Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Darksma Infection [RESOLVED]


  • This topic is locked This topic is locked

#16
billanin

billanin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Here it is

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0

; Results at 8/27/2008 10:14:10 PM for strings:
; 'bifrost'
; 'server.exe'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\LuComServer.EXE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\lserver.exe]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000]
; Contents of value:
;  
"_server.exe:D3DOGL_67207556"=hex:02,00,00,08

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\lserver.exe]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000]
; Contents of value:
;  
"_server.exe:D3DOGL_67207556"=hex:02,00,00,08

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\lserver.exe]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000]
; Contents of value:
;  
"_server.exe:D3DOGL_67207556"=hex:02,00,00,08

; End Of The Log...
  • 0

Advertisements


#17
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
That's very good, now can you repeat the last scan with Regsearch, but this time use

{6FCBD965-8CDF-4414-AF67-A55E5072F564}
as your search text.

Please post me the text from the new C:\RegSearch\RegSearch.txt as your next reply.
  • 0

#18
billanin

billanin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0

; Results at 8/28/2008 7:45:12 PM for strings:
; '{6fcbd965-8cdf-4414-af67-a55e5072f564}'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\DEFAULT]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\16]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\16\1024,768]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\16\1152,864]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\16\1280,1024]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\16\1280,960]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\16\1600,1024]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\16\1600,1200]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\16\1600,900]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\16\640,480]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\16\800,600]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\32]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\32\1024,768]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\32\1152,864]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\32\1280,1024]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\32\1280,960]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\32\1600,1024]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\32\1600,1200]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\32\1600,900]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\32\640,480]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\32\800,600]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\8]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\8\1024,768]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\8\1152,864]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\8\1280,1024]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\8\1280,960]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\8\1600,1024]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\8\1600,1200]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\8\1600,900]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\8\640,480]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\8\800,600]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\UI]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16\1024,768]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16\1152,864]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16\1280,1024]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16\1280,960]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16\1600,1024]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16\1600,1200]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16\1600,900]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16\320,200]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16\320,240]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16\400,300]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16\480,360]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16\512,384]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16\640,400]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16\640,480]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16\800,600]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16\960,720]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32\1024,768]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32\1152,864]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32\1280,1024]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32\1280,960]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32\1600,1024]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32\1600,1200]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32\1600,900]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32\320,200]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32\320,240]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32\400,300]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32\480,360]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32\512,384]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32\640,400]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32\640,480]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32\800,600]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32\960,720]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8\1024,768]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8\1152,864]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8\1280,1024]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8\1280,960]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8\1600,1024]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8\1600,1200]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8\1600,900]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8\320,200]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8\320,240]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8\400,300]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8\480,360]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8\512,384]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8\640,400]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8\640,480]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8\800,600]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8\960,720]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\Video]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_10DE&DEV_0181&SUBSYS_80BB1043&REV_A2\4&1a99067f&0&0008\Device Parameters]
"VideoID"="{6FCBD965-8CDF-4414-AF67-A55E5072F564}"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{6FCBD965-8CDF-4414-AF67-A55E5072F564}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\Mon11335577]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\Mon22446688]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\Current\System\CurrentControlSet\Control\VIDEO\{6FCBD965-8CDF-4414-AF67-A55E5072F564}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\Current\System\CurrentControlSet\Control\VIDEO\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\Current\System\CurrentControlSet\Control\VIDEO\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\Mon11335577]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\Current\System\CurrentControlSet\Control\VIDEO\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\Mon22446688]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\DEFAULT]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\16]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\16\1024,768]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\16\1152,864]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\16\1280,1024]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\16\1280,960]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\16\1600,1024]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\16\1600,1200]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\16\1600,900]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\16\640,480]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\16\800,600]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\32]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\32\1024,768]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\32\1152,864]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\32\1280,1024]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\32\1280,960]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\32\1600,1024]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\32\1600,1200]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\32\1600,900]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\32\640,480]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\32\800,600]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\8]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\8\1024,768]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\8\1152,864]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\8\1280,1024]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\8\1280,960]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\8\1600,1024]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\8\1600,1200]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\8\1600,900]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\8\640,480]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\8\800,600]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\UI]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16\1024,768]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16\1152,864]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16\1280,1024]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16\1280,960]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16\1600,1024]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16\1600,1200]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16\1600,900]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16\320,200]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16\320,240]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16\400,300]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16\480,360]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16\512,384]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16\640,400]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16\640,480]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16\800,600]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16\960,720]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32\1024,768]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32\1152,864]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32\1280,1024]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32\1280,960]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32\1600,1024]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32\1600,1200]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32\1600,900]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32\320,200]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32\320,240]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32\400,300]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32\480,360]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32\512,384]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32\640,400]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32\640,480]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32\800,600]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32\960,720]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8\1024,768]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8\1152,864]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8\1280,1024]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8\1280,960]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8\1600,1024]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8\1600,1200]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8\1600,900]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8\320,200]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8\320,240]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8\400,300]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8\480,360]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8\512,384]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8\640,400]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8\640,480]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8\800,600]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8\960,720]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\Video]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\PCI\VEN_10DE&DEV_0181&SUBSYS_80BB1043&REV_A2\4&1a99067f&0&0008\Device Parameters]
"VideoID"="{6FCBD965-8CDF-4414-AF67-A55E5072F564}"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{6FCBD965-8CDF-4414-AF67-A55E5072F564}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\Mon11335577]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\Mon22446688]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\DEFAULT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\16]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\16\1024,768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\16\1152,864]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\16\1280,1024]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\16\1280,960]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\16\1600,1024]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\16\1600,1200]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\16\1600,900]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\16\640,480]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\16\800,600]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\32]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\32\1024,768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\32\1152,864]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\32\1280,1024]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\32\1280,960]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\32\1600,1024]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\32\1600,1200]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\32\1600,900]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\32\640,480]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\32\800,600]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\8]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\8\1024,768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\8\1152,864]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\8\1280,1024]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\8\1280,960]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\8\1600,1024]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\8\1600,1200]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\8\1600,900]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\8\640,480]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\MODES\8\800,600]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\UI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16\1024,768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16\1152,864]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16\1280,1024]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16\1280,960]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16\1600,1024]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16\1600,1200]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16\1600,900]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16\320,200]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16\320,240]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16\400,300]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16\480,360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16\512,384]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16\640,400]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16\640,480]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16\800,600]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\16\960,720]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32\1024,768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32\1152,864]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32\1280,1024]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32\1280,960]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32\1600,1024]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32\1600,1200]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32\1600,900]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32\320,200]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32\320,240]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32\400,300]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32\480,360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32\512,384]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32\640,400]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32\640,480]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32\800,600]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\32\960,720]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8\1024,768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8\1152,864]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8\1280,1024]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8\1280,960]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8\1600,1024]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8\1600,1200]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8\1600,900]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8\320,200]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8\320,240]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8\400,300]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8\480,360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8\512,384]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8\640,400]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8\640,480]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8\800,600]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\VIDEO\MODES\8\960,720]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\Video]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\PCI\VEN_10DE&DEV_0181&SUBSYS_80BB1043&REV_A2\4&1a99067f&0&0008\Device Parameters]
"VideoID"="{6FCBD965-8CDF-4414-AF67-A55E5072F564}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{6FCBD965-8CDF-4414-AF67-A55E5072F564}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\Mon11335577]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\Mon22446688]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\System\CurrentControlSet\Control\VIDEO\{6FCBD965-8CDF-4414-AF67-A55E5072F564}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\System\CurrentControlSet\Control\VIDEO\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\System\CurrentControlSet\Control\VIDEO\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\Mon11335577]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\System\CurrentControlSet\Control\VIDEO\{6FCBD965-8CDF-4414-AF67-A55E5072F564}\0000\Mon22446688]

; End Of The Log...
  • 0

#19
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts

Hi Sage:

Thank you for all of your help with my issues. The support found here is incredible!
I do however have one other issue. I noticed after a scan from my CA Anti Spyware that it detected something called BiFrost. I had noticed this once before, prior to executing all of these steps.

Is there anything I should be doing to eliminate this threat?

Bill



Does CA give you the option to remove that threat, or does it simply detect it?
Can you get me a screenshot of the warning that it gives you?

Those registry entries seem to be for a video card setting & I'm guessing are harmless
  • 0

#20
billanin

billanin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hey Sage:

Here is a copy from the log file -- maybe this will help. You will see it detected on 8/6 and deleted and it reappeared on the 20th after we got done cleaning the machine.

8/6/2008-9:44:31 PM , Deleted , Bifrost , Backdoor , Key "hkey_users \s-1-5-21-1123561945-823518204-839522115-1003\software\wget" , -1
8/6/2008-9:44:31 PM , Deleted , KaZaA , P2P , Key "hkey_users \s-1-5-21-1123561945-823518204-839522115-1003\software\kazaa" , -1
8/17/2008-8:33:05 PM , Deleted , quantserve.com , Tracking Cookie , Cookie "[email protected][1].txt" File "C:\Documents and Settings\Bill.HOME\cookies\[email protected][1].txt" , -1
8/20/2008-6:58:40 AM , Quarantined , KaZaA , P2P , Key "hkey_users \S-1-5-21-1123561945-823518204-839522115-1003\software\kazaa" , -1
8/20/2008-6:58:40 AM , Quarantined , Bifrost , Backdoor , Key "hkey_users \S-1-5-21-1123561945-823518204-839522115-1003\software\wget" , -1
  • 0

#21
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Lets see if they are gone from the registry.
We'll use RegSearch again.

Run RegSearch:
  • Double click on regsearch.exe
  • Copy the following to the upper input box, 1 entry per line:
    wget
    kazaa
  • Leave the lower input box empty
  • Leave the ticks in there default configurations & click OK
  • The scan will appear to pause and then open a Notepad file.
  • This file is C:\RegSearch\RegSearch.txt

Edited by sage5, 30 August 2008 - 08:11 AM.

  • 0

#22
billanin

billanin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0

; Results at 9/2/2008 9:12:57 PM for strings:
; 'wget'
; 'kazaa'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\11.0\Registration\{90110409-6000-11D3-8CFE-0150048383C9}]
"Current1"="RQBOAEQALQBVAFMARQBSACAATABJAEMARQBOAFMARQAgAEEARwBSAEUARQBNAEUATgBUACAARgB
PAFIAIABNAEkAQwBSAE8AUwBPAEYAVAAgAFMATwBGAFQAVwBBAFIARQAKAEkATQBQAE8AUgBUAEEATgBU
ABQgUgBFAEEARAAgAEMAQQBSAEUARgBVAEwATABZADoAIABUAGgAaQBzACAARQBuAGQALQBVAHMAZQByA
CAATABpAGMAZQBuAHMAZQAgAEEAZwByAGUAZQBtAGUAbgB0ACAAKAAiAEUAVQBMAEEAIgApACAAaQBzAC
AAYQAgAGwAZQBnAGEAbAAgAGEAZwByAGUAZQBtAGUAbgB0ACAAYgBlAHQAdwBlAGUAbgAgAHkAbwB1ACA
AKABlAGkAdABoAGUAcgAgAGEAbgAgAGkAbgBkAGkAdgBpAGQAdQBhAGwAIABvAHIAIABhACAAcwBpAG4A
ZwBsAGUAIABlAG4AdABpAHQAeQApACAAYQBuAGQAIABNAGkAYwByAG8AcwBvAGYAdAAgAEMAbwByAHAAb
wByAGEAdABpAG8AbgAgAGYAbwByACAAdABoAGUAIABNAGkAYwByAG8AcwBvAGYAdAAgAHMAbwBmAHQAdw
BhAHIAZQAgAHQAaABhAHQAIABhAGMAYwBvAG0AcABhAG4AaQBlAHMAIAB0AGgAaQBzACAARQBVAEwAQQA
sACAAdwBoAGkAYwBoACAAaQBuAGMAbAB1AGQAZQBzACAAYQBzAHMAbwBjAGkAYQB0AGUAZAAgAG0AZQBk
AGkAYQAgAGEAbgBkACAATQBpAGMAcgBvAHMAbwBmAHQAIABJAG4AdABlAHIAbgBlAHQALQBiAGEAcwBlA
GQAIABzAGUAcgB2AGkAYwBlAHMAIAAoACIAUwBvAGYAdAB3AGEAcgBlACIAKQAuACAAIABBAG4AIABhAG
0AZQBuAGQAbQBlAG4AdAAgAG8AcgAgAGEAZABkAGUAbgBkAHUAbQAgAHQAbwAgAHQAaABpAHMAIABFAFU
ATABBACAAbQBhAHkAIABhAGMAYwBvAG0AcABhAG4AeQAgAHQAaABlACAAUwBvAGYAdAB3AGEAcgBlAC4A
IAAgAFkATwBVACAAQQBHAFIARQBFACAAVABPACAAQgBFACAAQgBPAFUATgBEACAAQgBZACAAVABIAEUAI
ABUAEUAUgBNAFMAIABPAEYAIABUAEgASQBTACAARQBVAEwAQQAgAEIAWQAgAEkATgBTAFQAQQBMAEwASQ
BOAEcALAAgAEMATwBQAFkASQBOAEcALAAgAE8AUgAgAFUAUwBJAE4ARwAgAFQASABFACAAUwBPAEYAVAB
XAEEAUgBFAC4AIAAgAEkARgAgAFkATwBVACAARABPACAATgBPAFQAIABBAEcAUgBFAEUALAAgAEQATwAg
AE4ATwBUACAASQBOAFMAVABBAEwATAAsACAAQwBPAFAAWQAsACAATwBSACAAVQBTAEUAIABUAEgARQAgA
FMATwBGAFQAVwBBAFIARQA7ACAAWQBPAFUAIABNAEEAWQAgAFIARQBUAFUAUgBOACAASQBUACAAVABPAC
AAWQBPAFUAUgAgAFAATABBAEMARQAgAE8ARgAgAFAAVQBSAEMASABBAFMARQAgAEYATwBSACAAQQAgAEY
AVQBMAEwAIABSAEUARgBVAE4ARAAsACAASQBGACAAQQBQAFAATABJAEMAQQBCAEwARQAuAAoAMQAuAAkA
RwBSAEEATgBUACAATwBGACAATABJAEMARQBOAFMARQAuACAAIABNAGkAYwByAG8AcwBvAGYAdAAgAGcAc
gBhAG4AdABzACAAeQBvAHUAIAB0AGgAZQAgAGYAbwBsAGwAbwB3AGkAbgBnACAAcgBpAGcAaAB0AHMAIA
BwAHIAbwB2AGkAZABlAGQAIAB0AGgAYQB0ACAAeQBvAHUAIABjAG8AbQBwAGwAeQAgAHcAaQB0AGgAIAB
hAGwAbAAgAHQAZQByAG0AcwAgAGEAbgBkACAAYwBvAG4AZABpAHQAaQBvAG4AcwAgAG8AZgAgAHQAaABp
AHMAIABFAFUATABBADoACgAxAC4AMQAJAEkAbgBzAHQAYQBsAGwAYQB0AGkAbwBuACAAYQBuAGQAIAB1A
HMAZQAuACAAIABZAG8AdQAgAG0AYQB5ADoACgAJACgAYQApACAAaQBuAHMAdABhAGwAbAAgAGEAbgBkAC
AAdQBzAGUAIABhACAAYwBvAHAAeQAgAG8AZgAgAHQAaABlACAAUwBvAGYAdAB3AGEAcgBlACAAbwBuACA
AbwBuAGUAIABwAGUAcgBzAG8AbgBhAGwAIABjAG8AbQBwAHUAdABlAHIAIABvAHIAIABvAHQAaABlAHIA
IABkAGUAdgBpAGMAZQA7ACAAYQBuAGQAIAAKAAkAKABiACkAIABpAG4AcwB0AGEAbABsACAAYQBuACAAY
QBkAGQAaQB0AGkAbwBuAGEAbAAgAGMAbwBwAHkAIABvAGYAIAB0AGgAZQAgAFMAbwBmAHQAdwBhAHIAZQ
AgAG8AbgAgAGEAIABzAGUAYwBvAG4AZAAsACAAcABvAHIAdABhAGIAbABlACAAZABlAHYAaQBjAGUAIAB
mAG8AcgAgAHQAaABlACAAZQB4AGMAbAB1AHMAaQB2AGUAIAB1AHMAZQAgAG8AZgAgAHQAaABlACAAcABy
AGkAbQBhAHIAeQAgAHUAcwBlAHIAIABvAGYAIAB0AGgAZQAgAGYAaQByAHMAdAAgAGMAbwBwAHkAIABvA
GYAIAB0AGgAZQAgAFMAbwBmAHQAdwBhAHIAZQAuAAoAMQAuADIACQBBAGwAdABlAHIAbgBhAHQAaQB2AG
UAIABSAGkAZwBoAHQAcwAgAGYAbwByACAAUwB0AG8AcgBhAGcAZQAvAE4AZQB0AHcAbwByAGsAIABVAHM
AZQAuACAAIABBAHMAIABhAG4AIABhAGwAdABlAHIAbgBhAHQAaQB2AGUAIAB0AG8AIABTAGUAYwB0AGkA
bwBuACAAMQAuADEAKABhACkALAAgAHkAbwB1ACAAbQBhAHkAIABpAG4AcwB0AGEAbABsACAAYQAgAGMAb
wBwAHkAIABvAGYAIAB0AGgAZQAgAFMAbwBmAHQAdwBhAHIAZQAgAG8AbgAgAGEAIABuAGUAdAB3AG8Acg
BrACAAcwB0AG8AcgBhAGcAZQAgAGQAZQB2AGkAYwBlACwAIABzAHUAYwBoACAAYQBzACAAYQAgAHMAZQB
yAHYAZQByACAAYwBvAG0AcAB1AHQAZQByACwAIABhAG4AZAAgAGEAbABsAG8AdwAgAG8AbgBlACAAYQBj
AGMAZQBzAHMAIABkAGUAdgBpAGMAZQAsACAAcwB1AGMAaAAgAGEAcwAgAGEAIABwAGUAcgBzAG8AbgBhA
GwAIABjAG8AbQBwAHUAdABlAHIALAAgAHQAbwAgAGEAYwBjAGUAcwBzACAAYQBuAGQAIAB1AHMAZQAgAH
QAaABhAHQAIABsAGkAYwBlAG4AcwBlAGQAIABjAG8AcAB5ACAAbwBmACAAdABoAGUAIABTAG8AZgB0AHc
AYQByAGUAIABvAHYAZQByACAAYQAgAHAAcgBpAHYAYQB0AGUAIABuAGUAdAB3AG8AcgBrAC4AIAAgAFkA
bwB1ACAAbQB1AHMAdAAgAG8AYgB0AGEAaQBuACAAYQAgAGwAaQBjAGUAbgBzAGUAIAB0AG8AIAB0AGgAZ
QAgAFMAbwBmAHQAdwBhAHIAZQAgAGYAbwByACAAZQBhAGMAaAAgAGEAZABkAGkAdABpAG8AbgBhAGwAIA
BkAGUAdgBpAGMAZQAgAHQAaABhAHQAIABhAGMAYwBlAHMAcwBlAHMAIABhAG4AZAAgAHUAcwBlAHMAIAB
0AGgAZQAgAFMAbwBmAHQAdwBhAHIAZQAgAGkAbgBzAHQAYQBsAGwAZQBkACAAbwBuACAAdABoAGUAIABu
AGUAdAB3AG8AcgBrACAAcwB0AG8AcgBhAGcAZQAgAGQAZQB2AGkAYwBlACwAIABlAHgAYwBlAHAAdAAgA
GEAcwAgAHAAZQByAG0AaQB0AHQAZQBkACAAYgB5ACAAUwBlAGMAdABpAG8AbgAgADEALgA0ACAAbwBmAC
AAdABoAGkAcwAgAEUAVQBMAEEALgAgACAACgAxAC4AMwAJAEwAaQBjAGUAbgBzAGUAIABHAHIAYQBuAHQ
AIABmAG8AcgAgAFIAZQBtAG8AdABlACAARABlAHMAawB0AG8AcAAuACAAIABZAG8AdQAgAG0AYQB5ACAA
dQBzAGUAIAByAGUAbQBvAHQAZQAgAGEAYwBjAGUAcwBzACAAdABlAGMAaABuAG8AbABvAGcAaQBlAHMAL
AAgAHMAdQBjAGgAIABhAHMAIAB0AGgAZQAgAFIAZQBtAG8AdABlACAARABlAHMAawB0AG8AcAAgAGYAZQ
BhAHQAdQByAGUAcwAgAGkAbgAgAE0AaQBjAHIAbwBzAG8AZgB0ACAAVwBpAG4AZABvAHcAcwAgAG8AcgA
gAE4AZQB0AE0AZQBlAHQAaQBuAGcALAAgAHQAbwAgAGEAYwBjAGUAcwBzACAAYQBuAGQAIAB1AHMAZQAg
AHkAbwB1AHIAIABsAGkAYwBlAG4AcwBlAGQAIABjAG8AcAB5ACAAbwBmACAAdABoAGUAIABTAG8AZgB0A
HcAYQByAGUALAAgAHAAcgBvAHYAaQBkAGUAZAAgAHQAaABhAHQAIABvAG4AbAB5ACAAdABoAGUAIABwAH
IAaQBtAGEAcgB5ACAAdQBzAGUAcgAgAG8AZgAgAHQAaABlACAAZABlAHYAaQBjAGUAIABoAG8AcwB0AGk
AbgBnACAAdABoAGUAIAByAGUAbQBvAHQAZQAgAGQAZQBzAGsAdABvAHAAIABzAGUAcwBzAGkAbwBuACAA
YQBjAGMAZQBzAHMAZQBzACAAYQBuAGQAIAB1AHMAZQBzACAAdABoAGUAIABTAG8AZgB0AHcAYQByAGUAI
AB3AGkAdABoACAAYQAgAHIAZQBtAG8AdABlACAAYQBjAGMAZQBzAHMAIABkAGUAdgBpAGMAZQAuACAAIA
BUAGgAZQBzAGUAIAByAGUAbQBvAHQAZQAgAGQAZQBzAGsAdABvAHAAIAByAGkAZwBoAHQAcwAgAGQAbwA
gAG4AbwB0ACAAcABlAHIAbQBpAHQAIAB5AG8AdQAgAHQAbwAgAHUAcwBlACAAdABoAGUAIABTAG8AZgB0
AHcAYQByAGUAIABvAG4AIABiAG8AdABoACAAdABoAGUAIABkAGUAdgBpAGMAZQAgAGgAbwBzAHQAaQBuA
GcAIAB0AGgAZQAgAHIAZQBtAG8AdABlACAAZABlAHMAawB0AG8AcAAgAHMAZQBzAHMAaQBvAG4AIABhAG
4AZAAgAHQAaABlACAAYQBjAGMAZQBzAHMAIABkAGUAdgBpAGMAZQAgAGEAdAAgAHQAaABlACAAcwBhAG0
AZQAgAHQAaQBtAGUALgAKADEALgA0AAkATABpAGMAZQBuAHMAZQAgAEcAcgBhAG4AdAAgAGYAbwByACAA
UgBlAG0AbwB0AGUAIABBAHMAcwBpAHMAdABhAG4AYwBlAC4AIAAgAFkAbwB1ACAAbQBhAHkAIABwAGUAc
gBtAGkAdAAgAGEAbgB5ACAAZABlAHYAaQBjAGUAIAB0AG8AIABhAGMAYwBlAHMAcwAgAGEAbgBkACAAdQ
BzAGUAIAB5AG8AdQByACAAbABpAGMAZQBuAHMAZQBkACAAYwBvAHAAeQAgAG8AZgAgAHQAaABlACAAUwB
vAGYAdAB3AGEAcgBlACAAZgBvAHIAIAB0AGgAZQAgAHMAbwBsAGUAIABwAHUAcgBwAG8AcwBlACAAbwBm
ACAAcAByAG8AdgBpAGQAaQBuAGcAIAB5AG8AdQAgAHcAaQB0AGgAIAB0AGUAYwBoAG4AaQBjAGEAbAAgA
HMAdQBwAHAAbwByAHQAIABhAG4AZAAgAG0AYQBpAG4AdABlAG4AYQBuAGMAZQAgAHMAZQByAHYAaQBjAG
UAcwAuAAoAMQAuADUACQBMAGkAYwBlAG4AcwBlACAARwByAGEAbgB0ACAAZgBvAHIAIABNAGUAZABpAGE
AIABFAGwAZQBtAGUAbgB0AHMALgAgACAAVABoAGUAIABTAG8AZgB0AHcAYQByAGUAIABtAGEAeQAgAGkA
bgBjAGwAdQBkAGUAIABjAGUAcgB0AGEAaQBuACAAcABoAG8AdABvAGcAcgBhAHAAaABzACwAIABjAGwAa
QBwACAAYQByAHQALAAgAHMAaABhAHAAZQBzACwAIABhAG4AaQBtAGEAdABpAG8AbgBzACwAIABzAG8AdQ
BuAGQAcwAsACAAbQB1AHMAaQBjACAAYQBuAGQAIAB2AGkAZABlAG8AIABjAGwAaQBwAHMAIAB0AGgAYQB
0ACAAYQByAGUAIABpAGQAZQBuAHQAaQBmAGkAZQBkACAAaQBuACAAdABoAGUAIABTAG8AZgB0AHcAYQBy
AGUAIABmAG8AcgAgAHkAbwB1AHIAIAB1AHMAZQAgACgAdABvAGcAZQB0AGgAZQByACAAIgBNAGUAZABpA
GEAIABFAGwAZQBtAGUAbgB0AHMAIgApAC4AIAAgAFkAbwB1ACAAbQBhAHkAIABjAG8AcAB5ACAAYQBuAG
QAIABtAG8AZABpAGYAeQAgAHQAaABlACAATQBlAGQAaQBhACAARQBsAGUAbQBlAG4AdABzACwAIABhAG4
AZAAgAGwAaQBjAGUAbgBzAGUALAAgAGQAaQBzAHAAbABhAHkAIABhAG4AZAAgAGQAaQBzAHQAcgBpAGIA
dQB0AGUAIAB0AGgAZQBtACwAIABhAGwAbwBuAGcAIAB3AGkAdABoACAAeQBvAHUAcgAgAG0AbwBkAGkAZ
gBpAGMAYQB0AGkAbwBuAHMAIABhAHMAIABwAGEAcgB0ACAAbwBmACAAeQBvAHUAcgAgAHMAbwBmAHQAdw
BhAHIAZQAgAHAAcgBvAGQAdQBjAHQAcwAgAGEAbgBkACAAcwBlAHIAdgBpAGMAZQBzACwAIABpAG4AYwB
sAHUAZABpAG4AZwAgAHkAbwB1AHIAIAB3AGUAYgAgAHMAaQB0AGUAcwAsACAAYgB1AHQAIAB5AG8AdQAg
AGEAcgBlACAAbgBvAHQAIABsAGkAYwBlAG4AcwBlAGQAIAB0AG8AIABkAG8AIABhAG4AeQAgAG8AZgAgA
HQAaABlACAAZgBvAGwAbABvAHcAaQBuAGcAOgAKACIgCQBZAG8AdQAgAG0AYQB5ACAAbgBvAHQAIABzAG
UAbABsACwAIABsAGkAYwBlAG4AcwBlACAAbwByACAAZABpAHMAdAByAGkAYgB1AHQAZQAgAGMAbwBwAGk
AZQBzACAAbwBmACAAdABoAGUAIABNAGUAZABpAGEAIABFAGwAZQBtAGUAbgB0AHMAIABiAHkAIAB0AGgA
ZQBtAHMAZQBsAHYAZQBzACAAbwByACAAYQBzACAAcABhAHIAdAAgAG8AZgAgAGEAbgB5ACAAYwBvAGwAb
ABlAGMAdABpAG8AbgAsACAAcAByAG8AZAB1AGMAdAAgAG8AcgAgAHMAZQByAHYAaQBjAGUAIABpAGYAIA
B0AGgAZQAgAHAAcgBpAG0AYQByAHkAIAB2AGEAbAB1AGUAIABvAGYAIAB0AGgAZQAgAHAAcgBvAGQAdQB
jAHQAIABvAHIAIABzAGUAcgB2AGkAYwBlACAAaQBzACAAaQBuACAAdABoAGUAIABNAGUAZABpAGEAIABF
AGwAZQBtAGUAbgB0AHMALgAKACIgCQBZAG8AdQAgAG0AYQB5ACAAbgBvAHQAIABnAHIAYQBuAHQAIABjA
HUAcwB0AG8AbQBlAHIAcwAgAG8AZgAgAHkAbwB1AHIAIABwAHIAbwBkAHUAYwB0ACAAbwByACAAcwBlAH
IAdgBpAGMAZQAgAGEAbgB5ACAAcgBpAGcAaAB0AHMAIAB0AG8AIABsAGkAYwBlAG4AcwBlACAAbwByACA
AZABpAHMAdAByAGkAYgB1AHQAZQAgAHQAaABlACAATQBlAGQAaQBhACAARQBsAGUAbQBlAG4AdABzAC4A
CgAiIAkAWQBvAHUAIABtAGEAeQAgAG4AbwB0ACAAbABpAGMAZQBuAHMAZQAgAG8AcgAgAGQAaQBzAHQAc
gBpAGIAdQB0AGUAIABhAG4AeQAgAG8AZgAgAHQAaABlACAATQBlAGQAaQBhACAARQBsAGUAbQBlAG4AdA
BzACAAdABoAGEAdAAgAGkAbgBjAGwAdQBkAGUAIAByAGUAcAByAGUAcwBlAG4AdABhAHQAaQBvAG4AcwA
gAG8AZgAgAGkAZABlAG4AdABpAGYAaQBhAGIAbABlACAAaQBuAGQAaQB2AGkAZAB1AGEAbABzACwAIABn
AG8AdgBlAHIAbgBtAGUAbgB0AHMALAAgAGwAbwBnAG8AcwAsACAAaQBuAGkAdABpAGEAbABzACwAIABlA
G0AYgBsAGUAbQBzACwAIAB0AHIAYQBkAGUAbQBhAHIAawBzACwAIABvAHIAIABlAG4AdABpAHQAaQBlAH
MAIABmAG8AcgAgAGEAbgB5ACAAYwBvAG0AbQBlAHIAYwBpAGEAbAAgAHAAdQByAHAAbwBzAGUAcwAgAG8
AcgAgAHQAbwAgAGUAeABwAHIAZQBzAHMAIABvAHIAIABpAG0AcABsAHkAIABhAG4AeQAgAGUAbgBkAG8A
cgBzAGUAbQBlAG4AdAAgAG8AcgAgAGEAcwBzAG8AYwBpAGEAdABpAG8AbgAgAHcAaQB0AGgAIABhAG4Ae
QAgAHAAcgBvAGQAdQBjAHQALAAgAHMAZQByAHYAaQBjAGUALAAgAGUAbgB0AGkAdAB5ACwAIABvAHIAIA
BhAGMAdABpAHYAaQB0AHkALgAKACIgCQBZAG8AdQAgAG0AYQB5ACAAbgBvAHQAIABjAHIAZQBhAHQAZQA
gAG8AYgBzAGMAZQBuAGUAIABvAHIAIABzAGMAYQBuAGQAYQBsAG8AdQBzACAAdwBvAHIAawBzACwAIABh
AHMAIABkAGUAZgBpAG4AZQBkACAAYgB5ACAAZgBlAGQAZQByAGEAbAAgAGwAYQB3ACAAYQB0ACAAdABoA
GUAIAB0AGkAbQBlACAAdABoAGUAIAB3AG8AcgBrACAAaQBzACAAYwByAGUAYQB0AGUAZAAsACAAdQBzAG
kAbgBnACAAdABoAGUAIABNAGUAZABpAGEAIABFAGwAZQBtAGUAbgB0AHMALgAKAEkAbgAgAGEAZABkAGk
AdABpAG8AbgAsACAAeQBvAHUAIABtAHUAcwB0ACAAKABhACkAIABpAG4AZABlAG0AbgBpAGYAeQAgAGEA
bgBkACAAZABlAGYAZQBuAGQAIABNAGkAYwByAG8AcwBvAGYAdAAgAGYAcgBvAG0AIABhAG4AZAAgAGEAZ
wBhAGkAbgBzAHQAIABhAG4AeQAgAGMAbABhAGkAbQBzACAAbwByACAAbABhAHcAcwB1AGkAdABzACwAIA
BpAG4AYwBsAHUAZABpAG4AZwAgAGEAdAB0AG8AcgBuAGUAeQBzACcAIABmAGUAZQBzACAAdABoAGEAdAA
gAGEAcgBpAHMAZQAgAGYAcgBvAG0AIABvAHIAIAByAGUAcwB1AGwAdAAgAGYAcgBvAG0AIAB0AGgAZQAg
AGwAaQBjAGUAbgBzAGkAbgBnACwAIAB1AHMAZQAgAG8AcgAgAGQAaQBzAHQAcgBpAGIAdQB0AGkAbwBuA
CAAbwBmACAATQBlAGQAaQBhACAARQBsAGUAbQBlAG4AdABzACAAYQBzACAAbQBvAGQAaQBmAGkAZQBkAC
AAYgB5ACAAeQBvAHUALAAgAGEAbgBkACAAKABiACkAIABpAG4AYwBsAHUAZABlACAAYQAgAHYAYQBsAGk
AZAAgAGMAbwBwAHkAcgBpAGcAaAB0ACAAbgBvAHQAaQBjAGUAIABvAG4AIAB5AG8AdQByACAAcAByAG8A
ZAB1AGMAdABzACAAYQBuAGQAIABzAGUAcgB2AGkAYwBlAHMAIAB0AGgAYQB0ACAAaQBuAGMAbAB1AGQAZ
QAgAHQAaABlACAATQBlAGQAaQBhACAARQBsAGUAbQBlAG4AdABzAC4ACgAxAC4ANgAJAEwAaQBjAGUAbg
BzAGUAIABHAHIAYQBuAHQAIABmAG8AcgAgAEQAbwBjAHUAbQBlAG4AdABhAHQAaQBvAG4ALgAgACAAVAB
oAGUAIABkAG8AYwB1AG0AZQBuAHQAYQB0AGkAbwBuACAAdABoAGEAdAAgAGEAYwBjAG8AbQBwAGEAbgBp
AGUAcwAgAHQAaABlACAAUwBvAGYAdAB3AGEAcgBlACAAaQBzACAAbABpAGMAZQBuAHMAZQBkACAAZgBvA
HIAIABpAG4AdABlAHIAbgBhAGwALAAgAG4AbwBuAC0AYwBvAG0AbQBlAHIAYwBpAGEAbAAgAHIAZQBmAG
UAcgBlAG4AYwBlACAAcAB1AHIAcABvAHMAZQBzACAAbwBuAGwAeQAuAAoAMQAuADcACQBMAGkAYwBlAG4
AcwBlACAARwByAGEAbgB0ACAAZgBvAHIAIABUAGUAbQBwAGwAYQB0AGUAcwAuACAAIABUAGgAZQAgAFMA
bwBmAHQAdwBhAHIAZQAgAG0AYQB5ACAAaQBuAGMAbAB1AGQAZQAgAGQAbwBjAHUAbQBlAG4AdAAgAHQAZ
QBtAHAAbABhAHQAZQBzAC4AIAAgAFkAbwB1ACAAbQBhAHkAIABjAG8AcAB5ACAAYQBuAGQAIABtAG8AZA
BpAGYAeQAgAHQAaABlACAAZABvAGMAdQBtAGUAbgB0ACAAdABlAG0AcABsAGEAdABlAHMAIABhAHYAYQB
pAGwAYQBiAGwAZQAgAGEAcwAgAHAAYQByAHQAIABvAGYAIAB0AGgAZQAgAE0AaQBjAHIAbwBzAG8AZgB0
ACAAcwBvAGYAdAB3AGEAcgBlACAAdABoAGEAdAAgAGEAYwBjAG8AbQBwAGEAbgBpAGUAcwAgAHQAaABpA
HMAIABFAFUATABBACAAYQBuAGQAIABkAGkAcwB0AHIAaQBiAHUAdABlACAAcwB1AGMAaAAgAHQAZQBtAH
AAbABhAHQAZQBzACAAYQBsAG8AbgBnACAAdwBpAHQAaAAgAHkAbwB1AHIAIABtAG8AZABpAGYAaQBjAGE
AdABpAG8AbgBzACAAZgBvAHIAIAB1AHMAZQAgAGIAeQAgAG8AdABoAGUAcgAgAGwAaQBjAGUAbgBzAGUA
ZQBzACAAbwBmACAAdABoAGUAIABTAG8AZgB0AHcAYQByAGUALgAgACAAWQBvAHUAIABhAGwAcwBvACAAb
QBhAHkAIABjAG8AcAB5ACwAIABtAG8AZABpAGYAeQAgAGEAbgBkACAAZABpAHMAdAByAGkAYgB1AHQAZQ
AgAHQAaABlACAAdABlAG0AcABsAGEAdABlAHMAIABhAHYAYQBpAGwAYQBiAGwAZQAgAHQAaAByAG8AdQB
nAGgAIAByAGUAbABhAHQAZQBkACAASQBuAHQAZQByAG4AZQB0AC0AYgBhAHMAZQBkACAAcwBlAHIAdgBp
AGMAZQBzACAAYQBsAG8AbgBnACAAdwBpAHQAaAAgAHkAbwB1AHIAIABtAG8AZABpAGYAaQBjAGEAdABpA
G8AbgBzACAAZgBvAHIAIAB1AHMAZQAgAGIAeQAgAG8AdABoAGUAcgAgAGwAaQBjAGUAbgBzAGUAZQBzAC
AAbwBmACAAdABoAGUAIABTAG8AZgB0AHcAYQByAGUALAAgAGIAdQB0ACAAbwBuAGwAeQAgAGYAbwByACA
AcABlAHIAcwBvAG4AYQBsACAAbwByACAAYwBvAG0AbQBlAHIAYwBpAGEAbAAgAGMAbwByAHIAZQBzAHAA
bwBuAGQAZQBuAGMAZQAgAGkAbgB2AG8AbAB2AGkAbgBnACAAcABlAHIAcwBvAG4ALQB0AG8ALQBwAGUAc
gBzAG8AbgAgAGMAbwBtAG0AdQBuAGkAYwBhAHQAaQBvAG4ALgAgACAAWQBvAHUAIABhAHIAZQAgAG4Abw
B0ACAAbABpAGMAZQBuAHMAZQBkACAAdABvACAAZABvACAAYQBuAHkAIABvAGYAIAB0AGgAZQAgAGYAbwB
sAGwAbwB3AGkAbgBnADoACgAiIAkAWQBvAHUAIABtAGEAeQAgAG4AbwB0ACAAcwBlAGwAbAAsACAAcgBl
AHMAZQBsAGwALAAgAGwAaQBjAGUAbgBzAGUALAAgAHIAZQBuAHQALAAgAGwAZQBhAHMAZQAsACAAbABlA
G4AZAAsACAAbwByACAAbwB0AGgAZQByAHcAaQBzAGUAIAB0AHIAYQBuAHMAZgBlAHIAIABmAG8AcgAgAH
YAYQBsAHUAZQAsACAAdABoAGUAIAB0AGUAbQBwAGwAYQB0AGUAcwAuAAoAIiAJAFkAbwB1ACAAbQBhAHk
AIABuAG8AdAAgAGQAaQBzAHQAcgBpAGIAdQB0AGUAIAB0AGgAZQAgAHQAZQBtAHAAbABhAHQAZQBzACAA
YQB2AGEAaQBsAGEAYgBsAGUAIAB2AGkAYQAgAEkAbgB0AGUAcgBuAGUAdAAtAGIAYQBzAGUAZAAgAHMAZ
QByAHYAaQBjAGUAcwAgAGEAcwAgAHAAYQByAHQAIABvAGYAIABhAG4AeQAgAHAAcgBvAGQAdQBjAHQAIA
BvAHIAIABzAGUAcgB2AGkAYwBlAC4ACgAiIAkAWQBvAHUAIABtAGEAeQAgAG4AbwB0ACAAYwBvAHAAeQA
gAG8AcgAgAHAAbwBzAHQAIABhAG4AeQAgAHQAZQBtAHAAbABhAHQAZQBzACAAYQB2AGEAaQBsAGEAYgBs
AGUAIAB0AGgAcgBvAHUAZwBoACAASQBuAHQAZQByAG4AZQB0AC0AYgBhAHMAZQBkACAAcwBlAHIAdgBpA
GMAZQBzACAAbwBuACAAYQBuAHkAIABuAGUAdAB3AG8AcgBrACAAYwBvAG0AcAB1AHQAZQByACAAbwByAC
AAYgByAG8AYQBkAGMAYQBzAHQAIABpAHQAIABpAG4AIABhAG4AeQAgAG0AZQBkAGkAYQAuACAAIAAKAFk
AbwB1ACAAbQB1AHMAdAAgAGkAbgBkAGUAbQBuAGkAZgB5ACAAYQBuAGQAIABkAGUAZgBlAG4AZAAgAE0A
aQBjAHIAbwBzAG8AZgB0ACAAYQBnAGEAaQBuAHMAdAAgAGEAbgB5ACAAYwBsAGEAaQBtAHMAIABvAHIAI
ABsAGEAdwBzAHUAaQB0AHMALAAgAGkAbgBjAGwAdQBkAGkAbgBnACAAYQB0AHQAbwByAG4AZQB5AHMAJw
AgAGYAZQBlAHMALAAgAHQAaABhAHQAIABhAHIAaQBzAGUAIABmAHIAbwBtACAAbwByACAAcgBlAHMAdQB
sAHQAIABmAHIAbwBtACAAdABoAGUAIABsAGkAYwBlAG4AcwBpAG4AZwAgAG8AcgAgAGQAaQBzAHQAcgBp
AGIAdQB0AGkAbwBuACAAbwBmACAAdABoAGUAIAB0AGUAbQBwAGwAYQB0AGUAcwAgAGEAcwAgAG0AbwBkA
GkAZgBpAGUAZAAgAGIAeQAgAHkAbwB1AC4ACgAyAC4ACQBEAEUAUwBDAFIASQBQAFQASQBPAE4AIABPAE
YAIABPAFQASABFAFIAIABSAEkARwBIAFQAUwAgAEEATgBEACAATABJAE0ASQBUAEEAVABJAE8ATgBTAAo
AMgAuADEACQBNAGEAbgBkAGEAdABvAHIAeQAgAEEAYwB0AGkAdgBhAHQAaQBvAG4ALgAgACAAVABIAEUA
UgBFACAAQQBSAEUAIABUAEUAQwBIAE4ATwBMAE8ARwBJAEMAQQBMACAATQBFAEEAUwBVAFIARQBTACAAS
QBOACAAVABIAEkAUwAgAFMATwBGAFQAVwBBAFIARQAgAFQASABBAFQAIABBAFIARQAgAEQARQBTAEkARw
BOAEUARAAgAFQATwAgAFAAUgBFAFYARQBOAFQAIABVAE4ATABJAEMARQBOAFMARQBEACAAVQBTAEUAIAB
PAEYAIABUAEgARQAgAFMATwBGAFQAVwBBAFIARQAuACAAIAAgAFkAbwB1ACAAbQBhAHkAIABuAG8AdAAg
AGIAZQAgAGEAYgBsAGUAIAB0AG8AIABlAHgAZQByAGMAaQBzAGUAIAB5AG8AdQByACAAcgBpAGcAaAB0A
HMAIAB0AG8AIAB0AGgAZQAgAFMAbwBmAHQAdwBhAHIAZQAgAHUAbgBkAGUAcgAgAHQAaABpAHMAIABFAF
UATABBACAAYQBmAHQAZQByACAAYQAgAGYAaQBuAGkAdABlACAAbgB1AG0AYgBlAHIAIABvAGYAIABwAHI
AbwBkAHUAYwB0ACAAbABhAHUAbgBjAGgAZQBzACAAdQBuAGwAZQBzAHMAIAB5AG8AdQAgAGEAYwB0AGkA
dgBhAHQAZQAgAHkAbwB1AHIAIABjAG8AcAB5ACAAbwBmACAAdABoAGUAIABTAG8AZgB0AHcAYQByAGUAI
ABpAG4AIAB0AGgAZQAgAG0AYQBuAG4AZQByACAAZABlAHMAYwByAGkAYgBlAGQAIABkAHUAcgBpAG4AZw
AgAHQAaABlACAAbABhAHUAbgBjAGgAIABzAGUAcQB1AGUAbgBjAGUALgAgACAAWQBvAHUAIABtAGEAeQA
gAGEAbABzAG8AIABuAGUAZQBkACAAdABvACAAcgBlAGEAYwB0AGkAdgBhAHQAZQAgAHQAaABlACAAUwBv
AGYAdAB3AGEAcgBlACAAaQBmACAAeQBvAHUAIABtAG8AZABpAGYAeQAgAHkAbwB1AHIAIABjAG8AbQBwA
HUAdABlAHIAIABoAGEAcgBkAHcAYQByAGUAIABvAHIAIABhAGwAdABlAHIAIAB0AGgAZQAgAFMAbwBmAH
QAdwBhAHIAZQAuACAAIABNAGkAYwByAG8AcwBvAGYAdAAgAHcAaQBsAGwAIAB1AHMAZQAgAHQAaABvAHM
AZQAgAG0AZQBhAHMAdQByAGUAcwAgAHQAbwAgAGMAbwBuAGYAaQByAG0AIAB5AG8AdQAgAGgAYQB2AGUA
IABhACAAbABlAGcAYQBsAGwAeQAgAGwAaQBjAGUAbgBzAGUAZAAgAGMAbwBwAHkAIABvAGYAIAB0AGgAZ
QAgAFMAbwBmAHQAdwBhAHIAZQAuACAAIABJAGYAIAB5AG8AdQAgAGEAcgBlACAAbgBvAHQAIAB1AHMAaQ
BuAGcAIABhACAAbABpAGMAZQBuAHMAZQBkACAAYwBvAHAAeQAgAG8AZgAgAHQAaABlACAAUwBvAGYAdAB
3AGEAcgBlACwAIAB5AG8AdQAgAGEAcgBlACAAbgBvAHQAIABhAGwAbABvAHcAZQBkACAAdABvACAAaQBu
AHMAdABhAGwAbAAgAHQAaABlACAAUwBvAGYAdAB3AGEAcgBlACAAbwByACAAZgB1AHQAdQByAGUAIABTA
G8AZgB0AHcAYQByAGUAIAB1AHAAZABhAHQAZQBzAC4AIAAgAE0AaQBjAHIAbwBzAG8AZgB0ACAAdwBpAG
wAbAAgAG4AbwB0ACAAYwBvAGwAbABlAGMAdAAgAGEAbgB5ACAAcABlAHIAcwBvAG4AYQBsAGwAeQAgAGk
AZABlAG4AdABpAGYAaQBhAGIAbABlACAAaQBuAGYAbwByAG0AYQB0AGkAbwBuACAAZgByAG8AbQAgAHkA
bwB1AHIAIABkAGUAdgBpAGMAZQAgAGQAdQByAGkAbgBnACAAdABoAGkAcwAgAHAAcgBvAGMAZQBzAHMAL
gAKADIALgAyAAkASQBuAHQAZQByAG4AZQB0AC0AQgBhAHMAZQBkACAAUwBlAHIAdgBpAGMAZQBzAC4AIA
AgAFkAbwB1ACAAbQBhAHkAIABuAG8AdAAgAHUAcwBlACAAYQBuAHkAIABNAGkAYwByAG8AcwBvAGYAdAA
gAEkAbgB0AGUAcgBuAGUAdAAtAGIAYQBzAGUAZAAgAHMAZQByAHYAaQBjAGUAcwAgAGEAcwBzAG8AYwBp
AGEAdABlAGQAIAB3AGkAdABoACA"
"Current5"="AGkAZQAgAGwAaQBtAGkAdADpAGUAIABlAHQAIABkAGEAbgBzACAAbABhACAAbQBlAHMAdQByAGU
AIABtAGEAeABpAG0AYQBsAGUAIABwAGUAcgBtAGkAcwBlACAAcABhAHIAIABsAGUAcwAgAGwAbwBpAHMA
IABhAHAAcABsAGkAYwBhAGIAbABlAHMALAAgAGwAZQAgAEwAbwBnAGkAYwBpAGUAbAAgAGUAdAAgAGwAZ
QBzACAAcwBlAHIAdgBpAGMAZQBzACAAZABlACAAcwBvAHUAdABpAGUAbgAgAHQAZQBjAGgAbgBpAHEAdQ
BlACAAKABsAGUAIABjAGEAcwAgAOkAYwBoAOkAYQBuAHQAKQAgAHMAbwBuAHQAIABmAG8AdQByAG4AaQB
zACAAVABFAEwAUwAgAFEAVQBFAEwAUwAgAEUAVAAgAEEAVgBFAEMAIABUAE8AVQBTACAATABFAFMAIABE
AMkARgBBAFUAVABTACAAcABhAHIAIABNAGkAYwByAG8AcwBvAGYAdAAgAGUAdAAgAHMAZQBzACAAZgBvA
HUAcgBuAGkAcwBzAGUAdQByAHMALAAgAGwAZQBzAHEAdQBlAGwAcwAgAHAAYQByACAAbABlAHMAIABwAH
IA6QBzAGUAbgB0AGUAcwAgAGQA6QBuAGkAZQBuAHQAIAB0AG8AdQB0AGUAcwAgAGEAdQB0AHIAZQBzACA
AZwBhAHIAYQBuAHQAaQBlAHMAIABlAHQAIABjAG8AbgBkAGkAdABpAG8AbgBzACAAZQB4AHAAcgBlAHMA
cwBlAHMALAAgAGkAbQBwAGwAaQBjAGkAdABlAHMAIABvAHUAIABlAG4AIAB2AGUAcgB0AHUAIABkAGUAI
ABsAGEAIABsAG8AaQAsACAAbgBvAHQAYQBtAG0AZQBuAHQAIAAoAGwAZQAgAGMAYQBzACAA6QBjAGgA6Q
BhAG4AdAApACAAbABlAHMAIABnAGEAcgBhAG4AdABpAGUAcwAsACAAZABlAHYAbwBpAHIAcwAgAG8AdQA
gAGMAbwBuAGQAaQB0AGkAbwBuAHMAIABpAG0AcABsAGkAYwBpAHQAZQBzACAAZABlACAAcQB1AGEAbABp
AHQA6QAgAG0AYQByAGMAaABhAG4AZABlACwAIABkACcAYQBkAGEAcAB0AGEAdABpAG8AbgAgAOAAIAB1A
G4AIAB1AHMAYQBnAGUAIABwAGEAcgB0AGkAYwB1AGwAaQBlAHIALAAgAGQAJwBlAHgAYQBjAHQAaQB0AH
UAZABlACAAbwB1ACAAZAAnAGUAeABoAGEAdQBzAHQAaQB2AGkAdADpACAAZABlAHMAIAByAOkAcABvAG4
AcwBlAHMALAAgAGQAZQBzACAAcgDpAHMAdQBsAHQAYQB0AHMALAAgAGQAZQBzACAAZQBmAGYAbwByAHQA
cwAgAGQA6QBwAGwAbwB5AOkAcwAgAHMAZQBsAG8AbgAgAGwAZQBzACAAcgDoAGcAbABlAHMAIABkAGUAI
ABsACcAYQByAHQALAAgAGQAJwBhAGIAcwBlAG4AYwBlACAAZABlACAAdgBpAHIAdQBzACAAZQB0ACAAZA
BlACAAbgDpAGcAbABpAGcAZQBuAGMAZQAsACAAbABlACAAdABvAHUAdAAgAOAAIABsACcA6QBnAGEAcgB
kACAAZAB1ACAATABvAGcAaQBjAGkAZQBsACAAZQB0ACAAZABlACAAbABhACAAcAByAGUAcwB0AGEAdABp
AG8AbgAgAGQAZQBzACAAcwBlAHIAdgBpAGMAZQBzACAAZABlACAAcwBvAHUAdABpAGUAbgAgAHQAZQBjA
GgAbgBpAHEAdQBlACAAbwB1ACAAZABlACAAbAAnAG8AbQBpAHMAcwBpAG8AbgAgAGQAJwB1AG4AZQAgAH
QAZQBsAGwAZQAgAHAAcgBlAHMAdABhAHQAaQBvAG4ALgAgAFAAQQBSACAAQQBJAEwATABFAFUAUgBTACw
AIABJAEwAIABOACcAWQAgAEEAIABBAFUAQwBVAE4ARQAgAEcAQQBSAEEATgBUAEkARQAgAE8AVQAgAEMA
TwBOAEQASQBUAEkATwBOACAAUQBVAEEATgBUACAAQQBVACAAVABJAFQAUgBFACAARABFACAAUABSAE8AU
ABSAEkAyQBUAMkALAAgAMAAIABMAEEAIABKAE8AVQBJAFMAUwBBAE4AQwBFACAATwBVACAATABBACAAUA
BPAFMAUwBFAFMAUwBJAE8ATgAgAFAAQQBJAFMASQBCAEwARQAsACAAwAAgAEwAQQAgAEMATwBOAEMATwB
SAEQAQQBOAEMARQAgAMAAIABVAE4ARQAgAEQARQBTAEMAUgBJAFAAVABJAE8ATgAgAE4ASQAgAFEAVQBB
AE4AVAAgAMAAIABVAE4ARQAgAEEAQgBTAEUATgBDAEUAIABEAEUAIABDAE8ATgBUAFIARQBGAEEAxwBPA
E4AIABDAE8ATgBDAEUAUgBOAEEATgBUACAATABFACAATABPAEcASQBDAEkARQBMAC4ACgBFAFgAQwBMAF
UAUwBJAE8ATgAgAEQARQBTACAARABPAE0ATQBBAEcARQBTACAAQQBDAEMARQBTAFMATwBJAFIARQBTACw
AIABJAE4ARABJAFIARQBDAFQAUwAgAEUAVAAgAEQARQAgAEMARQBSAFQAQQBJAE4AUwAgAEEAVQBUAFIA
RQBTACAARABPAE0ATQBBAEcARQBTAC4AIABEAEEATgBTACAATABBACAATQBFAFMAVQBSAEUAIABNAEEAW
ABJAE0AQQBMAEUAIABQAEUAUgBNAEkAUwBFACAAUABBAFIAIABMAEUAUwAgAEwATwBJAFMAIABBAFAAUA
BMAEkAQwBBAEIATABFAFMALAAgAEUATgAgAEEAVQBDAFUATgAgAEMAQQBTACAATQBJAEMAUgBPAFMATwB
GAFQAIABPAFUAIABTAEUAUwAgAEYATwBVAFIATgBJAFMAUwBFAFUAUgBTACAATgBFACAAUwBFAFIATwBO
AFQAIABSAEUAUwBQAE8ATgBTAEEAQgBMAEUAUwAgAEQARQBTACAARABPAE0ATQBBAEcARQBTACAAUwBQA
MkAQwBJAEEAVQBYACwAIABDAE8ATgBTAMkAQwBVAFQASQBGAFMALAAgAEEAQwBDAEUAUwBTAE8ASQBSAE
UAUwAgAE8AVQAgAEkATgBEAEkAUgBFAEMAVABTACAARABFACAAUQBVAEUATABRAFUARQAgAE4AQQBUAFU
AUgBFACAAUQBVAEUAIABDAEUAIABTAE8ASQBUACAAKABOAE8AVABBAE0ATQBFAE4AVAAsACAATABFAFMA
IABEAE8ATQBNAEEARwBFAFMAIADAACAATAAnAMkARwBBAFIARAAgAEQAVQAgAE0AQQBOAFEAVQBFACAAw
AAgAEcAQQBHAE4ARQBSACAATwBVACAARABFACAATABBACAARABJAFYAVQBMAEcAQQBUAEkATwBOACAARA
BFACAAUgBFAE4AUwBFAEkARwBOAEUATQBFAE4AVABTACAAQwBPAE4ARgBJAEQARQBOAFQASQBFAEwAUwA
gAE8AVQAgAEEAVQBUAFIARQBTACwAIABEAEUAIABMAEEAIABQAEUAUgBUAEUAIABEACcARQBYAFAATABP
AEkAVABBAFQASQBPAE4ALAAgAEQARQAgAEIATABFAFMAUwBVAFIARQBTACAAQwBPAFIAUABPAFIARQBMA
EwARQBTACwAIABEAEUAIABMAEEAIABWAEkATwBMAEEAVABJAE8ATgAgAEQARQAgAEwAQQAgAFYASQBFAC
AAUABSAEkAVgDJAEUALAAgAEQARQAgAEwAJwBPAE0ASQBTAFMASQBPAE4AIABEAEUAIABSAEUATQBQAEw
ASQBSACAAVABPAFUAVAAgAEQARQBWAE8ASQBSACwAIABZACAAQwBPAE0AUABSAEkAUwAgAEQAJwBBAEcA
SQBSACAARABFACAAQgBPAE4ATgBFACAARgBPAEkAIABPAFUAIABEACcARQBYAEUAUgBDAEUAUgAgAFUAT
gAgAFMATwBJAE4AIABSAEEASQBTAE8ATgBOAEEAQgBMAEUALAAgAEQARQAgAEwAQQAgAE4AyQBHAEwASQ
BHAEUATgBDAEUAIABFAFQAIABEAEUAIABUAE8AVQBUAEUAIABBAFUAVABSAEUAIABQAEUAUgBUAEUAIAB
QAMkAQwBVAE4ASQBBAEkAUgBFACAATwBVACAAQQBVAFQAUgBFACAAUABFAFIAVABFACAARABFACAAUQBV
AEUATABRAFUARQAgAE4AQQBUAFUAUgBFACAAUQBVAEUAIABDAEUAIABTAE8ASQBUACkAIABTAEUAIABSA
EEAUABQAE8AUgBUAEEATgBUACAARABFACAAUQBVAEUATABRAFUARQAgAE0AQQBOAEkAyABSAEUAIABRAF
UARQAgAEMARQAgAFMATwBJAFQAIADAACAATAAnAFUAVABJAEwASQBTAEEAVABJAE8ATgAgAEQAVQAgAEw
ATwBHAEkAQwBJAEUATAAgAE8AVQAgAMAAIABMACcASQBOAEMAQQBQAEEAQwBJAFQAyQAgAEQARQAgAFMA
JwBFAE4AIABTAEUAUgBWAEkAUgAsACAAwAAgAEwAQQAgAFAAUgBFAFMAVABBAFQASQBPAE4AIABPAFUAI
ADAACAATAAnAE8ATQBJAFMAUwBJAE8ATgAgAEQAJwBVAE4ARQAgAFQARQBMAEwARQAgAFAAUgBFAFMAVA
BBAFQASQBPAE4AIABEAEUAIABTAEUAUgBWAEkAQwBFAFMAIABEAEUAIABTAE8AVQBUAEkARQBOACAAVAB
FAEMASABOAEkAUQBVAEUAIABPAFUAIABBAFUAVABSAEUATQBFAE4AVAAgAEEAVQBYACAAVABFAFIATQBF
AFMAIABEAEUAIABUAE8AVQBUAEUAIABEAEkAUwBQAE8AUwBJAFQASQBPAE4AIABEAFUAIABQAFIAyQBTA
EUATgBUACAARQBVAEwAQQAgAE8AVQAgAFIARQBMAEEAVABJAFYARQBNAEUATgBUACAAwAAgAFUATgBFAC
AAVABFAEwATABFACAARABJAFMAUABPAFMASQBUAEkATwBOACwAIABNAMoATQBFACAARQBOACAAQwBBAFM
AIABEAEUAIABGAEEAVQBUAEUALAAgAEQARQAgAEQAyQBMAEkAVAAgAEMASQBWAEkATAAgACgAWQAgAEMA
TwBNAFAAUgBJAFMAIABMAEEAIABOAMkARwBMAEkARwBFAE4AQwBFACkALAAgAEQARQAgAFIARQBTAFAAT
wBOAFMAQQBCAEkATABJAFQAyQAgAFMAVABSAEkAQwBUAEUALAAgAEQARQAgAFYASQBPAEwAQQBUAEkATw
BOACAARABFACAAQwBPAE4AVABSAEEAVAAgAE8AVQAgAEQARQAgAFYASQBPAEwAQQBUAEkATwBOACAARAB
FACAARwBBAFIAQQBOAFQASQBFACAARABFACAATQBJAEMAUgBPAFMATwBGAFQAIABPAFUAIABEAEUAIABU
AE8AVQBUACAARgBPAFUAUgBOAEkAUwBTAEUAVQBSACAARQBUACAATQDKAE0ARQAgAFMASQAgAE0ASQBDA
FIATwBTAE8ARgBUACAATwBVACAAVABPAFUAVAAgAEYATwBVAFIATgBJAFMAUwBFAFUAUgAgAEEAIADJAF
QAyQAgAEEAVgBJAFMAyQAgAEQARQAgAEwAQQAgAFAATwBTAFMASQBCAEkATABJAFQAyQAgAEQARQAgAFQ
ARQBMAFMAIABEAE8ATQBNAEEARwBFAFMALgAKAEwASQBNAEkAVABBAFQASQBPAE4AIABEAEUAIABSAEUA
UwBQAE8ATgBTAEEAQgBJAEwASQBUAMkAIABFAFQAIABSAEUAQwBPAFUAUgBTAC4AIABNAGEAbABnAHIA6
QAgAGwAZQBzACAAZABvAG0AbQBhAGcAZQBzACAAcQB1AGUAIAB2AG8AdQBzACAAcAB1AGkAcwBzAGkAZQ
B6ACAAcwB1AGIAaQByACAAcABvAHUAcgAgAHEAdQBlAGwAcQB1AGUAIABtAG8AdABpAGYAIABxAHUAZQA
gAGMAZQAgAHMAbwBpAHQAIAAoAG4AbwB0AGEAbQBtAGUAbgB0ACwAIAB0AG8AdQBzACAAbABlAHMAIABk
AG8AbQBtAGEAZwBlAHMAIABzAHUAcwBtAGUAbgB0AGkAbwBuAG4A6QBzACAAZQB0ACAAdABvAHUAcwAgA
GwAZQBzACAAZABvAG0AbQBhAGcAZQBzACAAZABpAHIAZQBjAHQAcwAgAG8AdQAgAGcA6QBuAOkAcgBhAH
UAeAApACwAIABsACcAbwBiAGwAaQBnAGEAdABpAG8AbgAgAGkAbgB0AOkAZwByAGEAbABlACAAZABlACA
ATQBpAGMAcgBvAHMAbwBmAHQAIABlAHQAIABkAGUAIABsACcAdQBuACAAbwB1ACAAbAAnAGEAdQB0AHIA
ZQAgAGQAZQAgAHMAZQBzACAAZgBvAHUAcgBuAGkAcwBzAGUAdQByAHMAIABhAHUAeAAgAHQAZQByAG0AZ
QBzACAAZABlACAAdABvAHUAdABlACAAZABpAHMAcABvAHMAaQB0AGkAbwBuACAAZAB1ACAAcAByAOkAcw
BlAG4AdAAgAEUAVQBMAEEAIABlAHQAIAB2AG8AdAByAGUAIAByAGUAYwBvAHUAcgBzACAAZQB4AGMAbAB
1AHMAaQBmACAA4AAgAGwAJwDpAGcAYQByAGQAIABkAGUAIAB0AG8AdQB0ACAAYwBlACAAcQB1AGkAIABw
AHIA6QBjAOgAZABlACAAKABzAGEAdQBmACAAZQBuACAAYwBlACAAcQB1AGkAIABjAG8AbgBjAGUAcgBuA
GUAIAB0AG8AdQB0ACAAcgBlAGMAbwB1AHIAcwAgAGQAZQAgAHIA6QBwAGEAcgBhAHQAaQBvAG4AIABvAH
UAIABkAGUAIAByAGUAbQBwAGwAYQBjAGUAbQBlAG4AdAAgAGMAaABvAGkAcwBpACAAcABhAHIAIABNAGk
AYwByAG8AcwBvAGYAdAAgAOAAIABsACcA6QBnAGEAcgBkACAAZABlACAAdABvAHUAdAAgAG0AYQBuAHEA
dQBlAG0AZQBuAHQAIADgACAAbABhACAAZwBhAHIAYQBuAHQAaQBlACAAbABpAG0AaQB0AOkAZQApACAAc
wBlACAAbABpAG0AaQB0AGUAIABhAHUAIABwAGwAdQBzACAA6QBsAGUAdgDpACAAZQBuAHQAcgBlACAAbA
BlAHMAIABtAG8AbgB0AGEAbgB0AHMAIABzAHUAaQB2AGEAbgB0AHMAIAA6ACAAbABlACAAbQBvAG4AdAB
hAG4AdAAgAHEAdQBlACAAdgBvAHUAcwAgAGEAdgBlAHoAIAByAOkAZQBsAGwAZQBtAGUAbgB0ACAAcABh
AHkA6QAgAHAAbwB1AHIAIABsAGUAIABMAG8AZwBpAGMAaQBlAGwAIABvAHUAIAA1ACwAMAAwACAAJABVA
FMALgAgAEwAZQBzACAAbABpAG0AaQB0AGUAcwAsACAAZQB4AGMAbAB1AHMAaQBvAG4AcwAgAGUAdAAgAG
QA6QBuAGkAcwAgAHEAdQBpACAAcAByAOkAYwDoAGQAZQBuAHQAIAAoAHkAIABjAG8AbQBwAHIAaQBzACA
AbABlAHMAIABjAGwAYQB1AHMAZQBzACAAYwBpAC0AZABlAHMAcwB1AHMAKQAsACAAcwAnAGEAcABwAGwA
aQBxAHUAZQBuAHQAIABkAGEAbgBzACAAbABhACAAbQBlAHMAdQByAGUAIABtAGEAeABpAG0AYQBsAGUAI
ABwAGUAcgBtAGkAcwBlACAAcABhAHIAIABsAGUAcwAgAGwAbwBpAHMAIABhAHAAcABsAGkAYwBhAGIAbA
BlAHMALAAgAG0A6gBtAGUAIABzAGkAIAB0AG8AdQB0ACAAcgBlAGMAbwB1AHIAcwAgAG4AJwBhAHQAdAB
lAGkAbgB0ACAAcABhAHMAIABzAG8AbgAgAGIAdQB0ACAAZQBzAHMAZQBuAHQAaQBlAGwALgAKAEwAYQAg
AHAAcgDpAHMAZQBuAHQAZQAgAEMAbwBuAHYAZQBuAHQAaQBvAG4AIABlAHMAdAAgAHIA6QBnAGkAZQAgA
HAAYQByACAAbABlAHMAIABsAG8AaQBzACAAZABlACAAbABhACAAcAByAG8AdgBpAG4AYwBlACAAZAAnAE
8AbgB0AGEAcgBpAG8ALAAgAEMAYQBuAGEAZABhAC4AIABDAGgAYQBjAHUAbgBlACAAZABlAHMAIABwAGE
AcgB0AGkAZQBzACAA4AAgAGwAYQAgAHAAcgDpAHMAZQBuAHQAZQAgAHIAZQBjAG8AbgBuAGEA7gB0ACAA
aQByAHIA6QB2AG8AYwBhAGIAbABlAG0AZQBuAHQAIABsAGEAIABjAG8AbQBwAOkAdABlAG4AYwBlACAAZ
ABlAHMAIAB0AHIAaQBiAHUAbgBhAHUAeAAgAGQAZQAgAGwAYQAgAHAAcgBvAHYAaQBuAGMAZQAgAGQAJw
BPAG4AdABhAHIAaQBvACAAZQB0ACAAYwBvAG4AcwBlAG4AdAAgAOAAIABpAG4AcwB0AGkAdAB1AGUAcgA
gAHQAbwB1AHQAIABsAGkAdABpAGcAZQAgAHEAdQBpACAAcABvAHUAcgByAGEAaQB0ACAAZADpAGMAbwB1
AGwAZQByACAAZABlACAAbABhACAAcAByAOkAcwBlAG4AdABlACAAYQB1AHAAcgDoAHMAIABkAGUAcwAgA
HQAcgBpAGIAdQBuAGEAdQB4ACAAcwBpAHQAdQDpAHMAIABkAGEAbgBzACAAbABlACAAZABpAHMAdAByAG
kAYwB0ACAAagB1AGQAaQBjAGkAYQBpAHIAZQAgAGQAZQAgAFkAbwByAGsALAAgAHAAcgBvAHYAaQBuAGM
AZQAgAGQAJwBPAG4AdABhAHIAaQBvAC4ACgBBAHUAIABjAGEAcwAgAG8A+QAgAHYAbwB1AHMAIABhAHUA
cgBpAGUAegAgAGQAZQBzACAAcQB1AGUAcwB0AGkAbwBuAHMAIABjAG8AbgBjAGUAcgBuAGEAbgB0ACAAY
wBlAHQAdABlACAAbABpAGMAZQBuAGMAZQAgAG8AdQAgAHEAdQBlACAAdgBvAHUAcwAgAGQA6QBzAGkAcg
BpAGUAegAgAHYAbwB1AHMAIABtAGUAdAB0AHIAZQAgAGUAbgAgAHIAYQBwAHAAbwByAHQAIABhAHYAZQB
jACAATQBpAGMAcgBvAHMAbwBmAHQAIABwAG8AdQByACAAcQB1AGUAbABxAHUAZQAgAHIAYQBpAHMAbwBu
ACAAcQB1AGUAIABjAGUAIABzAG8AaQB0ACwAIAB2AGUAdQBpAGwAbABlAHoAIABjAG8AbgB0AGEAYwB0A
GUAcgAgAGwAYQAgAHMAdQBjAGMAdQByAHMAYQBsAGUAIABNAGkAYwByAG8AcwBvAGYAdAAgAGQAZQBzAH
MAZQByAHYAYQBuAHQAIAB2AG8AdAByAGUAIABwAGEAeQBzACwAIABkAG8AbgB0ACAAbAAnAGEAZAByAGU
AcwBzAGUAIABlAHMAdAAgAGYAbwB1AHIAbgBpAGUAIABkAGEAbgBzACAAYwBlACAAcAByAG8AZAB1AGkA
dAAsACAAbwB1ACAA6QBjAHIAaQB2AGUAegAgAOAAIAA6ACAATQBpAGMAcgBvAHMAbwBmAHQAIABTAGEAb
ABlAHMAIABJAG4AZgBvAHIAbQBhAHQAaQBvAG4AIABDAGUAbgB0AGUAcgAsACAATwBuAGUAIABNAGkAYw
ByAG8AcwBvAGYAdAAgAFcAYQB5ACwAIABSAGUAZABtAG8AbgBkACwAIABXAGEAcwBoAGkAbgBnAHQAbwB
uACAAOQA4ADAANQAyAC0ANgAzADkAOQAuAAoACgBUAGgAZQAgAGYAbwBsAGwAbwB3AGkAbgBnACAATQBJ
AEMAUgBPAFMATwBGAFQAIABHAFUAQQBSAEEATgBUAEUARQAgAGEAcABwAGwAaQBlAHMAIAB0AG8AIAB5A
G8AdQAgAGkAZgAgAHkAbwB1ACAAYQBjAHEAdQBpAHIAZQBkACAAdABoAGkAcwAgAFMAbwBmAHQAdwBhAH
IAZQAgAGkAbgAgAGEAbgB5ACAAbwB0AGgAZQByACAAYwBvAHUAbgB0AHIAeQA6ACAAIAAgAAoAUwB0AGE
AdAB1AHQAbwByAHkAIAByAGkAZwBoAHQAcwAgAG4AbwB0ACAAYQBmAGYAZQBjAHQAZQBkACAALQAgAFQA
aABlACAAZgBvAGwAbABvAHcAaQBuAGcAIABnAHUAYQByAGEAbgB0AGUAZQAgAGkAcwAgAG4AbwB0ACAAc
gBlAHMAdAByAGkAYwB0AGUAZAAgAHQAbwAgAGEAbgB5ACAAdABlAHIAcgBpAHQAbwByAHkAIABhAG4AZA
AgAGQAbwBlAHMAIABuAG8AdAAgAGEAZgBmAGUAYwB0ACAAYQBuAHkAIABzAHQAYQB0AHUAdABvAHIAeQA
gAHIAaQBnAGgAdABzACAAdABoAGEAdAAgAHkAbwB1ACAAbQBhAHkAIABoAGEAdgBlACAAZgByAG8AbQAg
AHkAbwB1AHIAIAByAGUAcwBlAGwAbABlAHIAIABvAHIAIABmAHIAbwBtACAATQBpAGMAcgBvAHMAbwBmA
HQAIABpAGYAIAB5AG8AdQAgAGEAYwBxAHUAaQByAGUAZAAgAHQAaABlACAAUwBvAGYAdAB3AGEAcgBlAC
AAZABpAHIAZQBjAHQAbAB5ACAAZgByAG8AbQAgAE0AaQBjAHIAbwBzAG8AZgB0AC4AIAAgACAASQBmACA
AeQBvAHUAIABhAGMAcQB1AGkAcgBlAGQAIAB0AGgAZQAgAFMAbwBmAHQAdwBhAHIAZQAgAG8AcgAgAGEA
bgB5ACAAcwB1AHAAcABvAHIAdAAgAHMAZQByAHYAaQBjAGUAcwAgAGkAbgAgAEEAdQBzAHQAcgBhAGwAa
QBhACwAIABOAGUAdwAgAFoAZQBhAGwAYQBuAGQAIABvAHIAIABNAGEAbABhAHkAcwBpAGEALAAgAHAAbA
BlAGEAcwBlACAAcwBlAGUAIAB0AGgAZQAgACIAQwBvAG4AcwB1AG0AZQByACAAcgBpAGcAaAB0AHMAIgA
gAHMAZQBjAHQAaQBvAG4AIABiAGUAbABvAHcALgAgAAoAVABoAGUAIABnAHUAYQByAGEAbgB0AGUAZQAg
AC0AIABUAGgAZQAgAFMAbwBmAHQAdwBhAHIAZQAgAGkAcwAgAGQAZQBzAGkAZwBuAGUAZAAgAGEAbgBkA
CAAbwBmAGYAZQByAGUAZAAgAGEAcwAgAGEAIABnAGUAbgBlAHIAYQBsAC0AcAB1AHIAcABvAHMAZQAgAH
MAbwBmAHQAdwBhAHIAZQAsACAAbgBvAHQAIABmAG8AcgAgAGEAbgB5ACAAdQBzAGUAcgAnAHMAIABwAGE
AcgB0AGkAYwB1AGwAYQByACAAcAB1AHIAcABvAHMAZQAuACAAIABZAG8AdQAgAGEAYwBjAGUAcAB0ACAA
dABoAGEAdAAgAG4AbwAgAFMAbwBmAHQAdwBhAHIAZQAgAGkAcwAgAGUAcgByAG8AcgAgAGYAcgBlAGUAI
ABhAG4AZAAgAHkAbwB1ACAAYQByAGUAIABzAHQAcgBvAG4AZwBsAHkAIABhAGQAdgBpAHMAZQBkACAAdA
BvACAAYgBhAGMAawAtAHUAcAAgAHkAbwB1AHIAIABmAGkAbABlAHMAIAByAGUAZwB1AGwAYQByAGwAeQA
uACAAIABQAHIAbwB2AGkAZABlAGQAIAB0AGgAYQB0ACAAeQBvAHUAIABoAGEAdgBlACAAYQAgAHYAYQBs
AGkAZAAgAGwAaQBjAGUAbgBzAGUALAAgAE0AaQBjAHIAbwBzAG8AZgB0ACAAZwB1AGEAcgBhAG4AdABlA
GUAcwAgAHQAaABhAHQAIABhACkAIABmAG8AcgAgAGEAIABwAGUAcgBpAG8AZAAgAG8AZgAgADkAMAAgAG
QAYQB5AHMAIABmAHIAbwBtACAAdABoAGUAIABkAGEAdABlACAAbwBmACAAcgBlAGMAZQBpAHAAdAAgAG8
AZgAgAHkAbwB1AHIAIABsAGkAYwBlAG4AcwBlACAAdABvACAAdQBzAGUAIAB0AGgAZQAgAFMAbwBmAHQA
dwBhAHIAZQAgAG8AcgAgAHQAaABlACAAcwBoAG8AcgB0AGUAcwB0ACAAcABlAHIAaQBvAGQAIABwAGUAc
gBtAGkAdAB0AGUAZAAgAGIAeQAgAGEAcABwAGwAaQBjAGEAYgBsAGUAIABsAGEAdwAgAGkAdAAgAHcAaQ
BsAGwAIABwAGUAcgBmAG8AcgBtACAAcwB1AGIAcwB0AGEAbgB0AGkAYQBsAGwAeQAgAGkAbgAgAGEAYwB
jAG8AcgBkAGEAbgBjAGUAIAB3AGkAdABoACAAdABoAGUAIAB3AHIAaQB0AHQAZQBuACAAbQBhAHQAZQBy
AGkAYQBsAHMAIAB0AGgAYQB0ACAAYQBjAGMAbwBtAHAAYQBuAHkAIAB0AGgAZQAgAFMAbwBmAHQAdwBhA
HIAZQA7ACAAYQBuAGQAIABiACkAIABhAG4AeQAgAHMAdQBwAHAAbwByAHQAIABzAGUAcgB2AGkAYwBlAH
MAIABwAHIAbwB2AGkAZABlAGQAIABiAHkAIABNAGkAYwByAG8AcwBvAGYAdAAgAHMAaABhAGwAbAAgAGI
AZQAgAHMAdQBiAHMAdABhAG4AdABpAGEAbABsAHkAIABhAHMAIABkAGUAcwBjAHIAaQBiAGUAZAAgAGkA
bgAgAGEAcABwAGwAaQBjAGEAYgBsAGUAIAB3AHIAaQB0AHQAZQBuACAAbQBhAHQAZQByAGkAYQBsAHMAI
ABwAHIAbwB2AGkAZABlAGQAIAB0AG8AIAB5AG8AdQAgAGIAeQAgAE0AaQBjAHIAbwBzAG8AZgB0ACAAYQ
BuAGQAIABNAGkAYwByAG8AcwBvAGYAdAAgAHMAdQBwAHAAbwByAHQAIABlAG4AZwBpAG4AZQBlAHIAcwA
gAHcAaQBsAGwAIAB1AHMAZQAgAHIAZQBhAHMAbwBuAGEAYgBsAGUAIABlAGYAZgBvAHIAdABzACwAIABj
AGEAcgBlACAAYQBuAGQAIABzAGsAaQBsAGwAIAB0AG8AIABzAG8AbAB2AGUAIABhAG4AeQAgAHAAcgBvA
GIAbABlAG0AIABpAHMAcwB1AGUAcwAuACAAIABJAG4AIAB0AGgAZQAgAGUAdgBlAG4AdAAgAHQAaABhAH
QAIAB0AGgAZQAgAFMAbwBmAHQAdwBhAHIAZQAgAGYAYQBpAGwAcwAgAHQAbwAgAGMAbwBtAHAAbAB5ACA
AdwBpAHQAaAAgAHQAaABpAHMAIABnAHUAYQByAGEAbgB0AGUAZQAsACAATQBpAGMAcgBvAHMAbwBmAHQA
IAB3AGkAbABsACAAZQBpAHQAaABlAHIAIAAoAGEAKQAgAHIAZQBwAGEAaQByACAAbwByACAAcgBlAHAAb
ABhAGMAZQAgAHQAaABlACAAUwBvAGYAdAB3AGEAcgBlACAAbwByACAAKABiACkAIAByAGUAdAB1AHIAbg
AgAHQAaABlACAAcAByAGkAYwBlACAAeQBvAHUAIABwAGEAaQBkAC4AIAAgAFQAaABpAHMAIABnAHUAYQB
yAGEAbgB0AGUAZQAgAGkAcwAgAHYAbwBpAGQAIABpAGYAIABmAGEAaQBsAHUAcgBlACAAbwBmACAAdABo
AGUAIABTAG8AZgB0AHcAYQByAGUAIAByAGUAcwB1AGwAdABzACAAZgByAG8AbQAgAGEAYwBjAGkAZABlA
G4AdAAsACAAYQBiAHUAcwBlACAAbwByACAAbQBpAHMAYQBwAHAAbABpAGMAYQB0AGkAbwBuAC4AIAAgAE
EAbgB5ACAAcgBlAHAAbABhAGMAZQBtAGUAbgB0ACAAUwBvAGYAdAB3AGEAcgBlACAAdwBpAGwAbAAgAGI
AZQAgAGcAdQBhAHIAYQBuAHQAZQBlAGQAIABmAG8AcgAgAHQAaABlACAAcgBlAG0AYQBpAG4AZABlAHIA
IABvAGYAIAB0AGgAZQAgAG8AcgBpAGcAaQBuAGEAbAAgAGcAdQBhAHIAYQBuAHQAZQBlACAAcABlAHIAa
QBvAGQAIABvAHIAIAAzADAAIABkAGEAeQBzACwAIAB3AGgAaQBjAGgAZQB2AGUAcgAgAHAAZQByAGkAbw
BkACAAaQBzACAAbABvAG4AZwBlAHIALgAgACAAWQBvAHUAIABhAGcAcgBlAGUAIAB0AGgAYQB0ACAAdAB
oAGUAIABhAGIAbwB2AGUAIABnAHUAYQByAGEAbgB0AGUAZQAgAGkAcwAgAHkAbwB1AHIAIABzAG8AbABl
ACAAZwB1AGEAcgBhAG4AdABlAGUAIABpAG4AIAByAGUAbABhAHQAaQBvAG4AIAB0AG8AIAB0AGgAZQAgA
FMAbwBmAHQAdwBhAHIAZQAgAGEAbgBkACAAYQBuAHkAIABzAHUAcABwAG8AcgB0ACAAcwBlAHIAdgBpAG
MAZQBzAC4AIAAKAEUAeABjAGwAdQBzAGkAbwBuACAAbwBmACAAQQBsAGwAIABPAHQAaABlAHIAIABUAGU
AcgBtAHMAIAAtACAAVABvACAAdABoAGUAIABtAGEAeABpAG0AdQBtACAAZQB4AHQAZQBuAHQAIABwAGUA
cgBtAGkAdAB0AGUAZAAgAGIAeQAgAGEAcABwAGwAaQBjAGEAYgBsAGUAIABsAGEAdwAgAGEAbgBkACAAc
wB1AGIAagBlAGMAdAAgAHQAbwAgAHQAaABlACAAZwB1AGEAcgBhAG4AdABlAGUAIABhAGIAbwB2AGUALA
AgAE0AaQBjAHIAbwBzAG8AZgB0ACAAZABpAHMAYwBsAGEAaQBtAHMAIABhAGwAbAAgAHcAYQByAHIAYQB
uAHQAaQBlAHMALAAgAGMAbwBuAGQAaQB0AGkAbwBuAHMAIABhAG4AZAAgAG8AdABoAGUAcgAgAHQAZQBy
AG0AcwAsACAAZQBpAHQAaABlAHIAIABlAHgAcAByAGUAcwBzACAAbwByACAAaQBtAHAAbABpAGUAZAAgA
CgAdwBoAGUAdABoAGUAcgAgAGIAeQAgAHMAdABhAHQAdQB0AGUALAAgAGMAbwBtAG0AbwBuACAAbABhAH
cALAAgAGMAbwBsAGwAYQB0AGUAcgBhAGwAbAB5ACAAbwByACAAbwB0AGgAZQByAHcAaQBzAGUAKQAgAGk
AbgBjAGwAdQBkAGkAbgBnACAAYgB1AHQAIABuAG8AdAAgAGwAaQBtAGkAdABlAGQAIAB0AG8AIABpAG0A
cABsAGkAZQBkACAAdwBhAHIAcgBhAG4AdABpAGUAcwAgAG8AZgAgAHMAYQB0AGkAcwBmAGEAYwB0AG8Ac
gB5ACAAcQB1AGEAbABpAHQAeQAgAGEAbgBkACAAZgBpAHQAbgBlAHMAcwAgAGYAbwByACAAcABhAHIAdA
BpAGMAdQBsAGEAcgAgAHAAdQByAHAAbwBzAGUAIAB3AGkAdABoACAAcgBlAHMAcABlAGMAdAAgAHQAbwA
gAHQAaABlACAAUwBvAGYAdAB3AGEAcgBlACAAYQBuAGQAIAB0AGgAZQAgAHcAcgBpAHQAdABlAG4AIABt
AGEAdABlAHIAaQBhAGwAcwAgAHQAaABhAHQAIABhAGMAYwBvAG0AcABhAG4AeQAgAHQAaABlACAAUwBvA
GYAdAB3AGEAcgBlAC4AIAAgAEEAbgB5ACAAaQBtAHAAbABpAGUAZAAgAHcAYQByAHIAYQBuAHQAaQBlAH
MAIAB0AGgAYQB0ACAAYwBhAG4AbgBvAHQAIABiAGUAIABlAHgAYwBsAHUAZABlAGQAIABhAHIAZQAgAGw
AaQBtAGkAdABlAGQAIAB0AG8AIAA5ADAAIABkAGEAeQBzACAAbwByACAAdABvACAAdABoAGUAIABzAGgA
bwByAHQAZQBzAHQAIABwAGUAcgB"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\kazaa-lite.ws]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\kazaa-lite.ws]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\kazaa-lite.ws]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\kazaa-lite.ws]

; End Of The Log...
  • 0

#23
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
This should get rid of the last of those:
Clean up Registry with a Reg file:
  • Please open a new Notepad file by clicking Start\All Programs\Accessories\Notepad
  • Copy the text from the following Code box, by highlighting all the text and right click, Select Copy. (or use the Ctrl+C keyboard shortcut)
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\kazaa-lite.ws]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\kazaa-lite.ws]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\kazaa-lite.ws]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\kazaa-lite.ws]
  • Paste it into Notepad. Right click in the window and select Paste. (or use Ctrl+V)
  • Save the file to the Desktop, make sure Type is All Files, and name it Fixreg.reg
  • Double click on the file created and click Yes when asked to merge the information into the Registry


Next, I need you to download some tools and save them to your Desktop:
random's system information tool (RSIT) by random/random


Run RSIT:
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Cheers,

sage5
  • 0

#24
billanin

billanin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Logfile of random's system information tool (written by random/random)
Run by Bill at 2008-09-04 19:24:37
Microsoft Windows XP Professional Service Pack 2
System drive C: has 130 GB (83%) free of 157 GB
Total RAM: 1023 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:24:57 PM, on 9/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bill.HOME\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Bill.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.soundmax.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\ycomp5_3_16_0.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_3_16_0.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: axscanner - http://www.pestscan....r/axscanner.cab
O16 - DPF: axscannerruntime - http://www.pestscan....nnerruntime.cab
O16 - DPF: mscomctl - http://www.pestscan....er/mscomctl.cab
O16 - DPF: msvcp71 - http://download.pest...nts/msvcp71.cab
O16 - DPF: msvcr71 - http://download.pest...nts/msvcr71.cab
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfi...IOS/tgctlcm.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab3.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.aka...vex-2.2.4.1.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1168883847335
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://printaphoto.d...geUploader4.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://66.242.36.116...2/View22RTE.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.c...bio5_3_16_0.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton Ghost - Unknown owner - C:\Program Files\Norton Ghost\Agent\VProSvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymSnapService - Unknown owner - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe (file missing)
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

--
End of file - 12945 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Bill at 10 37 PM.job
C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Bill.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
C:\WINDOWS\tasks\Symantec Drmc.job
C:\WINDOWS\tasks\SyncToy.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Yahoo! Companion BHO - C:\WINDOWS\Downloaded Program Files\ycomp5_3_16_0.dll [2004-02-09 272978]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D}]
Verizon Broadband Toolbar - C:\WINDOWS\DOWNLO~1\vzbb.dll [2005-01-12 1111104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll [2008-06-30 349552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2008-08-20 116088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-05-04 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-04-07 734704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\WINDOWS\Downloaded Program Files\ycomp5_3_16_0.dll [2004-02-09 272978]
{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - Verizon Broadband Toolbar - C:\WINDOWS\DOWNLO~1\vzbb.dll [2005-01-12 1111104]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-05-04 2403392]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Show Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [2008-06-30 349552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2003-04-04 774144]
"LiveNote"=C:\WINDOWS\livenote.exe [2002-07-11 40960]
"anvshell"=C:\WINDOWS\anvshell.exe [2003-07-17 380928]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-04-08 155648]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-03-20 213936]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"nwiz"=C:\WINDOWS\system32\nwiz.exe [2008-05-16 1630208]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"WD Drive Manager"=C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe [2008-01-30 438272]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-01-25 51048]
"ASUS Probe"=C:\Program Files\ASUS\Probe\AsusProb.exe [2002-12-06 617984]
"cctray"=C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe [2008-07-18 181488]
"osCheck"=C:\Program Files\Norton Internet Security\osCheck.exe [2008-02-07 718704]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2006-11-07 50736]
"AIM"=C:\PROGRA~1\AIM\aim.exe [2006-08-01 67112]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-22 68856]
"Norton SystemWorks"=C:\Program Files\Norton SystemWorks\cfgwiz.exe [2004-09-09 132248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Probe]
C:\Program Files\ASUS\Probe\AsusProb.exe [2002-12-06 617984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-05-04 1862144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gStart]
C:\Garmin\gStart.exe [2007-07-20 1891416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2006-02-23 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe [2006-06-23 438359]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\System32\NeroCheck.exe [2001-06-11 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe [2007-02-20 366400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC Service Utility]
C:\Program Files\SSC Service Utility\ssc_serv.exe [2004-11-06 465408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-22 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe [2006-02-01 1880064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Billminder.lnk]
C:\PROGRA~1\QUICKENW\BILLMIND.EXE [2001-07-31 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE [2003-03-21 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^NETGEAR WG311v2 Smart Configuration.lnk]
C:\PROGRA~1\NETGEA~1\wlancfg5.exe [2004-10-14 450560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Quicken Startup.lnk]
C:\PROGRA~1\QUICKENW\QWDLLS.EXE [2001-07-31 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
C:\PROGRA~1\VERIZO~1\bin\matcli.exe [2002-08-06 204800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Bill.HOME^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-11-04 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Bill.HOME^Start Menu^Programs^Startup^WD Anywhere Backup Launcher.lnk]
C:\Documents and Settings\Bill.HOME\Application Data\Microsoft\Installer\{B9A81070-616D-4E93-BE02-CEE651343204}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe [2008-05-04 17542]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NProtectService"=2
"gusvc"=3
"GoogleDesktopManager"=3
"GEARSecurity"=2

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\SmartFTP Client\SmartFTP.exe"="C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

File associations

.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"

List of files/folders created in the last three months

2008-09-04 19:24:37 ----D---- C:\rsit
2008-08-28 20:02:10 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\MemeoCommon
2008-08-28 19:59:47 ----D---- C:\Program Files\Common Files\eSellerate
2008-08-27 22:13:01 ----D---- C:\regsearch
2008-08-26 20:46:02 ----D---- C:\ComboFix
2008-08-26 20:34:34 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-08-26 20:34:22 ----D---- C:\Program Files\SpywareBlaster
2008-08-21 18:33:18 ----A---- C:\ComboFix.txt
2008-08-21 18:22:03 ----A---- C:\WINDOWS\system32\javaws.exe
2008-08-21 18:22:02 ----A---- C:\WINDOWS\system32\javaw.exe
2008-08-21 18:22:02 ----A---- C:\WINDOWS\system32\java.exe
2008-08-21 18:21:18 ----D---- C:\Program Files\Common Files\Java
2008-08-20 20:01:58 ----D---- C:\Program Files\Windows Sidebar
2008-08-20 20:01:11 ----D---- C:\Program Files\Norton Internet Security
2008-08-18 21:42:38 ----D---- C:\WINDOWS\system32\NtmsData
2008-08-17 20:12:21 ----D---- C:\Documents and Settings\Bill.HOME\Application Data\Malwarebytes
2008-08-17 20:12:17 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-08-17 20:12:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-17 19:55:55 ----D---- C:\WINDOWS\ERUNT
2008-08-17 19:52:32 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-17 19:52:22 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-17 19:52:12 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-17 19:52:04 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-17 19:50:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-17 19:50:12 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-17 19:46:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-06 21:21:58 ----A---- C:\Boot.bak
2008-08-06 21:21:52 ----D---- C:\cmdcons
2008-08-06 21:21:24 ----D---- C:\WINDOWS\erdnt
2008-08-05 20:57:21 ----D---- C:\Program Files\Trend Micro
2008-08-04 22:49:40 ----HD---- C:\Config.msi
2008-08-04 22:47:21 ----D---- C:\Documents and Settings\Bill.HOME\Application Data\GetRightToGo
2008-08-04 22:36:33 ----D---- C:\Program Files\Common Files\Scanner
2008-08-04 22:36:13 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\CA
2008-08-04 22:36:06 ----D---- C:\Program Files\CA
2008-08-04 20:46:32 ----A---- C:\WINDOWS\wininit.ini
2008-08-04 20:17:00 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-08-04 20:17:00 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-08-04 17:32:24 ----A---- C:\WINDOWS\system32\9f7ec5a9-.txt
2008-07-29 19:54:11 ----D---- C:\WINDOWS\system32\URTTEMP
2008-07-29 18:20:19 ----D---- C:\Documents and Settings\Bill.HOME\Application Data\IsolatedStorage
2008-07-29 18:18:49 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\PowerQuest
2008-07-27 21:19:49 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2008-07-27 21:19:48 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2008-07-27 21:19:48 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2008-07-27 21:19:48 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2008-07-27 21:19:47 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2008-07-27 21:19:47 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2008-07-27 21:19:47 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2008-07-27 21:19:46 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2008-07-27 21:19:46 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2008-07-27 21:19:46 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2008-07-27 21:19:45 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2008-07-27 21:19:45 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2008-07-27 21:19:45 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2008-07-27 21:19:44 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2008-07-27 21:19:44 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2008-07-27 21:19:43 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2008-07-27 21:19:43 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2008-07-27 21:16:49 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2008-07-27 21:16:48 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2008-07-27 21:16:48 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2008-07-27 21:16:47 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2008-07-27 21:16:46 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2008-07-27 21:16:46 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2008-07-27 21:16:46 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2008-07-27 21:16:46 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2008-07-27 21:16:45 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2008-07-27 21:16:45 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2008-07-27 21:16:44 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2008-07-27 21:16:43 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2008-07-27 21:16:43 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2008-07-27 21:16:36 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2008-07-27 21:16:35 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2008-07-27 21:16:34 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2008-07-27 21:16:33 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2008-07-27 21:16:32 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2008-07-27 21:16:32 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2008-07-27 21:16:31 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2008-07-27 21:16:31 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2008-07-27 21:16:30 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2008-07-27 21:16:30 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2008-07-27 21:16:30 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2008-07-27 21:16:30 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-07-27 21:16:26 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2008-07-27 21:16:25 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-07-27 21:16:25 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-07-27 21:16:24 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-07-27 21:16:24 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2008-07-27 21:16:23 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-07-27 21:16:21 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2008-07-27 21:16:21 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2008-07-27 21:16:20 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2008-07-27 21:16:19 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2008-07-27 21:14:45 ----D---- C:\WINDOWS\Logs
2008-07-27 21:05:36 ----A---- C:\WINDOWS\RealFlight.INI
2008-07-27 20:46:53 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\NVIDIA
2008-07-27 20:43:00 ----A---- C:\WINDOWS\system32\nvudisp.exe
2008-07-27 20:42:42 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2008-07-27 20:42:28 ----D---- C:\NVIDIA
2008-07-23 18:57:49 ----D---- C:\Program Files\RealFlightG4
2008-07-23 18:57:47 ----D---- C:\Program Files\Common Files\KnifeEdge
2008-07-23 18:41:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-07-22 21:43:54 ----D---- C:\Documents and Settings\Bill.HOME\Application Data\GARMIN
2008-07-22 20:38:28 ----D---- C:\Documents and Settings\Bill.HOME\Application Data\Download Manager
2008-07-22 20:19:14 ----D---- C:\Program Files\SystemRequirementsLab
2008-06-20 03:00:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-06-13 14:45:48 ----A---- C:\WINDOWS\system32\SymNeti.dll
2008-06-13 14:45:44 ----A---- C:\WINDOWS\system32\SymRedir.dll
2008-06-11 03:00:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-06-11 03:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-06-11 03:00:33 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-06-11 03:00:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$

List of drivers

R1 asuskbnt;asuskbnt; C:\WINDOWS\System32\DRIVERS\asuskbnt.sys [2003-04-23 17150]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2008-01-31 43696]
R1 SYMTDI;SYMTDI; C:\WINDOWS\system32\System32\Drivers\SYMTDI.SYS []
R2 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []
R2 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\drivers\CO_Mon.sys []
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R2 v2imount;Symantec V2i Mount Driver; C:\WINDOWS\system32\DRIVERS\v2imount.sys [2008-01-19 38112]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-02-26 100032]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 EL2000;3Com 3C2000x EtherLink XL Adapter; C:\WINDOWS\System32\DRIVERS\EL2K_XP.sys [2003-04-17 147328]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GearAspiWDM; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-01-19 15664]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080904.023\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080904.023\NAVEX15.SYS []
R3 NeroCd2k;NeroCd2k; C:\WINDOWS\system32\drivers\NeroCd2k.sys [2001-04-16 44227]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 odysseyIM3;Odyssey Network Services Miniport; C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2005-03-19 62865]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2008-05-01 10368]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-04-24 555648]
R3 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2008-01-31 279088]
R3 SYMDNS;SYMDNS; C:\WINDOWS\system32\System32\Drivers\SYMDNS.SYS []
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\system32\System32\Drivers\SYMFW.SYS []
R3 SYMIDS;SYMIDS; C:\WINDOWS\system32\System32\Drivers\SYMIDS.SYS []
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\ipsdefs\20080902.004\SymIDSCo.sys []
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\system32\System32\Drivers\SYMNDIS.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\system32\System32\Drivers\SYMREDRV.SYS []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2007-10-01 11520]
S1 ANVIOCTL;ANVIOCTL; C:\WINDOWS\System32\DRIVERS\anvioctl.sys [2003-07-04 222020]
S2 tcaicchg;tcaicchg; \??\C:\WINDOWS\System32\tcaicchg.sys []
S2 TCAITDI;TCAITDI Protocol; C:\WINDOWS\System32\DRIVERS\TCAITDI.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 C-Dilla;C-Dilla; \??\C:\WINDOWS\System32\drivers\CDANT.SYS []
S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
S3 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
S3 grmnusb;grmnusb; C:\WINDOWS\system32\drivers\grmnusb.sys [2007-03-08 8320]
S3 hamachi_oem;PlayLinc Adapter; C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-09-27 10664]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-19 235100]
S3 MotoSwitchService;MotoSwitch Service; C:\WINDOWS\system32\DRIVERS\motswch.sys [2006-06-08 5632]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 netwg311;NETGEAR WG311v2 802.11g Wireless PCI Adapter; C:\WINDOWS\system32\DRIVERS\netwg311.sys [2004-06-18 386688]
S3 NPDriver;Norton Unerase Protection Driver; \??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS []
S3 P2k;Motorola USB Device; C:\WINDOWS\system32\DRIVERS\P2k.sys [2006-07-28 40960]
S3 SDdriver;SDdriver; \??\C:\WINDOWS\system32\Drivers\sddriver.sys []
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2008-01-31 317616]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-20 12800]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 VProEventMonitor;Symantec Event Monitor Driver; C:\WINDOWS\system32\DRIVERS\vproeventmonitor.sys [2008-01-19 15088]
S3 WimFltr;WimFltr; C:\WINDOWS\system32\DRIVERS\wimfltr.sys [2008-01-19 128104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

List of services

R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-02-09 238968]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-25 149864]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-25 149864]
R2 C-DillaSrv;C-DillaSrv; C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE [2001-09-10 32256]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-25 149864]
R2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe [2007-09-26 283912]
R2 LiveUpdate Notice;LiveUpdate Notice; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-25 149864]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 Speed Disk service;Speed Disk service; C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE [2004-08-30 181416]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider; C:\WINDOWS\system32\dllhost.exe [2004-08-04 5120]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-01-30 106496]
R3 CaCCProvSP;CaCCProvSP; C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe [2008-07-18 214256]
R3 PPCtlPriv;PPCtlPriv; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2008-04-10 185608]
R3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-08-20 1245064]
S2 Norton Ghost;Norton Ghost; C:\Program Files\Norton Ghost\Agent\VProSvc.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-01-15 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2004-08-27 78968]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-08-22 55640]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Imapi Helper;Imapi Helper; C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe [2006-01-05 163840]
S3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2006-02-23 323584]
S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2008-08-04 3220856]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2004-03-15 68096]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SymSnapService;SymSnapService; C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe []
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 AutoSyncService;Memeo AutoSync ; C:\Program Files\Memeo\AutoSync\MemeoService.exe [2007-07-06 31768]
S4 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-05-04 1862144]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-01 138168]
S4 NProtectService;Norton Unerase Protection; C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE [2004-08-30 95328]

-----------------EOF-----------------
info.txt logfile of random's system information tool 2008-09-04 19:25:00

Uninstall list

-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
-->C:\PROGRA~1\VERIZO~1\Uninstall.exe Verizon
-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF00BF-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF00C6-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF00D1-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF03D9-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3Com NIC Diagnostics-->un3cdiag.exe /remove
ACDSee 9 Photo Manager-->MsiExec.exe /I{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}
Acez All Audio Converter v3.0-->"C:\Program Files\Acez All Audio Converter\unins000.exe"
Adobe Acrobat 4.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe Atmosphere Player for Acrobat and Adobe Reader-->C:\WINDOWS\atmoUn.exe
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Stock Photos 1.0-->MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
AIM 6.0-->C:\Program Files\AIM6\uninst.exe
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
ASUS Display Drivers-->C:\WINDOWS\anvunis.exe
ASUS Probe V2.20.07-->C:\WINDOWS\uninst.exe -f"C:\Program Files\ASUS\Probe\DeIsL1.isu" -c"C:\Program Files\ASUS\Probe\probunis.dll"
BUM-->MsiExec.exe /I{55937F00-A69B-4049-8D3A-1C7729742B6F}
CA Anti-Spyware-->"C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\setup\ccinstaller.exe" /u /silent /module="pp"
CA Anti-Spyware-->"C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /u /product=pp
CA Pest Patrol Realtime Protection-->MsiExec.exe /X{F05A5232-CE5E-4274-AB27-44EB8105898D}
Canon Camera Window for ZoomBrowser EX-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A833A505-4D7A-41F5-9362-A2F8DFFE6E9B}
Canon EOS 10D WIA Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{095659A2-739F-4D9A-A916-66C7CAD16F9E}
Canon EOS Kiss REBEL 300D WIA Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{31A57C3E-30DD-421F-B5C7-974DACB0D05F}
Canon PhotoRecord-->C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\Canon\PhotoRecord\Uninst.isu -c"C:\PROGRA~1\Canon\PhotoRecord\Program\uninstdll.dll"
Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities File Viewer Utility 1.3-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{74344F10-34CA-480E-BD02-B3F4FA692BFA}
Canon Utilities PhotoStitch 3.1-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F11A403B-0DE9-4953-B790-7A2F014FBB2B}
Canon Utilities RemoteCapture 2.7-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{EF91B23E-3819-43A1-AE47-043E1900EB2B}
Canon Utilities ZoomBrowser EX-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
ccCommon-->MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
ccCommon-->MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
C-Dilla Licence Management System-->C:\C_DILLA\setup\cdunin16.exe
CKRename-->"C:\Program Files\CKRename\Uninstal.exe"
Color LaserJet 1600-->C:\Program Files\Zenographics\{4C435209-0A01-4911-B62F-925A84C5D584}\setup.exe -u "HPCLJKCInstaller.dll=CLJ1600.INF"
Component Framework-->MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
Corel Graphics Suite 11-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{07A540AB-D785-11D5-8E89-0090275862A0}
CrossLoop 2.0-->"C:\Program Files\CrossLoop\unins000.exe"
DivX Converter-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
FileZilla Client 3.0.9.2-->C:\Program Files\FileZilla FTP Client\uninstall.exe
FormTool Express v5-->MsiExec.exe /I{9820D067-F61D-4F0A-930E-1F30C3E50304}
Garmin City Navigator North America NT 2009 Update-->MsiExec.exe /X{DAFCC5EF-E4D0-47EF-8E4B-168B3644A1E3}
Garmin City Navigator North America NT v8-->MsiExec.exe /X{5301C483-40FB-4F94-B56E-D7D5A114D2F6}
Garmin MapSource-->MsiExec.exe /X{DF4B49A6-C31A-4D68-8983-505EC9334A63}
Garmin POI Loader-->MsiExec.exe /X{DFA1E2C8-A9DE-4B99-8B3C-866664B5F67C}
Garmin POI Loader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{08E4AE58-748D-4983-9B8A-495E2341769F}\setup.exe" -l0x9
Garmin USB Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C24C3F25-CC7F-41D5-B03D-24F8059BABAD}\setup.exe" -l0x9 AddRemove
Garmin WebUpdater-->MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5}
Garmin WebUpdater-->MsiExec.exe /X{996EC44B-38E1-4898-8E47-3EE3D15F2712}
Garmin WebUpdater-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2FD94FBC-07AE-475C-B522-BFE899B9048E}\setup.exe" -l0x9
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Firefox-->MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->C:\WINDOWS\$hf_mig$\KB834707\spuninst.exe
Hotfix for Windows Media Player 11 (KB93
  • 0

#25
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi billanin,
That log file got cut off at

Hotfix for Windows Media Format 11 SDK (KB929399)-->C:\WINDOWS\$hf_mig$\KB834707\spuninst.exe
Hotfix for Windows Media Player 11 (KB93


Can you paste me the rest of the log please?

Cheers,

sage5
  • 0

Advertisements


#26
billanin

billanin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hey Sage:

I had to re-run RSIT --- The info log is not coming up...
I do have the log file.
Here it is.

Logfile of random's system information tool (written by random/random)
Run by Bill at 2008-09-06 08:24:42
Microsoft Windows XP Professional Service Pack 2
System drive C: has 129 GB (82%) free of 157 GB
Total RAM: 1023 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:24:54 AM, on 9/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Bill.HOME\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Bill.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.soundmax.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\ycomp5_3_16_0.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_3_16_0.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: axscanner - http://www.pestscan....r/axscanner.cab
O16 - DPF: axscannerruntime - http://www.pestscan....nnerruntime.cab
O16 - DPF: mscomctl - http://www.pestscan....er/mscomctl.cab
O16 - DPF: msvcp71 - http://download.pest...nts/msvcp71.cab
O16 - DPF: msvcr71 - http://download.pest...nts/msvcr71.cab
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfi...IOS/tgctlcm.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab3.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.aka...vex-2.2.4.1.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1168883847335
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://printaphoto.d...geUploader4.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://66.242.36.116...2/View22RTE.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.c...bio5_3_16_0.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton Ghost - Unknown owner - C:\Program Files\Norton Ghost\Agent\VProSvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymSnapService - Unknown owner - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe (file missing)
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

--
End of file - 13001 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Bill at 10 37 PM.job
C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Bill.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
C:\WINDOWS\tasks\Symantec Drmc.job
C:\WINDOWS\tasks\SyncToy.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Yahoo! Companion BHO - C:\WINDOWS\Downloaded Program Files\ycomp5_3_16_0.dll [2004-02-09 272978]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D}]
Verizon Broadband Toolbar - C:\WINDOWS\DOWNLO~1\vzbb.dll [2005-01-12 1111104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll [2008-06-30 349552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2008-08-20 116088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-05-04 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-04-07 734704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\WINDOWS\Downloaded Program Files\ycomp5_3_16_0.dll [2004-02-09 272978]
{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - Verizon Broadband Toolbar - C:\WINDOWS\DOWNLO~1\vzbb.dll [2005-01-12 1111104]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-05-04 2403392]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Show Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [2008-06-30 349552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2003-04-04 774144]
"LiveNote"=C:\WINDOWS\livenote.exe [2002-07-11 40960]
"anvshell"=C:\WINDOWS\anvshell.exe [2003-07-17 380928]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-04-08 155648]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-03-20 213936]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"nwiz"=C:\WINDOWS\system32\nwiz.exe [2008-05-16 1630208]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"WD Drive Manager"=C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe [2008-01-30 438272]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-01-25 51048]
"ASUS Probe"=C:\Program Files\ASUS\Probe\AsusProb.exe [2002-12-06 617984]
"cctray"=C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe [2008-07-18 181488]
"osCheck"=C:\Program Files\Norton Internet Security\osCheck.exe [2008-02-07 718704]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2006-11-07 50736]
"AIM"=C:\PROGRA~1\AIM\aim.exe [2006-08-01 67112]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-22 68856]
"Norton SystemWorks"=C:\Program Files\Norton SystemWorks\cfgwiz.exe [2004-09-09 132248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Probe]
C:\Program Files\ASUS\Probe\AsusProb.exe [2002-12-06 617984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-05-04 1862144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gStart]
C:\Garmin\gStart.exe [2007-07-20 1891416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2006-02-23 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe [2006-06-23 438359]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\System32\NeroCheck.exe [2001-06-11 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe [2007-02-20 366400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC Service Utility]
C:\Program Files\SSC Service Utility\ssc_serv.exe [2004-11-06 465408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-22 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe [2006-02-01 1880064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Billminder.lnk]
C:\PROGRA~1\QUICKENW\BILLMIND.EXE [2001-07-31 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE [2003-03-21 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^NETGEAR WG311v2 Smart Configuration.lnk]
C:\PROGRA~1\NETGEA~1\wlancfg5.exe [2004-10-14 450560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Quicken Startup.lnk]
C:\PROGRA~1\QUICKENW\QWDLLS.EXE [2001-07-31 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
C:\PROGRA~1\VERIZO~1\bin\matcli.exe [2002-08-06 204800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Bill.HOME^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-11-04 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Bill.HOME^Start Menu^Programs^Startup^WD Anywhere Backup Launcher.lnk]
C:\Documents and Settings\Bill.HOME\Application Data\Microsoft\Installer\{B9A81070-616D-4E93-BE02-CEE651343204}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe [2008-05-04 17542]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NProtectService"=2
"gusvc"=3
"GoogleDesktopManager"=3
"GEARSecurity"=2

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\SmartFTP Client\SmartFTP.exe"="C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

File associations

.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"

List of files/folders created in the last three months

2008-09-04 19:24:37 ----D---- C:\rsit
2008-08-28 20:02:10 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\MemeoCommon
2008-08-28 19:59:47 ----D---- C:\Program Files\Common Files\eSellerate
2008-08-27 22:13:01 ----D---- C:\regsearch
2008-08-26 20:46:02 ----D---- C:\ComboFix
2008-08-26 20:34:34 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-08-26 20:34:22 ----D---- C:\Program Files\SpywareBlaster
2008-08-21 18:33:18 ----A---- C:\ComboFix.txt
2008-08-21 18:22:03 ----A---- C:\WINDOWS\system32\javaws.exe
2008-08-21 18:22:02 ----A---- C:\WINDOWS\system32\javaw.exe
2008-08-21 18:22:02 ----A---- C:\WINDOWS\system32\java.exe
2008-08-21 18:21:18 ----D---- C:\Program Files\Common Files\Java
2008-08-20 20:01:58 ----D---- C:\Program Files\Windows Sidebar
2008-08-20 20:01:11 ----D---- C:\Program Files\Norton Internet Security
2008-08-18 21:42:38 ----D---- C:\WINDOWS\system32\NtmsData
2008-08-17 20:12:21 ----D---- C:\Documents and Settings\Bill.HOME\Application Data\Malwarebytes
2008-08-17 20:12:17 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-08-17 20:12:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-17 19:55:55 ----D---- C:\WINDOWS\ERUNT
2008-08-17 19:52:32 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-17 19:52:22 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-17 19:52:12 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-17 19:52:04 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-17 19:50:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-17 19:50:12 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-17 19:46:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-06 21:21:58 ----A---- C:\Boot.bak
2008-08-06 21:21:52 ----D---- C:\cmdcons
2008-08-06 21:21:24 ----D---- C:\WINDOWS\erdnt
2008-08-05 20:57:21 ----D---- C:\Program Files\Trend Micro
2008-08-04 22:49:40 ----HD---- C:\Config.msi
2008-08-04 22:47:21 ----D---- C:\Documents and Settings\Bill.HOME\Application Data\GetRightToGo
2008-08-04 22:36:33 ----D---- C:\Program Files\Common Files\Scanner
2008-08-04 22:36:13 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\CA
2008-08-04 22:36:06 ----D---- C:\Program Files\CA
2008-08-04 20:46:32 ----A---- C:\WINDOWS\wininit.ini
2008-08-04 20:17:00 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-08-04 20:17:00 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-08-04 17:32:24 ----A---- C:\WINDOWS\system32\9f7ec5a9-.txt
2008-07-29 19:54:11 ----D---- C:\WINDOWS\system32\URTTEMP
2008-07-29 18:20:19 ----D---- C:\Documents and Settings\Bill.HOME\Application Data\IsolatedStorage
2008-07-29 18:18:49 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\PowerQuest
2008-07-27 21:19:49 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2008-07-27 21:19:48 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2008-07-27 21:19:48 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2008-07-27 21:19:48 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2008-07-27 21:19:47 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2008-07-27 21:19:47 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2008-07-27 21:19:47 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2008-07-27 21:19:46 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2008-07-27 21:19:46 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2008-07-27 21:19:46 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2008-07-27 21:19:45 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2008-07-27 21:19:45 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2008-07-27 21:19:45 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2008-07-27 21:19:44 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2008-07-27 21:19:44 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2008-07-27 21:19:43 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2008-07-27 21:19:43 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2008-07-27 21:16:49 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2008-07-27 21:16:48 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2008-07-27 21:16:48 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2008-07-27 21:16:47 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2008-07-27 21:16:46 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2008-07-27 21:16:46 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2008-07-27 21:16:46 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2008-07-27 21:16:46 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2008-07-27 21:16:45 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2008-07-27 21:16:45 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2008-07-27 21:16:44 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2008-07-27 21:16:43 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2008-07-27 21:16:43 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2008-07-27 21:16:36 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2008-07-27 21:16:35 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2008-07-27 21:16:34 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2008-07-27 21:16:33 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2008-07-27 21:16:32 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2008-07-27 21:16:32 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2008-07-27 21:16:31 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2008-07-27 21:16:31 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2008-07-27 21:16:30 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2008-07-27 21:16:30 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2008-07-27 21:16:30 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2008-07-27 21:16:30 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-07-27 21:16:26 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2008-07-27 21:16:25 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-07-27 21:16:25 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-07-27 21:16:24 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-07-27 21:16:24 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2008-07-27 21:16:23 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-07-27 21:16:21 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2008-07-27 21:16:21 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2008-07-27 21:16:20 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2008-07-27 21:16:19 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2008-07-27 21:14:45 ----D---- C:\WINDOWS\Logs
2008-07-27 21:05:36 ----A---- C:\WINDOWS\RealFlight.INI
2008-07-27 20:46:53 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\NVIDIA
2008-07-27 20:43:00 ----A---- C:\WINDOWS\system32\nvudisp.exe
2008-07-27 20:42:42 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2008-07-27 20:42:28 ----D---- C:\NVIDIA
2008-07-23 18:57:49 ----D---- C:\Program Files\RealFlightG4
2008-07-23 18:57:47 ----D---- C:\Program Files\Common Files\KnifeEdge
2008-07-23 18:41:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-07-22 21:43:54 ----D---- C:\Documents and Settings\Bill.HOME\Application Data\GARMIN
2008-07-22 20:38:28 ----D---- C:\Documents and Settings\Bill.HOME\Application Data\Download Manager
2008-07-22 20:19:14 ----D---- C:\Program Files\SystemRequirementsLab
2008-06-20 03:00:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-06-13 14:45:48 ----A---- C:\WINDOWS\system32\SymNeti.dll
2008-06-13 14:45:44 ----A---- C:\WINDOWS\system32\SymRedir.dll
2008-06-11 03:00:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-06-11 03:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-06-11 03:00:33 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-06-11 03:00:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$

List of drivers

R1 asuskbnt;asuskbnt; C:\WINDOWS\System32\DRIVERS\asuskbnt.sys [2003-04-23 17150]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2008-01-31 43696]
R1 SYMTDI;SYMTDI; C:\WINDOWS\system32\System32\Drivers\SYMTDI.SYS []
R2 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []
R2 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\drivers\CO_Mon.sys []
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R2 v2imount;Symantec V2i Mount Driver; C:\WINDOWS\system32\DRIVERS\v2imount.sys [2008-01-19 38112]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-02-26 100032]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 EL2000;3Com 3C2000x EtherLink XL Adapter; C:\WINDOWS\System32\DRIVERS\EL2K_XP.sys [2003-04-17 147328]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GearAspiWDM; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-01-19 15664]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080905.041\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080905.041\NAVEX15.SYS []
R3 NeroCd2k;NeroCd2k; C:\WINDOWS\system32\drivers\NeroCd2k.sys [2001-04-16 44227]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 odysseyIM3;Odyssey Network Services Miniport; C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2005-03-19 62865]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2008-05-01 10368]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-04-24 555648]
R3 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2008-01-31 279088]
R3 SYMDNS;SYMDNS; C:\WINDOWS\system32\System32\Drivers\SYMDNS.SYS []
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\system32\System32\Drivers\SYMFW.SYS []
R3 SYMIDS;SYMIDS; C:\WINDOWS\system32\System32\Drivers\SYMIDS.SYS []
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\ipsdefs\20080905.002\SymIDSCo.sys []
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\system32\System32\Drivers\SYMNDIS.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\system32\System32\Drivers\SYMREDRV.SYS []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2007-10-01 11520]
S1 ANVIOCTL;ANVIOCTL; C:\WINDOWS\System32\DRIVERS\anvioctl.sys [2003-07-04 222020]
S2 tcaicchg;tcaicchg; \??\C:\WINDOWS\System32\tcaicchg.sys []
S2 TCAITDI;TCAITDI Protocol; C:\WINDOWS\System32\DRIVERS\TCAITDI.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 C-Dilla;C-Dilla; \??\C:\WINDOWS\System32\drivers\CDANT.SYS []
S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
S3 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
S3 grmnusb;grmnusb; C:\WINDOWS\system32\drivers\grmnusb.sys [2007-03-08 8320]
S3 hamachi_oem;PlayLinc Adapter; C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-09-27 10664]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-19 235100]
S3 MotoSwitchService;MotoSwitch Service; C:\WINDOWS\system32\DRIVERS\motswch.sys [2006-06-08 5632]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 netwg311;NETGEAR WG311v2 802.11g Wireless PCI Adapter; C:\WINDOWS\system32\DRIVERS\netwg311.sys [2004-06-18 386688]
S3 NPDriver;Norton Unerase Protection Driver; \??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS []
S3 P2k;Motorola USB Device; C:\WINDOWS\system32\DRIVERS\P2k.sys [2006-07-28 40960]
S3 SDdriver;SDdriver; \??\C:\WINDOWS\system32\Drivers\sddriver.sys []
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2008-01-31 317616]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-20 12800]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 VProEventMonitor;Symantec Event Monitor Driver; C:\WINDOWS\system32\DRIVERS\vproeventmonitor.sys [2008-01-19 15088]
S3 WimFltr;WimFltr; C:\WINDOWS\system32\DRIVERS\wimfltr.sys [2008-01-19 128104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

List of services

R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-02-09 238968]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-25 149864]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-25 149864]
R2 C-DillaSrv;C-DillaSrv; C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE [2001-09-10 32256]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-25 149864]
R2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe [2007-09-26 283912]
R2 LiveUpdate Notice;LiveUpdate Notice; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-25 149864]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 Speed Disk service;Speed Disk service; C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE [2004-08-30 181416]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider; C:\WINDOWS\system32\dllhost.exe [2004-08-04 5120]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-01-30 106496]
R3 CaCCProvSP;CaCCProvSP; C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe [2008-07-18 214256]
R3 PPCtlPriv;PPCtlPriv; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2008-04-10 185608]
R3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-08-20 1245064]
S2 Norton Ghost;Norton Ghost; C:\Program Files\Norton Ghost\Agent\VProSvc.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-01-15 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2004-08-27 78968]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-08-22 55640]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Imapi Helper;Imapi Helper; C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe [2006-01-05 163840]
S3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2006-02-23 323584]
S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2008-08-04 3220856]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2004-03-15 68096]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SymSnapService;SymSnapService; C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe []
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 AutoSyncService;Memeo AutoSync ; C:\Program Files\Memeo\AutoSync\MemeoService.exe [2007-07-06 31768]
S4 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-05-04 1862144]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-01 138168]
S4 NProtectService;Norton Unerase Protection; C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE [2004-08-30 95328]

-----------------EOF-----------------
  • 0

#27
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi billanin

Congratulations, your new log looks clear, so we can now deal with some final clean up jobs.

Clean out cookies, temp files etc:
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
    • Click the Empty Selected button.

      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
    • Click the Empty Selected button.

      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Time for some housekeeping:
  • Follow these steps to uninstall Combofix and tools used in the removal of malware
    • Click START then RUN
    • Now type Combofix /u in the runbox and click OK. Note the space between the X and the /u, it needs to be there.
      Posted Image


    To Clear Restore points, please do the following:
    • Go to Start > Control Panel.
    • Double-click the System icon.
      [list]NOTE: If the System icon is not visible, click "View all Control Panel options" to display it.
  • Click the System Restore tab.
  • Put a check by Disable System Restore.
  • Click Apply, OK, OK. Click Yes when you are prompted to restart Windows.
After reboot, you must turn System Restore back on:
  • Go back to the Troubleshooting tab.
  • UNcheck Disable System Restore.
  • Click Apply, OK, OK. Click Yes when you are prompted to restart Windows.

Lastly, some extra or better security for your PC:

The programs recommended below are freeware alternatives to some of your security software & might reduce the potential for spyware infection in the future:-

Spyware Prevention:
Spyware Blaster by JavaCool Software, prevents spyware installing and consumes no system resources.
IE/SpyAd, stops suspect sites loading ActiveX, popups etc onto your PC. An excellent tutorial is Here

Spyware Detection:
[url="http://"http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.htm"]Malwarebytes Anti-Malware[/url] is my favourite here.

Anti-Virus:
The first line of defence, especially since some will now detect trojans as well.
Avira's Antivir PersonalEdition Classic and Grisoft's Avast! Free Edition are among the best freebies.
*Please note* You should never install more than one anti-virus program on a PC, as it will cause conflicts.

Firewall:
A Firewall is an essential tool in the security of any PC connected to the Internet.
Sunbelt Personal Firewall and Comodo are both excellent freeware.

Alternate Browsers:
Thankfully, there are now some excellent alternatives to MS Internet Explorer. They offer better security, more stability, and better speed.
A couple of good examples are: Firefox and Opera

Other Updates:
Vital security patches and updates are available for Microsoft Windows and Internet Explorer at the Windows Update Site
It is equally important to update the other security software you use, on a regular basis.

Further reading about these issues is available in a very good article: How did I get infected in the first place ? (by Tony Klein and dvk01)

All the best & safe surfing in the future,

sage5
  • 0

#28
billanin

billanin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Thanks once again for all of your help. I cannot get over the attention to detail and prompt follow up.
Regards,
Bill
  • 0

#29
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
You are very welcome billanin :)

All the best,

sage5
  • 0

#30
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP