
.txt [@ = txtfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.vbe [@ = VBEFile] -> PersistentHandler = Reg Data - Key not found ->
.vbs [@ = VBSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.wsf [@ = WSFFile] -> PersistentHandler = Reg Data - Key not found ->
.wsh [@ = WSHFile] -> PersistentHandler = Reg Data - Key not found ->
< Uninstall List > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
{075473F5-846A-448B-BCB3-104AA1760205} -> Roxio RecordNow Data ->
{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B} -> Microsoft Plus! Photo Story 2 LE ->
{0F756CD9-4A1E-409B-B101-601DDC4C03AA} -> Qualxserve Service Agreement ->
{1206EF92-2E83-4859-ACCB-2048C3CB7DA6} -> Roxio DLA ->
{21657574-BD54-48A2-9450-EB03B2C7FC29} -> Roxio MyDVD LE ->
{2502CD92-F99E-4246-85ED-A48BA943B3A1}_is1 -> DxO Optics Pro import plugin ->
{25569723-DC5A-4467-A639-79535BF01B71} -> Adobe Help Center 2.1 ->
{30465B6C-B53F-49A1-9EBA-A3F187AD502E} -> Sonic Update Manager ->
{33BB4982-DC52-4886-A03B-F4C5C80BEE89} -> Windows Media Player 10 ->
{33CF7CDF-9805-4500-9CC7-D19D52AD63C4} -> Canon Camera WIA Driver ->
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP ->
{352310C3-E46B-42D3-8F32-54721FDD72D9} -> NetZeroInstallers ->
{37477865-A3F1-4772-AD43-AAFC6BCFF99F} -> MSXML 4.0 SP2 (KB927978) ->
{3B0F52AC-EF5C-4831-B221-06C782E41280} -> Quicken 2008 ->
{3EC91FDF-FE9A-43D5-96C4-8A9C24372500} -> Maxtor OneTouch ->
{3F3C0456-E391-41AB-9523-A6B5558069A0} -> PaperPort 9.0 ->
{3F92ABBB-6BBF-11D5-B229-002078017FBF} -> NetWaiting ->
{4667B940-BB01-428B-986E-A0CC46497BF7} -> ELIcon ->
{4677AAF8-8D7A-4EE2-BCE4-0068BB052353} -> ArcSoft Camera Suite ->
{52D56C42-8C69-4882-A661-39695537C9CF} -> DellConnect ->
{55251924-B51C-4E66-8199-5258672518C5} -> Epocrates Essentials for Pocket PC ->
{55937F00-A69B-4049-8D3A-1C7729742B6F} -> BUM ->
{589D17BB-C997-48C0-BCD2-CC8DC3375FE8} -> EOS Capture 1.5 ->
{5B6BE547-21E2-49CA-B2E2-6A5F470593B1} -> Sonic Activation Module ->
{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C} -> AOLIcon ->
{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} -> Windows Media Player Firefox Plugin ->
{6C117F31-28A8-4477-BE91-64AC0A2204AD} -> Microsoft IntelliPoint 6.01 ->
{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33} -> Digital Content Portal ->
{6E45BA47-383C-4C1E-8ED0-0D4845C293D7} -> Microsoft Plus! Digital Media Edition Installer ->
{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA} -> QuickTime ->
{7148F0A8-6813-11D6-A77B-00B0D0142030} -> Java 2 Runtime Environment, SE v1.4.2_03 ->
{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE} -> EarthLink setup files ->
{747D1B34-A1FC-4EF3-A6AE-E86F39CEFDE5} -> Roxio Easy Media Creator 7 Basic DVD Edition ->
{74F7662C-B1DB-489E-A8AC-07A06B24978B} -> Dell System Restore ->
{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D} -> DellSupport ->
{7F142D56-3326-11D5-B229-002078017FBF} -> Modem Helper ->
{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA} -> Intel® PROSet for Wired Connections ->
{851C67EF-068A-4060-9EF5-2E3DDCD68382} -> Adobe Photoshop Elements 3.0 ->
{8A9B8148-DDD7-448F-BD6C-358386D32354} -> Corel Photo Album 6 ->
{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E} -> Intel Matrix Storage Manager ->
{91120409-6000-11D3-8CFE-0150048383C9} -> Microsoft Office Standard Edition 2003 ->
{99052DB7-9592-4522-A558-5417BBAD48EE} -> Microsoft ActiveSync ->
{9941F0AA-B903-4AF4-A055-83A9815CC011} -> Sonic Encoders ->
{A683A2C0-821C-486F-858C-FA634DB5E864} -> EducateU ->
{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B} -> Adobe Photoshop Elements 5.0 ->
{AB708C9B-97C8-4AC9-899B-DBF226AC9382} -> Roxio RecordNow Audio ->
{AC76BA86-0000-0000-0000-6028747ADE01} -> Adobe Acrobat - Reader 6.0.2 Update ->
{AC76BA86-1033-0000-BA7E-000000000003} -> Adobe Acrobat 8 Standard ->
{AC76BA86-7AD7-1033-7B44-A00000000001} -> Adobe Reader 6.0.1 ->
{AF19F291-F22F-4798-9662-525305AE9E48} -> WordPerfect Office 12 ->
{B12665F4-4E93-4AB4-B7FC-37053B524629} -> Roxio RecordNow Copy ->
{B6884A07-0305-47AE-9969-8F26FADC17DE} -> Games, Music, & Photos Launcher ->
{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} -> Apple Software Update ->
{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94} -> iTunes ->
{BBBC2B89-E193-4348-A83C-C8DD8210A4AC} -> Canon PhotoRecord ->
{C04E32E0-0416-434D-AFB9-6969D703A9EF} -> MSXML 4.0 SP2 (KB936181) ->
{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1 ->
{D050D7362D214723AD585B541FFB6C11} -> DivX Content Uploader ->
{D2988E9B-C73F-422C-AD4B-A66EBE257120} -> MCU ->
{D75915D3-6CFF-445F-A346-18ED6EF2F618} -> Microsoft IntelliType Pro 6.01 ->
{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4} -> Apple Mobile Device Support ->
{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A} -> iPod for Windows 2005-10-12 ->
{DB5F474C-B584-417F-810B-DEBBC1893C2A} -> TBS WMP Plug-in ->
{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039} -> AnswerWorks 5.0 English Runtime ->
{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} -> Ad-Aware 2007 ->
{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC} -> Search Assist ->
{E0F252A6-DE85-4E93-A93B-DFC3537B3965} -> WG111v2 Configuration Utility ->
{E42BD75A-FC23-4E3F-9F91-2658334C644F} -> Internet Service Offers Launcher ->
{E646DCF0-5A68-11D5-B229-002078017FBF} -> Digital Line Detect ->
{E93E5EF6-D361-481E-849D-F16EF5C78EBC} -> Musicmatch for Windows Media Player ->
Adobe Acrobat 8 Standard -> Adobe Acrobat 8.1.0 Standard ->
Adobe Flash Player Plugin -> Adobe Flash Player Plugin ->
Adobe Photoshop Elements 5 -> Adobe Photoshop Elements 5.0 ->
AOL Toolbar -> AOL Toolbar 5.0 ->
AOL Toolbar 5.0 -> ->
AOL Uninstaller -> AOL Uninstaller (Choose which Products to Remove) ->
AOLCoach -> AOL Coach Version 1.0(Build:20040229.1 en) ->
ATI Display Driver -> ATI Display Driver ->
CAL -> Canon Camera Access Library ->
CameraWindowDVC5 -> Canon Camera Window DC_DV 5 for ZoomBrowser EX ->
CameraWindowDVC6 -> Canon Camera Window DC_DV 6 for ZoomBrowser EX ->
CameraWindowMC -> Canon Camera Window MC 6 for ZoomBrowser EX ->
Canon G.726 WMP-Decoder -> Canon G.726 WMP-Decoder ->
CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1 -> Conexant D850 56K V.9x DFVc Modem ->
Colors of Autumn Scenic Reflections -> Colors of Autumn Scenic Reflections Screen Saver ->
CSCLIB -> Canon Camera Support Core Library ->
Dell Laser MFP 1600n -> Dell Laser MFP 1600n Software Uninstall ->
DPP -> Canon Utilities Digital Photo Professional 2.1 ->
DxO Optics Pro 4 -> DxO Optics Pro 4.0 ->
DxO Optics Pro v3 -> DxO Optics Pro v3.5 Application ->
EmeraldQFE2 -> Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information] ->
EOS Utility -> Canon Utilities EOS Utility ->
ESPNMotion -> ESPNMotion ->
Gaim -> Gaim (remove only) ->
Google Desktop -> Google Desktop ->
GTK 2.0 -> GTK+ Runtime 2.6.10 rev a (remove only) ->
GTRemote Client -> DellConnect ->
HijackThis -> HijackThis 2.0.2 ->
hp photosmart 7900 series_Driver -> hp photosmart 7900 series ->
ICANotes -> ICANotes ->
InstallShield_{33CF7CDF-9805-4500-9CC7-D19D52AD63C4} -> Canon EOS Kiss_N REBEL_XT 350D WIA Driver ->
InstallShield_{3EC91FDF-FE9A-43D5-96C4-8A9C24372500} -> Maxtor OneTouch ->
InstallShield_{589D17BB-C997-48C0-BCD2-CC8DC3375FE8} -> Canon Utilities EOS Capture 1.5 ->
InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A} -> iPod for Windows 2005-10-12 ->
InstallShield_{DB5F474C-B584-417F-810B-DEBBC1893C2A} -> TBS WMP Plug-in ->
KB873339 -> Windows XP Hotfix - KB873339 ->
KB885250 -> Windows XP Hotfix - KB885250 ->
KB885835 -> Windows XP Hotfix - KB885835 ->
KB885836 -> Windows XP Hotfix - KB885836 ->
KB886185 -> Windows XP Hotfix - KB886185 ->
KB887472 -> Windows XP Hotfix - KB887472 ->
KB887742 -> Windows XP Hotfix - KB887742 ->
KB887998 -> Microsoft .NET Framework 1.0 Hotfix (KB887998) ->
KB888113 -> Windows XP Hotfix - KB888113 ->
KB888302 -> Windows XP Hotfix - KB888302 ->
KB888795 -> Hotfix for Windows XP (KB888795) ->
KB889673 -> Windows XP Hotfix - KB889673 ->
KB890046 -> Security Update for Windows XP (KB890046) ->
KB890859 -> Windows XP Hotfix - KB890859 ->
KB890927 -> Windows XP Hotfix - KB890927 ->
KB891593 -> Hotfix for Windows XP (KB891593) ->
KB891781 -> Windows XP Hotfix - KB891781 ->
KB893756 -> Security Update for Windows XP (KB893756) ->
KB893803v2 -> Windows Installer 3.1 (KB893803) ->
KB894391 -> Update for Windows XP (KB894391) ->
KB895961 -> Hotfix for Windows XP (KB895961) ->
KB896256 -> Hotfix for Windows XP (KB896256) ->
KB896358 -> Security Update for Windows XP (KB896358) ->
KB896422 -> Security Update for Windows XP (KB896422) ->
KB896423 -> Security Update for Windows XP (KB896423) ->
KB896424 -> Security Update for Windows XP (KB896424) ->
KB896428 -> Security Update for Windows XP (KB896428) ->
KB898461 -> Update for Windows XP (KB898461) ->
KB899337 -> Hotfix for Windows XP (KB899337) ->
KB899510 -> Hotfix for Windows XP (KB899510) ->
KB899587 -> Security Update for Windows XP (KB899587) ->
KB899588 -> Security Update for Windows XP (KB899588) ->
KB899589 -> Security Update for Windows XP (KB899589) ->
KB899591 -> Security Update for Windows XP (KB899591) ->
KB900325 -> Update Rollup 2 for Windows XP Media Center Edition 2005 ->
KB900485 -> Update for Windows XP (KB900485) ->
KB900725 -> Security Update for Windows XP (KB900725) ->
KB901017 -> Security Update for Windows XP (KB901017) ->
KB901214 -> Security Update for Windows XP (KB901214) ->
KB902400 -> Security Update for Windows XP (KB902400) ->
KB902841 -> Hotfix for Windows XP (KB902841) ->
KB903157 -> Hotfix for Windows Media Player 10 (KB903157) ->
KB904706 -> Security Update for Windows XP (KB904706) ->
KB905414 -> Security Update for Windows XP (KB905414) ->
KB905749 -> Security Update for Windows XP (KB905749) ->
KB906569 -> Hotfix for Windows XP (KB906569) ->
KB908246 -> Windows XP Media Center Edition 2005 KB908246 ->
KB908519 -> Security Update for Windows XP (KB908519) ->
KB908531 -> Update for Windows XP (KB908531) ->
KB908673 -> Hotfix for Windows XP (KB908673) ->
KB909394 -> Hotfix for Windows XP (KB909394) ->
KB910393 -> Update for Windows Media Player 10 (KB910393) ->
KB910437 -> Update for Windows XP (KB910437) ->
KB911280 -> Security Update for Windows XP (KB911280) ->
KB911562 -> Security Update for Windows XP (KB911562) ->
KB911565 -> Security Update for Windows Media Player 10 (KB911565) ->
KB911567 -> Security Update for Windows XP (KB911567) ->
KB911927 -> Security Update for Windows XP (KB911927) ->
KB912024 -> Hotfix for Windows XP (KB912024) ->
KB912067 -> Windows XP Media Center Edition 2005 KB912067 ->
KB912812 -> Security Update for Windows XP (KB912812) ->
KB912919 -> Security Update for Windows XP (KB912919) ->
KB912945 -> Update for Windows XP (KB912945) ->
KB913580 -> Security Update for Windows XP (KB913580) ->
KB913800 -> Update for Windows Media Player 10 (KB913800) ->
KB914388 -> Security Update for Windows XP (KB914388) ->
KB914389 -> Security Update for Windows XP (KB914389) ->
KB916281 -> Security Update for Windows XP (KB916281) ->
KB916595 -> Update for Windows XP (KB916595) ->
KB917159 -> Security Update for Windows XP (KB917159) ->
KB917344 -> Security Update for Windows XP (KB917344) ->
KB917422 -> Security Update for Windows XP (KB917422) ->
KB917734_WMP10 -> Security Update for Windows Media Player 10 (KB917734) ->
KB917953 -> Security Update for Windows XP (KB917953) ->
KB918118 -> Security Update for Windows XP (KB918118) ->
KB918439 -> Security Update for Windows XP (KB918439) ->
KB918899 -> Security Update for Windows XP (KB918899) ->
KB919007 -> Security Update for Windows XP (KB919007) ->
KB920213 -> Security Update for Windows XP (KB920213) ->
KB920214 -> Security Update for Windows XP (KB920214) ->
KB920670 -> Security Update for Windows XP (KB920670) ->
KB920683 -> Security Update for Windows XP (KB920683) ->
KB920685 -> Security Update for Windows XP (KB920685) ->
KB920872 -> Update for Windows XP (KB920872) ->
KB921398 -> Security Update for Windows XP (KB921398) ->
KB921503 -> Security Update for Windows XP (KB921503) ->
KB921883 -> Security Update for Windows XP (KB921883) ->
KB922582 -> Update for Windows XP (KB922582) ->
KB922616 -> Security Update for Windows XP (KB922616) ->
KB922760 -> Security Update for Windows XP (KB922760) ->
KB922819 -> Security Update for Windows XP (KB922819) ->
KB923191 -> Security Update for Windows XP (KB923191) ->
KB923414 -> Security Update for Windows XP (KB923414) ->
KB923694 -> Security Update for Windows XP (KB923694) ->
KB923980 -> Security Update for Windows XP (KB923980) ->
KB924191 -> Security Update for Windows XP (KB924191) ->
KB924270 -> Security Update for Windows XP (KB924270) ->
KB924496 -> Security Update for Windows XP (KB924496) ->
KB924667 -> Security Update for Windows XP (KB924667) ->
KB925398_WMP64 -> Security Update for Windows Media Player 6.4 (KB925398) ->
KB925454 -> Security Update for Windows XP (KB925454) ->
KB925486 -> Security Update for Windows XP (KB925486) ->
KB925902 -> Security Update for Windows XP (KB925902) ->
KB926255 -> Security Update for Windows XP (KB926255) ->
KB926436 -> Security Update for Windows XP (KB926436) ->
KB927779 -> Security Update for Windows XP (KB927779) ->
KB927802 -> Security Update for Windows XP (KB927802) ->
KB927891 -> Update for Windows XP (KB927891) ->
KB928090 -> Security Update for Windows XP (KB928090) ->
KB928255 -> Security Update for Windows XP (KB928255) ->
KB928843 -> Security Update for Windows XP (KB928843) ->
KB929123 -> Security Update for Windows XP (KB929123) ->
KB929338 -> Update for Windows XP (KB929338) ->
KB929969 -> Security Update for Windows XP (KB929969) ->
KB930178 -> Security Update for Windows XP (KB930178) ->
KB930494 -> Microsoft .NET Framework 1.0 Hotfix (KB930494) ->
KB930916 -> Update for Windows XP (KB930916) ->
KB931261 -> Security Update for Windows XP (KB931261) ->
KB931768 -> Security Update for Windows XP (KB931768) ->
KB931784 -> Security Update for Windows XP (KB931784) ->
KB931836 -> Update for Windows XP (KB931836) ->
KB932168 -> Security Update for Windows XP (KB932168) ->
KB933360 -> Update for Windows XP (KB933360) ->
KB933566 -> Security Update for Windows XP (KB933566) ->
KB933729 -> Security Update for Windows XP (KB933729) ->
KB935839 -> Security Update for Windows XP (KB935839) ->
KB935840 -> Security Update for Windows XP (KB935840) ->
KB936021 -> Security Update for Windows XP (KB936021) ->
KB936357 -> Update for Windows XP (KB936357) ->
KB937143 -> Security Update for Windows XP (KB937143) ->
KB937894 -> Security Update for Windows XP (KB937894) ->
KB938127 -> Security Update for Windows XP (KB938127) ->
KB938828 -> Update for Windows XP (KB938828) ->
KB938829 -> Security Update for Windows XP (KB938829) ->
KB939653 -> Security Update for Windows XP (KB939653) ->
KB941202 -> Security Update for Windows XP (KB941202) ->
KB941568 -> Security Update for Windows XP (KB941568) ->
KB941644 -> Security Update for Windows XP (KB941644) ->
KB942615 -> Security Update for Windows XP (KB942615) ->
KB942763 -> Update for Windows XP (KB942763) ->
KB942840 -> Update for Windows XP (KB942840) ->
KB943460 -> Security Update for Windows XP (KB943460) ->
KB943485 -> Security Update for Windows XP (KB943485) ->
KB944653 -> Security Update for Windows XP (KB944653) ->
KB946627 -> Update for Windows XP (KB946627) ->
LiveUpdate -> LiveUpdate 2.6 (Symantec Corporation) ->
M928366 -> Microsoft .NET Framework 1.1 Hotfix (KB928366) ->
Microsoft .NET Framework 1.1 (1033) -> Microsoft .NET Framework 1.1 ->
Move Networks Player_is1 -> Move Networks Player for Internet Explorer ->
MovieEditTask -> Canon MovieEdit Task for ZoomBrowser EX ->
Mozilla Firefox (2.0.0.11) -> Mozilla Firefox (2.0.0.11) ->
MSC -> McAfee SecurityCenter ->
MXOFX -> USB Storage Adapter FX (MXO) ->
New England Snow -> New England Snow Screen Saver ->
nik Color Efex Pro 2.0 Select -> nik Color Efex Pro 2.0 Select ->
PhotoStitch -> Canon Utilities PhotoStitch ->
PROSet -> Intel® PRO Network Connections Drivers ->
RAW Image Task -> Canon RAW Image Task for ZoomBrowser EX ->
RealPlayer 6.0 -> RealPlayer Basic ->
RemoteCaptureTask -> Canon RemoteCapture Task for ZoomBrowser EX ->
ScrewDrivers Client v4 -> ScrewDrivers Client v4 ->
SdustSSC3_is1 -> Stardust Screen Saver Control 2003 (3.0.0.66) ->
SdustWC1_is1 -> Stardust Wallpaper Control 2003 (1.0.0.4) ->
Security Task Manager -> Security Task Manager 1.7e ->
ShockwaveFlash -> Adobe Flash Player 9 ActiveX ->
Software Bisque TheSky -> Software Bisque TheSky (Remove only) ->
Stardust Screen Saver QuickStart 2.1_is1 -> Stardust Screen Saver QuickStart 2.1 ->
StreetPlugin -> Learn2 Player (Uninstall Only) ->
v3 RDP Only Web Push (nstl chk) -> v3 RDP Only Web Push (nstl chk) ->
v4 RDP Only Web Push (nstl chk) -> v4 RDP Only Web Push (nstl chk) ->
Viewpoint Manager -> Viewpoint Manager (Remove Only) ->
ViewpointMediaPlayer -> Viewpoint Media Player ->
WebCyberCoach_wtrb -> WebCyberCoach 3.2 Dell ->
WGA -> Windows Genuine Advantage Validation Tool (KB892130) ->
WgaNotify -> Windows Genuine Advantage Notifications (KB905474) ->
Windows Media Format Runtime -> Windows Media Format 11 runtime ->
Windows Media Player -> Windows Media Player 11 ->
WMFDist11 -> Windows Media Format 11 runtime ->
wmp11 -> Windows Media Player 11 ->
Wudf01000 -> Microsoft User-Mode Driver Framework Feature Pack 1.0 (Beta2) ->
ZoomBrowser EX -> Canon Utilities ZoomBrowser EX ->

[Files/Folders - Created Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 1/20/2008 2:12:45 PM | Attr = HS]
Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 1/30/2008 7:06:41 AM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 2145529856 bytes | Created Date = 1/1/1601 5:00:00 AM | Attr = HS]
$NtUninstallKB941644$ -> %SystemRoot%\$NtUninstallKB941644$ -> [Folder | Created Date = 1/8/2008 10:40:42 PM | Attr = H ]
$NtUninstallKB943485$ -> %SystemRoot%\$NtUninstallKB943485$ -> [Folder | Created Date = 1/8/2008 10:40:34 PM | Attr = H ]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 1/30/2008 7:07:08 AM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 1/21/2008 4:31:41 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 1/21/2008 4:31:41 PM | Attr = H ]
acXMLParser.dll -> %System32%\acXMLParser.dll -> Apache Software Foundation [Ver = 2, 7, 0 | Size = 1843200 bytes | Created Date = 1/21/2008 8:51:09 AM | Attr = ]
cdintf300.dll -> %System32%\cdintf300.dll -> Amyuni Technologies
http://www.amyuni.com [Ver = 3.01a | Size = 3518464 bytes | Created Date = 1/21/2008 8:51:08 AM | Attr = ]
Config.MPF -> %System32%\Config.MPF -> [Ver = | Size = 8690 bytes | Created Date = 1/20/2008 11:46:43 AM | Attr = ]
DRVSTORE -> %System32%\DRVSTORE -> [Folder | Created Date = 1/20/2008 2:11:13 PM | Attr = ]
QuickTime.qts -> %System32%\QuickTime.qts -> Apple Inc. [Ver = 7.4 | Size = 57344 bytes | Created Date = 1/10/2008 3:27:44 PM | Attr = ]
QuickTimeVR.qtx -> %System32%\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.4 | Size = 90112 bytes | Created Date = 1/10/2008 3:27:46 PM | Attr = ]
usbaapl.sys -> %System32%\drivers\usbaapl.sys -> Apple, Inc. [Ver = 1, 25, 0, 0 | Size = 30464 bytes | Created Date = 1/20/2008 2:11:13 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 1/29/2008 3:11:18 PM | Attr = HS]
Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 1/30/2008 7:06:42 AM | Attr = ]
dell -> %SystemDrive%\dell -> [Folder | Modified Date = 1/29/2008 3:08:16 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 2145529856 bytes | Modified Date = 1/29/2008 8:26:38 PM | Attr = HS]
mcafee_mcpr -> %SystemDrive%\mcafee_mcpr -> [Folder | Modified Date = 1/20/2008 11:25:42 AM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 1/29/2008 4:02:06 PM | Attr = ]
VETlog.dmp -> %SystemDrive%\VETlog.dmp -> [Ver = | Size = 55827 bytes | Modified Date = 1/19/2008 8:17:10 AM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 1/30/2008 9:59:04 AM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 1/8/2008 1:50:54 PM | Attr = H ]
$NtUninstallKB941644$ -> %SystemRoot%\$NtUninstallKB941644$ -> [Folder | Modified Date = 1/8/2008 10:40:44 PM | Attr = H ]
$NtUninstallKB943485$ -> %SystemRoot%\$NtUninstallKB943485$ -> [Folder | Modified Date = 1/8/2008 10:40:36 PM | Attr = H ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 1/29/2008 8:26:42 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 1/29/2008 3:10:32 PM | Attr = S]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 1/30/2008 7:07:10 AM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1355 bytes | Modified Date = 1/8/2008 10:40:48 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 1/29/2008 4:12:30 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 1/29/2008 3:11:18 PM | Attr = HS]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 1/30/2008 8:56:56 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 1/21/2008 4:31:42 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 1/30/2008 9:35:52 AM | Attr = H ]
Quicken.ini -> %SystemRoot%\Quicken.ini -> [Ver = | Size = 178 bytes | Modified Date = 1/21/2008 9:02:06 AM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 1/29/2008 8:27:50 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 1/29/2008 4:12:32 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 1/20/2008 2:11:34 PM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 1/30/2008 8:57:04 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 831 bytes | Modified Date = 1/29/2008 10:38:56 PM | Attr = ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 126 bytes | Modified Date = 1/29/2008 3:04:52 PM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 1/21/2008 8:50:44 AM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 1/24/2008 9:27:04 PM | Attr = ]
McQcTask.job -> %SystemRoot%\tasks\McQcTask.job -> [Ver = | Size = 336 bytes | Modified Date = 1/1/2008 1:00:30 AM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 1/29/2008 8:26:48 PM | Attr = H ]
278CDE5A93.sys -> %System32%\278CDE5A93.sys -> [Ver = | Size = 88 bytes | Modified Date = 1/28/2008 10:32:14 AM | Attr = RHS]
appmgmt -> %System32%\appmgmt -> [Folder | Modified Date = 1/29/2008 3:05:22 PM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 1/29/2008 4:12:32 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 1/29/2008 8:27:44 PM | Attr = ]
Config.MPF -> %System32%\Config.MPF -> [Ver = | Size = 8690 bytes | Modified Date = 1/29/2008 8:27:56 PM | Attr = ]
DLA -> %System32%\DLA -> [Folder | Modified Date = 1/29/2008 3:17:02 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 1/29/2008 3:09:22 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 1/29/2008 4:12:32 PM | Attr = ]
DRVSTORE -> %System32%\DRVSTORE -> [Folder | Modified Date = 1/20/2008 2:11:14 PM | Attr = ]
FxsTmp -> %System32%\FxsTmp -> [Folder | Modified Date = 1/30/2008 9:45:38 AM | Attr = ]
KGyGaAvL.sys -> %System32%\KGyGaAvL.sys -> [Ver = | Size = 3766 bytes | Modified Date = 1/28/2008 10:32:16 AM | Attr = HS]
QuickTime.qts -> %System32%\QuickTime.qts -> Apple Inc. [Ver = 7.4 | Size = 57344 bytes | Modified Date = 1/10/2008 3:27:44 PM | Attr = ]
QuickTimeVR.qtx -> %System32%\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.4 | Size = 90112 bytes | Modified Date = 1/10/2008 3:27:46 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 1/30/2008 9:35:38 AM | Attr = ]
usbaapl.sys -> %System32%\drivers\usbaapl.sys -> Apple, Inc. [Ver = 1, 25, 0, 0 | Size = 30464 bytes | Modified Date = 1/15/2008 2:39:58 AM | Attr = ]

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 , -> %SystemRoot%\SCMain.exe -> Stardust Software [Ver = 3, 0, 0, 66 | Size = 355328 bytes | Modified Date = 1/2/2004 8:15:20 PM | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\WCMain.exe -> Stardust Software [Ver = 1, 0, 0, 4 | Size = 357376 bytes | Modified Date = 1/2/2004 8:25:50 PM | Attr = ]
UPX! , UPX0 , -> %System32%\Colors of Autumn Scenic Reflections.scr -> Stardust Software [Ver = 4, 0, 0, 206 | Size = 564736 bytes | Modified Date = 9/29/2006 9:31:50 PM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\XceedFtp.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.1.129.0 | Size = 279392 bytes | Modified Date = 8/31/2005 9:35:40 AM | Attr = ]

< End of report >
  • 0

#13
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Yes I am afraid that there is no malware present and in this case I will have to ask you to start a topic in this forum >XP Forum
where they will be able to further assist you.
You can delete any thing I asked you to use.
Good luck :)
  • 0

#14
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
  • 0


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured