Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Constant attempts to access malware IPs

Started by therealex , May 18 2010 09:15 PM

  • This topic is locked This topic is locked

#16
therealex
Posted 22 May 2010 - 10:20 PM

therealex

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 112 posts
And I just got a message that the "setup" file in Windows/temp is back. We seem to be back where we started.
  • 0

Advertisements

#17
Mjöllnir
Posted 22 May 2010 - 11:05 PM

Mjöllnir

    Trusted Helper

  • Retired Staff
  • 1,207 posts

We seem to be back where we started.

Not quite where we started.



Let's see if this will work. Run the two scans separately.


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
[2005/11/17 12:01:14 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?´) -- C:\WINDOWS\System32\´
[2005/11/17 12:01:13 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?´) -- C:\WINDOWS\System32\´

:Files
C:\WINDOWS\System32\?´ /u
C:\WINDOWS\System32\´ /u

:Commands
[emptytemp]
[start explorer]
[reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log it produces in your next reply.



Post the fix log.




Run OTL
  • Click the None button
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    procexp90.Sys /s
  • Then click the Run Scan button at the top
  • Let the program run unhindered
  • Post the log it produces



Post the scan log.
  • 0

#18
therealex
Posted 23 May 2010 - 08:36 AM

therealex

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 112 posts
Here's the OTL log after the fix - I guess moving that line to a separate scan did the trick:

All processes killed
========== OTL ==========
C:\WINDOWS\System32\´ folder moved successfully.
Folder C:\WINDOWS\System32\´\ not found.
========== FILES ==========
File\Folder C:\WINDOWS\System32\?´ not found.
File\Folder C:\WINDOWS\System32\´ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Application Data

User: Default User

User: Guest

User: LocalService

User: Music

User: Music.RUSSELL

User: NetworkService

User: Russell Alexander

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
Session Manager Temp folder emptied: 0 bytes
Session Manager Tmp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 10966099 bytes

Total Files Cleaned = 10.00 mb


OTL by OldTimer - Version 3.2.5.0 log created on 05232010_101121

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

And here's the scan:
OTL logfile created on: 5/23/2010 10:28:47 AM - Run 3
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Russell Alexander\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.02 Gb Total Space | 14.35 Gb Free Space | 29.88% Space Free | Partition Type: NTFS
Drive D: | 12.65 Gb Total Space | 3.03 Gb Free Space | 23.97% Space Free | Partition Type: FAT32
Drive E: | 35.94 Gb Total Space | 23.97 Gb Free Space | 66.68% Space Free | Partition Type: NTFS
Drive F: | 35.74 Gb Total Space | 20.18 Gb Free Space | 56.46% Space Free | Partition Type: NTFS
Drive G: | 35.80 Gb Total Space | 22.72 Gb Free Space | 63.47% Space Free | Partition Type: NTFS
Drive H: | 35.79 Gb Total Space | 13.67 Gb Free Space | 38.20% Space Free | Partition Type: NTFS
Drive I: | 41.59 Gb Total Space | 31.77 Gb Free Space | 76.39% Space Free | Partition Type: NTFS
Drive J: | 10.65 Gb Total Space | 3.62 Gb Free Space | 34.01% Space Free | Partition Type: FAT32
Drive K: | 8.65 Gb Total Space | 3.08 Gb Free Space | 35.65% Space Free | Partition Type: FAT32
Drive L: | 11.74 Gb Total Space | 2.54 Gb Free Space | 21.60% Space Free | Partition Type: FAT32
Drive M: | 9.47 Gb Total Space | 4.89 Gb Free Space | 51.66% Space Free | Partition Type: FAT32
Drive N: | 21.32 Gb Total Space | 4.09 Gb Free Space | 19.19% Space Free | Partition Type: FAT32
Drive O: | 2.49 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive Q: | 465.76 Gb Total Space | 287.04 Gb Free Space | 61.63% Space Free | Partition Type: NTFS
Drive W: | 149.05 Gb Total Space | 64.38 Gb Free Space | 43.20% Space Free | Partition Type: NTFS

Computer Name: RUSSELL
Current User Name: Russell Alexander
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Custom Scans ==========


< procexp90.Sys /s >
< End of report >

At this point, the "phantom" broadcasts are back - snips of advertisements suddenly being broadcasted. Also, the setup file is again being regenerated on a regular basis, but is being caught by AVAST! instead of MBAM. And, MBAM is blocking numerous attempts to access what it believes are dangerous IPs.

In other words, it's exactly the same conditions as when I first posted. The only program I have run, aside from Firefox and Chrome, is Quickbooks (which hung) and a game called Painkiller, which also bombed out. Both are legit.
  • 0

#19
therealex
Posted 23 May 2010 - 10:41 AM

therealex

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 112 posts
At this point, I have to pull the plug. I can't even boot up now - I get an NTLoader error. Fortunately, I have a back up drive(although it's from 4/10) that I've installed temporarily. I've copied everything since 4/10 on to that, as far as documents, .pst file, etc.

I noticed on my E: partition there were a number of unusual directories that I certainly didn't put there. It may be that the kit spread out through the whole hard drive itself, and left bits of itself all over.

At any rate, hopefully the 4/10 drive is virus free. If it's alright with you, I'd like to run an OTL scan and post the results. I'm going to reformat the original drive, low-level if I can, and then do a re-image from the 4/10 drive.

I've saved all the logs and scripts for reference.

People ask me how I know so much about computers. It's stuff like this that educates me - I seem to get insanely complex problems that nobody else has!

Again, thank you for all your time. I hope you will agree to spend just a bit more and review the scan once I have everything sorted, later on today.
  • 0

#20
myrti
Posted 23 May 2010 - 01:50 PM

myrti

    Expert

  • Expert
  • 2,580 posts
Hi,

very sorry to hear that. I hope that your second hard drive is actually clean.

Mjöllnir is currently unavailable and I am covering his logs. Do you want me to keep this thread open and do you want to check out the fresh install or should I go ahead and close your topic?

regards myrti
  • 0

#21
therealex
Posted 23 May 2010 - 08:22 PM

therealex

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 112 posts
Thanks, and please give my regards to Mjöllnir. I have recovered the drive using my backup, and guess what? Still getting c:\windows\temp\setup.exe regenerating.

Now, this didn't happen from the backup drive, leaving a good question: is there some kind of rootkit that managed to survive an overwrite?

I used Acronis True Image Home to wipe the drive. It took two hours, overwriting everything with zeroes. I figured this was as good as a low level format.

Was I wrong?

I would like to keep this thread open. It turns out that the NTLoader error was caused by a BIOS issue - it put one of the other two drives as the boot drive, for no apparent reason, and then didn't go down the list when it didn't work. However, this gives a great opportunity to see what the heck this weird thing is - some new rootkit? An odd variant?

My system has three SATA drives and one USB drive. Two of the SATA drives are partitioned into C, E, F, G, H & I, and D, J, K, L, M & N (respectively). The other is Q. The USB is W, for whatever reason.

I can run an OTL scan - I'm hoping that the previous issues will not re-occur, but who knows? In a worst case scenario, I'll buy a new drive and see what happens. Let me know if it's okay to run a scan, and what parameters you would prefer.
  • 0

#22
myrti
Posted 25 May 2010 - 06:59 AM

myrti

    Expert

  • Expert
  • 2,580 posts
Hi,

please try to run OTL again, let me know if it freezes.

Please also upload setup.exe to jotti:
Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

C:\windows\temp\setup.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

Do you use P2P or icq and good that be causing the connections Malwarebytes warns you about? Do you get these kind of warnings when no program is connected to the internet? (Meaning, if you have them, your browser, mail client, IM client, p2p programs, rss-feeds and so on are all closed)

regards myrti
  • 0

#23
therealex
Posted 25 May 2010 - 10:35 AM

therealex

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 112 posts
Hi Myrti,

Here's the OTL log:
OTL logfile created on: 5/25/2010 11:53:23 AM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Russell Alexander\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.04 Gb Total Space | 14.16 Gb Free Space | 29.49% Space Free | Partition Type: NTFS
Drive D: | 12.65 Gb Total Space | 3.03 Gb Free Space | 23.97% Space Free | Partition Type: FAT32
Drive E: | 35.94 Gb Total Space | 23.66 Gb Free Space | 65.84% Space Free | Partition Type: NTFS
Drive F: | 35.74 Gb Total Space | 20.18 Gb Free Space | 56.46% Space Free | Partition Type: NTFS
Drive G: | 35.80 Gb Total Space | 22.68 Gb Free Space | 63.35% Space Free | Partition Type: NTFS
Drive H: | 35.79 Gb Total Space | 13.67 Gb Free Space | 38.20% Space Free | Partition Type: NTFS
Drive I: | 41.57 Gb Total Space | 25.65 Gb Free Space | 61.69% Space Free | Partition Type: NTFS
Drive J: | 10.65 Gb Total Space | 3.62 Gb Free Space | 34.02% Space Free | Partition Type: FAT32
Drive K: | 8.65 Gb Total Space | 3.08 Gb Free Space | 35.65% Space Free | Partition Type: FAT32
Drive L: | 11.74 Gb Total Space | 2.54 Gb Free Space | 21.60% Space Free | Partition Type: FAT32
Drive M: | 9.47 Gb Total Space | 4.89 Gb Free Space | 51.66% Space Free | Partition Type: FAT32
Drive N: | 21.32 Gb Total Space | 4.27 Gb Free Space | 20.04% Space Free | Partition Type: FAT32
Drive P: | 2.49 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive Q: | 465.76 Gb Total Space | 286.99 Gb Free Space | 61.62% Space Free | Partition Type: NTFS
Drive W: | 149.05 Gb Total Space | 64.38 Gb Free Space | 43.20% Space Free | Partition Type: NTFS

Computer Name: RUSSELL
Current User Name: Russell Alexander
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Russell Alexander\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - e:\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardian.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Gigabyte\EasySaver\essvr.exe ()
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
PRC - C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\fpdisp5a.exe (FinePrint Software, LLC)
PRC - C:\Program Files\FolderSize\FolderSizeSvc.exe (Brio)
PRC - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe (Linksys)
PRC - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe (GEMTEKS)
PRC - F:\UPHClean\uphclean.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Logitech\QCDriver\LVComS.exe (Logitech Inc.)
PRC - C:\WINDOWS\SYSTEM32\Crypserv.exe (Kenonic Controls Ltd.)
PRC - H:\Roland\VSC32\vscvol.exe (Roland)
PRC - H:\Roland\VSC32\Vsc32Cnf.exe (Roland)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Russell Alexander\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\SYSTEM32\msscript.ocx (Microsoft Corporation)
MOD - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll (Logitech Inc.)


========== Win32 Services (SafeList) ==========

SRV - (WUSB54Gv42SVC) -- File not found
SRV - (RoxWatch9) -- File not found
SRV - (RoxMediaDB9) -- File not found
SRV - (RoxLiveShare9) -- File not found
SRV - (PnkBstrA) -- File not found
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (afcdpsrv) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (TomTomHOMEService) -- e:\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (sp_rssrv) -- C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
SRV - (C-DillaCdaC11BA) -- C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE (C-Dilla Ltd)
SRV - (ES lite Service) -- C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE ()
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (Capture Device Service) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (ServiceLayer) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe (Nokia.)
SRV - (FolderSize) -- C:\Program Files\FolderSize\FolderSizeSvc.exe (Brio)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation)
SRV - (Macromedia Licensing Service) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (UPHClean) -- F:\UPHClean\uphclean.exe (Microsoft Corporation)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (America Online)
SRV - (AOL TopSpeedMonitor) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (America Online, Inc)
SRV - (GEARSecurity) -- C:\WINDOWS\SYSTEM32\gearsec.exe (GEAR Software)
SRV - (Crypkey License) -- C:\WINDOWS\System32\Crypserv.exe (Kenonic Controls Ltd.)


========== Driver Services (SafeList) ==========

DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows ® 2000 DDK provider)
DRV - (RegGuard) -- C:\WINDOWS\SYSTEM32\DRIVERS\regguard.sys (Greatis Software)
DRV - (Partizan) -- C:\WINDOWS\SYSTEM32\DRIVERS\Partizan.sys (Greatis Software)
DRV - (aswTdi) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys (ALWIL Software)
DRV - (MBAMProtector) -- C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys (Malwarebytes Corporation)
DRV - (cmdGuard) -- C:\WINDOWS\SYSTEM32\DRIVERS\cmdguard.sys (COMODO)
DRV - (L6DP) -- C:\WINDOWS\SYSTEM32\DRIVERS\l6dp.sys (Line 6)
DRV - (Inspect) -- C:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\WINDOWS\SYSTEM32\DRIVERS\cmdhlp.sys (COMODO)
DRV - (afcdp) -- C:\WINDOWS\SYSTEM32\DRIVERS\afcdp.sys (Acronis)
DRV - (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258) -- C:\WINDOWS\system32\DRIVERS\tdrpm258.sys (Acronis)
DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (NPF) -- C:\WINDOWS\SYSTEM32\DRIVERS\npf.sys (CACE Technologies, Inc.)
DRV - (LMIRfsClientNP) -- C:\WINDOWS\SYSTEM32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (atksgt) -- C:\WINDOWS\SYSTEM32\DRIVERS\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\SYSTEM32\DRIVERS\lirsgt.sys ()
DRV - (L6TPortB) -- C:\WINDOWS\SYSTEM32\DRIVERS\L6TPortB.sys (Line 6)
DRV - (ati2mtag) -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (sp_rsdrv2) -- C:\WINDOWS\SYSTEM32\DRIVERS\sp_rsdrv2.sys ()
DRV - (mcdbus) -- C:\WINDOWS\SYSTEM32\DRIVERS\mcdbus.sys (MagicISO, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nv) -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (RTHDMIAzAudService) -- C:\WINDOWS\SYSTEM32\DRIVERS\RtKHDMI.sys (Realtek Semiconductor Corp.)
DRV - (SBRE) -- C:\WINDOWS\SYSTEM32\DRIVERS\SBREDrv.sys (Sunbelt Software)
DRV - (RTLE8023xp) -- C:\WINDOWS\SYSTEM32\DRIVERS\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (LMIRfsDriver) -- C:\WINDOWS\SYSTEM32\DRIVERS\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (MPE) -- C:\WINDOWS\SYSTEM32\DRIVERS\MPE.sys (Microsoft Corporation)
DRV - (nm) -- C:\WINDOWS\SYSTEM32\DRIVERS\nmnt.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys (Microsoft Corporation)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\SYSTEM32\DRIVERS\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (yukonwxp) -- C:\WINDOWS\SYSTEM32\DRIVERS\yk51x86.sys (Marvell)
DRV - (LVcKap) -- C:\WINDOWS\SYSTEM32\DRIVERS\Lvckap.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\SYSTEM32\DRIVERS\LVPr2Mon.sys ()
DRV - (LVMVDrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\LVMVdrv.sys (Logitech Inc.)
DRV - (DNE) -- C:\WINDOWS\SYSTEM32\DRIVERS\dne2000.sys (Deterministic Networks, Inc.)
DRV - (MCSTRM) -- C:\WINDOWS\SYSTEM32\DRIVERS\mcstrm.sys (RealNetworks, Inc.)
DRV - (U6000ALL) HDTV110 TV Box(ALL) -- C:\WINDOWS\SYSTEM32\DRIVERS\dmdcap.sys ()
DRV - (AmdPPM) -- C:\WINDOWS\SYSTEM32\DRIVERS\AmdPPM.sys (Advanced Micro Devices)
DRV - (SCDEmu) -- C:\WINDOWS\SYSTEM32\DRIVERS\scdemu.sys (PowerISO Computing, Inc.)
DRV - (emuumidi) -- C:\WINDOWS\SYSTEM32\DRIVERS\emuumidi.sys (E-MU Systems)
DRV - (mirrorv3) -- C:\WINDOWS\SYSTEM32\DRIVERS\rminiv3.sys (Famatech International Corp.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (AnyDVD) -- C:\WINDOWS\SYSTEM32\DRIVERS\AnyDVD.sys (SlySoft, Inc.)
DRV - (Aspi32) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASPI32.SYS (Adaptec)
DRV - (dvd_2K) -- C:\WINDOWS\SYSTEM32\DRIVERS\dvd_2k.sys (Sonic Solutions)
DRV - (mmc_2K) -- C:\WINDOWS\SYSTEM32\DRIVERS\mmc_2k.sys (Sonic Solutions)
DRV - (WUSB54GPV4SRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\rt2500usb.sys (Ralink Technology Inc.)
DRV - (MDC8021X) WPA Security Protocol (IEEE 802.1x) -- C:\WINDOWS\SYSTEM32\DRIVERS\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (CX23880) -- C:\WINDOWS\SYSTEM32\DRIVERS\cx88vid.sys (Conexant Systems, Inc.)
DRV - (CX88XBAR) -- C:\WINDOWS\SYSTEM32\DRIVERS\cx88xbar.sys (Conexant Systems, Inc.)
DRV - (ElbyCDIO) -- C:\WINDOWS\SYSTEM32\DRIVERS\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (CdaC15BA) -- C:\WINDOWS\SYSTEM32\DRIVERS\CDAC15BA.SYS ()
DRV - (VGAUTI) -- C:\WINDOWS\SYSTEM32\DRIVERS\vgauti.sys ()
DRV - (cmudau) -- C:\WINDOWS\SYSTEM32\DRIVERS\cmudau.sys (C-Media Inc)
DRV - (DgiVecp) -- C:\WINDOWS\SYSTEM32\DRIVERS\DGIVECP.SYS (DeviceGuys, Inc.)
DRV - (SI3112r) -- C:\WINDOWS\system32\DRIVERS\SI3112r.sys (Silicon Image, Inc.)
DRV - (PalmUSBD) -- C:\WINDOWS\SYSTEM32\DRIVERS\PalmUSBD.sys (Palm, Inc.)
DRV - (NSNDIS5) -- C:\WINDOWS\SYSTEM32\nsndis5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (RD1006) -- C:\WINDOWS\SYSTEM32\DRIVERS\rdwm1006.sys (Roland Corporation)
DRV - (incdrm) -- C:\WINDOWS\SYSTEM32\DRIVERS\incdrm.sys (Ahead Software AG)
DRV - (AR5211) -- C:\WINDOWS\SYSTEM32\DRIVERS\ar5211.sys ()
DRV - (SiFilter) -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (GTNDIS5) -- C:\WINDOWS\SYSTEM32\GTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (nvnforce) Service for NVIDIA® nForce™ -- C:\WINDOWS\SYSTEM32\DRIVERS\nvapu.sys (NVIDIA Corporation)
DRV - (nvax) Service for NVIDIA® nForce™ -- C:\WINDOWS\SYSTEM32\DRIVERS\nvax.sys (NVIDIA Corporation)
DRV - (Ser2pl) -- C:\WINDOWS\SYSTEM32\DRIVERS\ser2pl.sys (Prolific Technology Inc.)
DRV - (NVENET) -- C:\WINDOWS\SYSTEM32\DRIVERS\NVENET.sys (NVIDIA Corporation)
DRV - (nv_agp) -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys (NVIDIA Corporation)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (QCPro) Logitech QuickCam Pro USB(PID_D001) -- C:\WINDOWS\SYSTEM32\DRIVERS\p35u.sys (Logitech Inc.)
DRV - (ms_mpu401) -- C:\WINDOWS\SYSTEM32\DRIVERS\msmpu401.sys (Microsoft Corporation)
DRV - (s3legacy) -- C:\WINDOWS\SYSTEM32\DRIVERS\s3legacy.sys (Microsoft Corporation)
DRV - (HCF_MSFT) -- C:\WINDOWS\SYSTEM32\DRIVERS\HCF_MSFT.sys (Conexant)
DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\el90xbc5.sys (3Com Corporation)
DRV - (vsc32) -- C:\WINDOWS\SYSTEM32\DRIVERS\vsc.sys (Roland)
DRV - (RVIEGVST) -- C:\Program Files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys (Roland)
DRV - (RVIEG01) -- C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys (Roland)
DRV - (sysid) -- C:\WINDOWS\SYSTEM32\DRIVERS\sysid.sys ()
DRV - (NetworkX) -- C:\WINDOWS\system32\ckldrv.sys ()
DRV - (aslm75) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASLM75.SYS ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = MSN Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.msn.co...a...1&noredir=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "engine://F%3A%5Cnetscape%5Csearchplugins%5CSBWeb_01.src"
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.6.117
FF - prefs.js..extensions.enabledItems: {50997114-a686-4585-8fb9-ce1093a1cf75}:1.5.46.0
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}:6.0.04
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.586
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/06/08 00:40:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/12/18 15:14:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/05 21:23:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/23 22:31:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/23 22:31:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Components: f:\netscape\Components [2010/01/18 14:10:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Plugins: f:\netscape\Plugins [2009/12/16 11:09:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.2\Extensions\\Components: f:\netscape\Components [2010/01/18 14:10:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.2\Extensions\\Plugins: f:\netscape\Plugins [2009/12/16 11:09:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.3\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2009/07/22 22:44:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.3\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2009/09/09 21:42:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2009/07/22 22:44:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2009/09/09 21:42:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.1.0.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2009/07/22 22:44:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.1.0.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2009/09/09 21:42:55 | 000,000,000 | ---D | M]

[2009/06/11 18:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Mozilla\Extensions
[2008/05/21 22:32:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Russell Alexander\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/11 18:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Mozilla\Extensions\[email protected]
[2010/05/25 10:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Mozilla\Firefox\Profiles\8658kj9u.default\extensions
[2010/05/25 00:08:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Russell Alexander\Application Data\Mozilla\Firefox\Profiles\8658kj9u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/09/23 07:27:57 | 000,000,000 | ---D | M] (audiocandy.com Radio Toolbar) -- C:\Documents and Settings\Russell Alexander\Application Data\Mozilla\Firefox\Profiles\8658kj9u.default\extensions\{50997114-a686-4585-8fb9-ce1093a1cf75}
[2009/06/13 14:28:31 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Russell Alexander\Application Data\Mozilla\Firefox\Profiles\8658kj9u.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2007/01/04 15:12:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Mozilla\Firefox\Profiles\8658kj9u.default\extensions\[email protected]
[2010/03/24 18:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Mozilla\Firefox\Profiles\8658kj9u.default\extensions\[email protected]
[2009/05/06 08:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Mozilla\Firefox\Profiles\8658kj9u.default\extensions\[email protected]
[2010/03/14 14:40:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Mozilla\Firefox\Profiles\8658kj9u.default\extensions\[email protected]
[2008/09/21 18:56:18 | 000,000,900 | ---- | M] () -- C:\Documents and Settings\Russell Alexander\Application Data\Mozilla\Firefox\Profiles\8658kj9u.default\searchplugins\conduit.xml
[2010/05/25 00:09:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/23 22:31:25 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/10/09 08:13:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/10/12 20:32:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/06/29 14:21:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
[2008/06/30 23:08:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/06/08 00:40:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/14 10:38:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/12/16 11:09:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/04/01 13:58:18 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/04/01 13:58:19 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2008/04/10 16:00:54 | 000,044,360 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2008/04/10 16:00:54 | 000,107,928 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2007/03/22 14:57:10 | 000,057,504 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2009/10/11 05:17:27 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2008/01/04 16:57:08 | 001,335,600 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2008/01/07 18:14:26 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2007/05/03 17:36:48 | 000,493,608 | ---- | M] (iLinc Communications, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPil86.dll
[2008/06/27 16:03:12 | 001,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2003/11/18 13:37:32 | 000,241,664 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npmusicn.dll
[2010/04/01 13:58:20 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2004/12/14 02:19:18 | 000,057,344 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/09/09 21:42:55 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/09/09 21:42:55 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/09/09 21:42:55 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/09/09 21:42:55 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/09/09 21:42:55 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/09/09 21:42:55 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/09/09 21:42:55 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/01/12 19:07:00 | 002,633,728 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
[2005/08/09 13:42:54 | 000,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2007/07/18 15:54:00 | 000,245,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\unicows.dll
[2010/04/01 11:56:18 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/04/01 11:56:18 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/04/01 11:56:18 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/04/01 11:56:18 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/04/01 11:56:18 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/04/01 11:56:18 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/04/01 11:56:18 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/05/23 12:29:31 | 000,394,585 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13652 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx ()
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVComS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [vsc32cnf.exe] h:\Roland\VSC32\Vsc32Cnf.exe (Roland)
O4 - HKLM..\Run: [vscvol.exe] h:\Roland\VSC32\vscvol.exe (Roland)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\SYSTEM32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - E:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open with BitPump - C:\Program Files\AnalogX\BitPump\ieint.htm ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - Reg Error: Key error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE File not found
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE File not found
O9 - Extra Button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\Msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\Msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SYSTEM32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\SYSTEM32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O12 - Plugin for: .pl - M:\Internet Explorer\PLUGINS\NPSibelius.dll (Sibelius Software Ltd)
O15 - HKCU\..Trusted Domains: accountonline.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: line6.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {00000160-0000-0010-8000-00AA00389B71} http://codecs.micros...pha/msaudio.cab (Reg Error: Key error.)
O16 - DPF: {00000161-0000-0010-8000-00AA00389B71} http://codecs.micros...386/msaudio.cab (Reg Error: Key error.)
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} Reg Error: Value error. (SupportSoft SmartIssue)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} Reg Error: Value error. (SupportSoft Script Runner Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} Reg Error: Value error. (QuickTime Object)
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} Reg Error: Value error. (MetaStreamCtl Class)
O16 - DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} Reg Error: Value error. (Street Technologies ActiveX Control Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} http://inst.c-wss.co...ml/gtdownlr.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.micros...386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {3A6514CD-A457-11D4-8AF3-000102686B79} http://www.bugnosis....oads/webbug.cab (Bugnosis)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akama...meInstaller.exe (Reg Error: Key error.)
O16 - DPF: {4248083C-9656-11D2-8B7F-00105A17847A} http://mplayer.com/j...nup/mplayer.exe (Reg Error: Key error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1261064503109 (WUWebControl Class)
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} Reg Error: Value error. (PWMediaSendControl Class)
O16 - DPF: {6D5FCFCB-FA6C-4CFB-9918-5F0A9F7365F2} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1222030767203 (MUWebControl Class)
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} Reg Error: Value error. (InstallShield International Setup Player)
O16 - DPF: {76A2A0AB-38B7-46DB-8E47-F10CDE4D7920} http://aerial.leepa....plugins/NCS.cab (Reg Error: Key error.)
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} http://das.microsoft...tail/DASAct.cab (DASWebDownload Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8C6C6922-6258-44AC-9912-53964AC55276} http://217.160.140.6...d/xloader10.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...7998.7923842593 (Reg Error: Key error.)
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} Reg Error: Value error. (HeartbeatCtl Class)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CEBC955E-58AF-11D2-A30A-00A0C903492B} http://windowsupdate...en/actsetup.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} Reg Error: Value error. (ActiveDataObj Class)
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} Reg Error: Value error. (Live Collaboration)
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} http://www.traxispro...vey/XUpload.ocx (Persits Software XUpload)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: {FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} Reg Error: Value error. (IERPCtl Class)
O16 - DPF: ChatSpace Java Client 2.1.0.84 http://63.102.227.45/Java/cs4ms084.cab (Reg Error: Key error.)
O16 - DPF: Dialpad Java Applet http://www.dialpad.c...et/src/vscp.cab (Reg Error: Key error.)
O16 - DPF: Dialpad US Java Applet http://www.dialpad.c...et/src/vscp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: Internet Explorer Classes for Java Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: Serome Web2Phone http://www.dialpad.com/applet/vscp.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Backgammon http://download.game...nts/y/at0_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! PagerLite http://jpager.yahoo.com/m6/msgr.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SYSTEM32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SYSTEM32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\SYSTEM32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SYSTEM32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\SYSTEM32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\SYSTEM32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\CASTLE.BMP
O24 - Desktop BackupWallPaper: C:\WINDOWS\CASTLE.BMP
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/05/07 17:24:24 | 000,000,928 | -HS- | M] () - C:\AUTOEXEC.BAK -- [ NTFS ]
O32 - AutoRun File - [2004/11/19 00:25:40 | 000,000,728 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/04/15 14:23:36 | 000,000,898 | -HS- | M] () - C:\AUTOEXEC.DOS -- [ NTFS ]
O32 - AutoRun File - [2000/06/21 17:17:56 | 000,001,014 | -HS- | M] () - C:\AUTOEXEC.OLD -- [ NTFS ]
O32 - AutoRun File - [2009/05/25 16:18:41 | 000,000,000 | ---D | M] - E:\auto hypnosis -- [ NTFS ]
O32 - AutoRun File - [2009/05/25 16:03:10 | 000,000,000 | ---D | M] - E:\AutoPatcher -- [ NTFS ]
O32 - AutoRun File - [2009/05/25 21:27:50 | 000,000,000 | ---D | M] - H:\Auto-Tune -- [ NTFS ]
O32 - AutoRun File - [2005/11/06 19:36:30 | 000,000,000 | ---D | M] - M:\autorun - list startup autoruns -- [ FAT32 ]
O32 - AutoRun File - [2007/09/26 23:02:52 | 000,000,063 | R--- | M] () - P:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (Partizan) - C:\WINDOWS\System32\Partizan.exe (Greatis Software)
O34 - HKLM BootExecute: (ootExecute settings...) - File not found
O34 - HKLM BootExecute: (on\E) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\ias [2004/11/20 02:57:38 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "wuauserv"
MsConfig - Services: "wscsvc"
MsConfig - Services: "tmproxy"
MsConfig - Services: "TmPfw"
MsConfig - Services: "Tmntsrv"
MsConfig - Services: "PcCtlCom"
MsConfig - Services: "AOL TopSpeedMonitor"
MsConfig - Services: "AOL ACS"
MsConfig - Services: "Adobe LM Service"
MsConfig - Services: "RoxLiveShare"
MsConfig - Services: "LiveUpdate"
MsConfig - Services: "iPodService"
MsConfig - Services: "GoToMyPC"
MsConfig - Services: "C-DillaCdaC11BA"
MsConfig - Services: "iPod Service"
MsConfig - Services: "UleadBurningHelper"
MsConfig - Services: "Microsoft Office Groove Audit Service"
MsConfig - Services: "IntuitUpdateService"
MsConfig - Services: "QBFCService"
MsConfig - Services: "Bonjour Service"
MsConfig - Services: "Apple Mobile Device"
MsConfig - Services: "TomTomHOMEService"
MsConfig - Services: "Ati HotKey Poller"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk - J:\Common\Bin\WinCinemaMgr.exe - (InterVideo Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^Russell Alexander^Start Menu^Programs^Startup^HotSync Manager.lnk - E:\Palm\HOTSYNC.EXE - (Palm, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^Russell Alexander^Start Menu^Programs^Startup^Registration Ghost Recon Advanced Warfighter.LNK - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^Russell Alexander^Start Menu^Programs^Startup^World Community Grid Agent.lnk - M:\WorldCommunityGrid\UD.EXE - (United Devices, Inc.)
MsConfig - StartUpReg: AOLDialer - hkey= - key= - C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (America Online)
MsConfig - StartUpReg: DataLayer - hkey= - key= - C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe (Nokia Mobile Phones Ltd.)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\Russell Alexander\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: HostManager - hkey= - key= - C:\Program Files\Common Files\AOL\1110494747\EE\AOLHostManager.exe (America Online, Inc.)
MsConfig - StartUpReg: MoneyAgent - hkey= - key= - E:\Microsoft Money\System\mnyexpr.exe (Microsoft Corporation)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: RoxioDragToDisc - hkey= - key= - N:\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe File not found
MsConfig - StartUpReg: RoxWatchTray - hkey= - key= - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe File not found
MsConfig - StartUpReg: SBAMTray - hkey= - key= - C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
MsConfig - StartUpReg: SW20 - hkey= - key= - File not found
MsConfig - StartUpReg: SW24 - hkey= - key= - File not found
MsConfig - StartUpReg: SystemTray - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SBAMSvc - Reg Error: Value error.
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - C:\WINDOWS\SYSTEM32\DRIVERS\nmnt.sys (Microsoft Corporation)
SafeBootNet: nm.sys - C:\WINDOWS\SYSTEM32\DRIVERS\nmnt.sys (Microsoft Corporation)
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SBAMSvc - Reg Error: Value error.
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - Service
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {05466845-FF44-4671-92C1-A5FD0F9EEE1C} - Microsoft Reader
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {0e547b80-7101-11d3-824e-0000f80697e6} - SpoofedRoute_98_Gold_3339
ActiveX: {0E8AF1C0-D275-11d2-B803-0000F81E8383} - WindowsScriptVersion5.0
ActiveX: {0E8AF1C1-D275-11d2-B803-0000F81E8383} - WindowsScriptVersion5.0
ActiveX: {0F30D99A-E88A-11D2-A0C2-00C04F8EF9B9} - IMG_SRC_3413
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0e} - Internet Explorer ReadMe
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - IEEX
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {10ABA7E0-3236-11d2-B7B0-0000F81E8383} - WindowsScriptVersion5.0
ActiveX: {10ABA7E1-3236-11d2-B7B0-0000F81E8383} - WindowsScriptVersion5.0
ActiveX: {10e93000-e548-11d3-9741-00500483cae0} - Windows 98 Second Edition Q242975 Update
ActiveX: {11820ee0-b3c2-11d1-9948-00c04f98bbc9} - Media Player RealNetworks Codecs
ActiveX: {14e380f0-c285-4faf-bbd9-29efec36d1af} - Windows 98 Q323172 Update
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {18b6f603-bdc4-4eee-9598-d2a4d1375605} - MDAC
ActiveX: {1A06B5B0-A9D2-11D3-A0F7-00C04F8EF9B9} - Schannel_5.01_3361
ActiveX: {1A4D5610-6CB1-F341-D786-13B7AE006D21} - Internet Explorer
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {1CDEE860-E95B-11CF-B1B0-00AA00BBAD66} - Microsoft Wallet
ActiveX: {20D949A5-2A8D-4cee-8C6A-43728AD58711} -
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {228C67C0-D718-11d2-8932-00C04FC983D7} - DirectX Media 6.0 Runtime Patch for DirectAnimation
ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {23064720-c4f8-11d1-994d-00c04f98bbc9} - Media Player RealNetworks Support
ActiveX: {23A5AF35-9738-9999-7705-CB1546F0CDFE} - Outlook Express
ActiveX: {2806b4d1-cadf-4568-99df-1c8836a6b4bc} - Windows 98 Q823559 Update
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEEC729} - Macromedia Shockwave Flash
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C30259F-BF13-49d0-B002-19EBFC785800} - Windows 98 Q323255 Update
ActiveX: {3fe8dce3-19f0-35c9-aaf2-efc830dc2105} -
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {412890AC-45FD-FF6C-EA7F-873ED838CFE7} - SpoofedRoute_98_Gold_3339
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015D} - DirectX Layer
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4618d4ef-4d59-4f93-b03c-1aac4dacf903} - RTF_Control_3385
ActiveX: {4781B631-A33F-4897-AEB8-8B6A7C1D9BC2} - q279328
ActiveX: {47f67d00-9e55-11d1-baef-00c04fc2d130} - AOL Support Files
ActiveX: {4b4a3d7a-d586-11d2-afd7-00a0c9c724d0} - "C:\Program Files\Outlook Express\runins.exe"
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {4FF49BC3-3B8B-11d3-A90D-0080C79899C0} - DX7.0a_Patch_3367
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - Windows Messenger 5.1
ActiveX: {59bed740-046a-11d3-824e-0000f80697e6} - y2kupdate20_774
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5c773859-bb96-48fa-875b-6a58aae072f4} - Windows 98 Q273991 Update
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {64093F50-686C-11D2-A09E-00C04F8EF9B9} - 'Dotless IP Address' Security Update
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {70e57a99-418a-444d-b570-e4ac84b74903} - Windows 98 Q256015 Update
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {716E024F-7F74-47F3-B93B-9FF7F3CBF94C} - Q313675
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {76C19B33-F0C8-11cf-87CC-0020AFEECF20} - Chinese (Traditional) Text Display Support
ActiveX: {76C19B36-F0C8-11cf-87CC-0020AFEECF20} - Hebrew Text Support
ActiveX: {76C19B38-F0C8-11cf-87CC-0020AFEECF20} - Arabic Text Support
ActiveX: {76C19B50-F0C8-11cf-87CC-0020AFEECF20} - Language Auto-Selection
ActiveX: {76E4599C-F2A7-49CD-B06B-BDADFB5413D0} - q273868
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {78BF7C8C-00B5-479D-9430-8A7EDA850C88} - ServerRedirectIE5.01_x86_3311
ActiveX: {8182cf00-75aa-11d3-824e-0000f80697e6} - Windows 98 Q168115 Update
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8ad8d4e4-048b-4360-b13c-44a958405063} - Windows 98 Q249973 Update
ActiveX: {8d84e56e-fbac-4e09-af5e-6cde8294b998} -
ActiveX: {8dc99c40-26c5-11d4-a58a-00902766e933} - Windows 98 Q259728 Update
ActiveX: {8ea462d5-3332-4edb-a377-f2544dffb95f} - Windows 98 Q318307 Update
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9664fac0-26c5-11d4-a58a-00902766e933} -
ActiveX: {9a2e4ab0-9a7e-11d2-9da1-00c04f98bbc9} - Windows Media Player Codecs
ActiveX: {9a70de30-908b-4b2b-a978-423837455543} - Windows 98 Q314147 Update
ActiveX: {9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} - C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
ActiveX: {a2376760-98dd-11d2-b0d6-00c04f777f0c} - OLE Automation fix
ActiveX: {ab4d5fc0-e095-11d3-9741-00500483cae0} - Windows 98 Second Edition Q252958 Update
ActiveX: {ac1febac-747e-41e7-b002-fd2415e9f555} - Windows 98 Q249863 Update
ActiveX: {AC84C7C0-21A1-11d2-AF1D-00C04FA35D02} - Outlook Express 'File Attachment' Security Update
ActiveX: {b2bd81e0-979d-11d3-8000-0090276c5e3a} - W98_FileAccess_3306
ActiveX: {b4ca6480-3ab9-11d3-b054-00a0c922e5d5} - tshoot
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {b59c7da0-daea-11d2-83c7-0000f8051539} - RegWizCleanUp_590
ActiveX: {b6e23809-caf7-4c8f-93f8-5f40dfabaaa1} - Windows 98 Q329115 Update
ActiveX: {b7d5e460-8c8a-11d3-8e4a-0050da1d4065} - Windows 98 Second Edition Q239887 Update
ActiveX: {BEF6E001-A874-101A-8BBA-00AA00300CAB} - MFC40
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C0C31EA8-106B-4c1f-AB2D-B5FEFD693511} -
ActiveX: {C6EE82B1-BF65-4e0a-912E-A7B3BBA31F51} - Windows 98 Q811630 Update
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540300} - Additional Web Fonts
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CA0A4247-44BE-11d1-A005-00805F8ABE06} - RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CB697765-2332-11d3-A90D-0080C79899C0} - libraries2
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {ce195cf6-3b36-4ffa-8df4-91a0f7ef577d} - Windows 98 Q840315 Update
ActiveX: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} - RealPlayer by Progressive Networks
ActiveX: {D19E1023-4BE4-11d3-A90D-0080C79899C0} - w98SP1oe5_3116
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {D45FD31B-5C6E-11D1-9EC1-00C04FD7081F} - Agent 2.0
ActiveX: {D7B44F3E-77D3-44C5-8E03-4222D9A18B7B} - Q321232
ActiveX: {D885E5ED-AFAE-41f3-8BB7-AB4E2CF4E629} -
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E22B18AF-E333-F373-85D1-0EB96D255CD4} - Internet Explorer
ActiveX: {E5925FA0-73D1-11D2-BCC5-0000F83002C6} - Windows 98 Year 2000 Update
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {F4AD3F2B-D0F4-4D88-AA7D-583B66E695EE} - q240308
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: {F94C2DA4-708E-11d3-AFB2-00C04F6814C4} - OLE Automation
ActiveX: {fa3798ce-3900-4461-961a-bc2568e17603} - Windows 98 TELNET Update
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: 128PATCH - 128 Bit Encryption Update
ActiveX: Microsoft Base Smart Card Crypto Provider Package -
ActiveX: MmoptPreferredAudioDevices - Windows Setup - Multimedia

Drivers32: midi2 - C:\WINDOWS\System32\rddv1006.dll (Roland Corporation)
Drivers32: MIDI7 - C:\WINDOWS\System32\vscapi.dll (Roland)
Drivers32: mixer1 - C:\WINDOWS\System32\rddv1006.dll (Roland Corporation)
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imc - C:\WINDOWS\SYSTEM32\IMC32.ACM (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\LHACM.ACM (Microsoft Corporation)
Drivers32: MSACM.MSNAUDIO - msnaudio.acm File not found
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corp.)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vivog723 - C:\WINDOWS\System32\VIVOG723.ACM (Vivo Software)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co....hors/VA012897/)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.3IV2 - C:\WINDOWS\System32\3ivxVfWCodec_dec.dll (3ivx.com)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.DRAW - C:\WINDOWS\System32\DVIDEO.DLL (Microsoft Corporation)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - frapsvid.dll File not found
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.JPGL - C:\WINDOWS\System32\jpgl.dll (Tekom Technologies, Inc.)
Drivers32: VIDC.MJPG - C:\WINDOWS\System32\Pvmjpg20.dll (Pegasus Imaging Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MP43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MSUD - msulvc05.dll File not found
Drivers32: VIDC.TR20 - C:\WINDOWS\System32\TR2032.DLL (The Duck Corporation)
Drivers32: VIDC.TSCC - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.UCOD - C:\WINDOWS\System32\CLRVIDDD.DLL (Iterated Systems, Inc.)
Drivers32: VIDC.VCR1 - ATIVCR1.DLL File not found
Drivers32: VIDC.VCR2 - ATIVCR2.DLL File not found
Drivers32: VIDC.VDOM - C:\WINDOWS\System32\vdowave.drv (VDOnet LTD..)
Drivers32: vidc.vivo - C:\WINDOWS\System32\IVVIDEO.DLL (Vivo Software)
Drivers32: VIDC.VP40 - vp4vfw.dll File not found
Drivers32: vidc.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP70 - vp7vfw.dll File not found
Drivers32: VIDC.WMV3 - wmv9vcm.dll File not found
Drivers32: vidc.X264 - x264vfw.dll File not found
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: vids.draw - C:\WINDOWS\System32\DVIDEO.DLL (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\rddv1006.dll (Roland Corporation)
Drivers32: WAVE6 - C:\WINDOWS\System32\vscapi.dll (Roland)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (33227658003218432)

========== Files/Folders - Created Within 30 Days ==========

[2010/05/25 11:47:20 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Russell Alexander\Desktop\OTL.exe
[2010/05/25 11:06:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\RegRunInfo
[2010/05/25 00:11:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\RestoreSafeDeleted
[2010/05/24 23:59:33 | 000,024,416 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys
[2010/05/24 23:17:39 | 000,037,600 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe
[2010/05/24 23:17:39 | 000,035,816 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys
[2010/05/24 23:15:09 | 000,000,000 | ---D | C] -- G:\My Documents\RegRun2
[2010/05/24 19:59:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/24 19:59:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/24 19:59:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/23 12:02:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Russell Alexander\Local Settings\Application Data\Painkiller Overdose
[1 C:\WINDOWS\System\*.tmp files -> C:\WINDOWS\System\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/25 12:01:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/05/25 11:47:22 | 024,641,536 | ---- | M] () -- C:\Documents and Settings\Russell Alexander\ntuser.dat
[2010/05/25 11:34:00 | 000,001,026 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-362288127-839522115-1003UA.job
[2010/05/25 11:28:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/25 11:28:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/25 11:27:21 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2010/05/25 11:26:54 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/25 11:26:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/25 11:26:33 | 000,178,544 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/05/25 11:22:07 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Russell Alexander\ntuser.ini
[2010/05/25 01:34:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-362288127-839522115-1003Core.job
[2010/05/24 23:59:33 | 000,024,416 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys
[2010/05/24 23:17:39 | 000,037,600 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe
[2010/05/24 23:17:39 | 000,035,816 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys
[2010/05/24 23:16:11 | 000,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2010/05/24 23:15:58 | 000,003,408 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/24 23:15:51 | 000,002,789 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/05/24 23:15:08 | 000,000,449 | ---- | M] () -- C:\Documents and Settings\Russell Alexander\Desktop\Reanimator.lnk
[2010/05/24 10:09:59 | 000,239,392 | ---- | M] () -- C:\Documents and Settings\Russell Alexander\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/23 23:41:00 | 000,000,130 | ---- | M] () -- C:\WINDOWS\cfplogvw.INI
[2010/05/23 22:31:32 | 000,001,603 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/23 12:51:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/23 12:49:37 | 000,000,063 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010/05/23 12:48:53 | 002,001,125 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2010/05/23 12:29:31 | 000,394,585 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/23 12:16:41 | 002,006,240 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/23 09:37:31 | 665,339,529 | ---- | M] () -- G:\My Documents\port capture report text
[2010/05/23 09:35:12 | 099,244,588 | ---- | M] () -- G:\My Documents\port capture report
[2010/05/20 11:12:40 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Russell Alexander\Desktop\OTL.exe
[2010/05/16 11:30:59 | 000,221,099 | ---- | M] () -- G:\My Documents\bookmarks-2010-05-16.json
[2010/05/13 22:25:38 | 000,302,228 | ---- | M] () -- G:\My Documents\geico documentation 5-13-10.pdf
[2010/05/06 16:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/06 16:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/06 16:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/06 16:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/06 16:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\System\*.tmp files -> C:\WINDOWS\System\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/24 23:16:11 | 000,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2010/05/24 23:15:08 | 000,000,449 | ---- | C] () -- C:\Documents and Settings\Russell Alexander\Desktop\Reanimator.lnk
[2010/05/23 11:24:39 | 665,339,529 | ---- | C] () -- G:\My Documents\port capture report text
[2010/05/23 11:24:36 | 099,244,588 | ---- | C] () -- G:\My Documents\port capture report
[2010/05/23 11:24:36 | 000,302,228 | ---- | C] () -- G:\My Documents\geico documentation 5-13-10.pdf
[2010/05/23 11:24:09 | 000,221,099 | ---- | C] () -- G:\My Documents\bookmarks-2010-05-16.json
[2010/03/11 13:01:39 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/01/29 10:23:44 | 000,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2009/11/15 22:29:04 | 000,000,383 | ---- | C] () -- C:\WINDOWS\GearBox.ini
[2009/10/20 14:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/09/10 11:21:44 | 000,008,520 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2009/08/24 21:25:18 | 000,279,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009/08/24 21:25:09 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009/08/20 12:29:13 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/08/20 12:29:13 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/08/20 12:28:00 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\System32\swk.ini
[2009/06/30 10:48:40 | 000,000,459 | ---- | C] () -- C:\WINDOWS\avpr.ini
[2009/04/22 23:26:17 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2009/04/14 00:58:14 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2009/01/15 09:19:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/01/15 09:19:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/01/15 09:19:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/01/15 09:19:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/12/16 04:50:46 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\cmdrvrmu.dll
[2008/12/14 20:58:09 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\GTTunerCard.dll
[2008/12/14 20:58:09 | 000,237,646 | ---- | C] () -- C:\WINDOWS\System32\Snap_device.dll
[2008/12/14 20:58:08 | 000,069,707 | ---- | C] () -- C:\WINDOWS\System32\DISP_OPT1.dll
[2008/12/13 21:53:49 | 000,230,784 | R--- | C] () -- C:\WINDOWS\System32\drivers\dmdcap.sys
[2008/12/13 21:53:45 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2008/11/19 01:13:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2008/11/04 00:29:20 | 000,002,294 | ---- | C] () -- C:\WINDOWS\U3DEDIT2.INI
[2008/09/22 13:21:57 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\IppPortMonitor.dll
[2008/09/12 20:40:30 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/06/28 16:47:22 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2008/06/28 16:47:01 | 000,000,650 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2008/05/26 17:00:02 | 000,001,762 | ---- | C] () -- C:\WINDOWS\System32\emuumidi.ini
[2008/05/26 17:00:02 | 000,000,038 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/03/28 16:22:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2008/03/14 13:20:10 | 000,001,668 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2008/02/22 00:26:44 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/01/04 16:57:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/01/04 16:57:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/01/04 16:56:24 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/10/11 18:59:24 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/07/04 23:01:31 | 000,002,777 | ---- | C] () -- C:\WINDOWS\TVC8XDrv.ini
[2007/06/19 08:59:36 | 000,070,400 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2007/04/20 07:57:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/04/20 07:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/03/22 14:57:50 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2007/03/06 13:39:44 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsProbe.sys
[2007/02/09 18:59:33 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/02/09 18:59:32 | 000,471,552 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2007/02/08 00:07:50 | 000,000,144 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
[2007/02/04 15:17:09 | 000,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv11300p3now.sys
[2007/01/30 12:24:14 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/01/23 14:11:42 | 000,000,107 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
[2007/01/15 19:33:18 | 000,002,307 | R--- | C] () -- C:\WINDOWS\Cmudau.ini
[2007/01/09 19:39:45 | 000,000,041 | ---- | C] () -- C:\WINDOWS\System32\ccafeaaaee_d.dll
[2006/11/03 19:49:11 | 000,000,958 | ---- | C] () -- C:\WINDOWS\APDFPRP.INI
[2006/11/03 19:16:11 | 000,000,095 | ---- | C] () -- C:\WINDOWS\crackpdf.INI
[2006/09/18 14:37:50 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2006/09/18 14:37:48 | 000,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
[2006/06/26 00:57:04 | 000,000,048 | ---- | C] () -- C:\WINDOWS\FileNamesinQueue.ini
[2006/06/17 20:04:40 | 000,000,174 | ---- | C] () -- C:\WINDOWS\MyDrivers.ini
[2006/05/07 18:19:24 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ciaUni40.dll
[2006/03/06 10:41:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\AMV_DecDLL.dll
[2006/02/18 17:33:08 | 000,000,029 | ---- | C] () -- C:\WINDOWS\AudACM.ini
[2006/02/08 23:29:20 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\DVDEncoder.dll
[2006/02/07 12:59:00 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Kingdia DVD Ripper.INI
[2006/02/07 11:28:47 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Arc DVD Copy.INI
[2006/02/06 21:40:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/02/05 19:12:47 | 000,000,066 | ---- | C] () -- C:\WINDOWS\Speed Video Converter.INI
[2006/01/01 22:32:18 | 000,000,180 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/18 11:40:27 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.DLL
[2005/11/07 00:17:24 | 000,000,059 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2005/11/07 00:17:21 | 000,024,608 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2005/11/07 00:17:21 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2005/11/01 11:09:23 | 000,777,728 | ---- | C] () -- C:\WINDOWS\System32\SSLSVC.DLL
[2005/11/01 11:09:23 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2005/11/01 11:09:23 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2005/11/01 11:09:22 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\lang_cfml.dll
[2005/11/01 11:09:22 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\xml_datagrove.dll
[2005/10/24 02:16:11 | 000,205,312 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2005/09/29 15:18:34 | 000,000,072 | ---- | C] () -- C:\WINDOWS\NPRiff.INI
[2005/09/04 22:56:54 | 000,468,480 | ---- | C] () -- C:\WINDOWS\System32\NMDll.dll
[2005/09/04 22:56:54 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\HDBHO.dll
[2005/09/04 22:56:54 | 000,020,480 | ---- | C] () -- C:\WINDOWS\yhl.dll
[2005/09/04 22:56:54 | 000,007,168 | ---- | C] () -- C:\WINDOWS\lq.dll
[2005/07/15 14:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/07/09 23:36:57 | 000,000,101 | ---- | C] () -- C:\WINDOWS\FCJCP.INI
[2005/06/24 10:18:40 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\muangsys.dll
[2005/06/24 10:18:40 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\muadisp.dll
[2005/05/12 03:23:54 | 000,000,026 | ---- | C] () -- C:\WINDOWS\FPKPMSV.INI
[2005/04/20 02:02:46 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\micr0st.dll
[2005/04/15 10:41:12 | 000,005,568 | ---- | C] () -- C:\WINDOWS\System32\drivers\sysid.sys
[2005/04/15 02:16:02 | 000,000,931 | ---- | C] () -- C:\WINDOWS\PVAStrumento.ini
[2005/03/01 15:30:20 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2005/02/26 18:47:05 | 000,351,776 | R--- | C] () -- C:\WINDOWS\System32\drivers\ar5211.sys
[2005/02/26 18:47:05 | 000,351,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\ar52119x.sys
[2005/02/22 04:24:05 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2005/02/21 02:02:21 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/02/16 07:33:05 | 000,523,264 | ---- | C] () -- C:\WINDOWS\System32\pano12.dll
[2005/02/05 08:38:20 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\CIASecurity.dll
[2005/02/03 01:30:22 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\sysinfo.sys
[2005/01/28 11:59:39 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\mswin32.drv
[2005/01/23 17:06:31 | 000,000,048 | ---- | C] () -- C:\WINDOWS\QFNONL.INI
[2004/12/31 13:15:06 | 000,000,351 | ---- | C] () -- C:\WINDOWS\WHOffice.INI
[2004/12/18 11:13:52 | 000,000,135 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2004/11/30 04:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2004/11/22 00:55:02 | 000,000,139 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2004/11/21 12:28:35 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\NMH040A.DLL
[2004/11/21 02:42:52 | 000,011,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\CDAC15BA.SYS
[2004/11/20 16:19:05 | 000,000,010 | ---- | C] () -- C:\WINDOWS\System32\wfxhelp21.dll
[2004/11/20 12:10:55 | 000,000,038 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2004/11/20 11:28:56 | 000,038,401 | ---- | C] () -- C:\WINDOWS\System32\RdCi1006.dll
[2004/11/20 11:09:29 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS4w.DLL
[2004/11/20 09:45:36 | 000,018,253 | ---- | C] () -- C:\WINDOWS\System32\ssnvfx.ini
[2004/11/20 09:40:40 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
[2004/11/20 09:36:01 | 000,003,611 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2004/11/20 09:35:59 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2004/11/20 03:10:14 | 000,172,128 | ---- | C] () -- C:\WINDOWS\HOST.INI
[2004/11/20 03:10:14 | 000,006,596 | ---- | C] () -- C:\WINDOWS\Astro.INI
[2004/11/20 03:10:14 | 000,005,737 | ---- | C] () -- C:\WINDOWS\pixcache.ini
[2004/11/20 03:10:14 | 000,002,472 | ---- | C] () -- C:\WINDOWS\INTUPROF.INI
[2004/11/20 03:10:14 | 000,002,297 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/11/20 03:10:14 | 000,001,604 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/11/20 03:10:14 | 000,001,401 | ---- | C] () -- C:\WINDOWS\webpos2.ini
[2004/11/20 03:10:14 | 000,001,205 | ---- | C] () -- C:\WINDOWS\HPFdjc16.ini
[2004/11/20 03:10:14 | 000,000,751 | ---- | C] () -- C:\WINDOWS\Bti.ini
[2004/11/20 03:10:14 | 000,000,641 | ---- | C] () -- C:\WINDOWS\letsdraw.ini
[2004/11/20 03:10:14 | 000,000,546 | ---- | C] () -- C:\WINDOWS\epspmgr4.ini
[2004/11/20 03:10:14 | 000,000,530 | ---- | C] () -- C:\WINDOWS\Audition.ini
[2004/11/20 03:10:14 | 000,000,442 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2004/11/20 03:10:14 | 000,000,316 | ---- | C] () -- C:\WINDOWS\BELT.INI
[2004/11/20 03:10:14 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2004/11/20 03:10:14 | 000,000,217 | ---- | C] () -- C:\WINDOWS\vidwiz.ini
[2004/11/20 03:10:14 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2004/11/20 03:10:14 | 000,000,124 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2004/11/20 03:10:14 | 000,000,108 | ---- | C] () -- C:\WINDOWS\epconfig.ini
[2004/11/20 03:10:14 | 000,000,083 | ---- | C] () -- C:\WINDOWS\IMPORTCLIENT.INI
[2004/11/20 03:10:14 | 000,000,041 | ---- | C] () -- C:\WINDOWS\winampa.ini
[2004/11/20 03:10:13 | 000,042,352 | ---- | C] () -- C:\WINDOWS\CDPLAYER.INI
[2004/11/20 03:10:13 | 000,025,607 | ---- | C] () -- C:\WINDOWS\CSTBOX.INI
[2004/11/20 03:10:13 | 000,022,109 | ---- | C] () -- C:\WINDOWS\cool.ini
[2004/11/20 03:10:13 | 000,012,327 | ---- | C] () -- C:\WINDOWS\IOS.INI
[2004/11/20 03:10:13 | 000,011,568 | ---- | C] () -- C:\WINDOWS\CDEX.INI
[2004/11/20 03:10:13 | 000,010,677 | ---- | C] () -- C:\WINDOWS\coolkb2k.ini
[2004/11/20 03:10:13 | 000,008,893 | ---- | C] () -- C:\WINDOWS\NETDET.INI
[2004/11/20 03:10:13 | 000,006,553 | ---- | C] () -- C:\WINDOWS\COUNTRY.INI
[2004/11/20 03:10:13 | 000,005,617 | R--- | C] () -- C:\WINDOWS\msosetup.ini
[2004/11/20 03:10:13 | 000,005,253 | ---- | C] () -- C:\WINDOWS\GWPRESET.INI
[2004/11/20 03:10:13 | 000,005,068 | ---- | C] () -- C:\WINDOWS\DELETEFI.INI
[2004/11/20 03:10:13 | 000,004,260 | ---- | C] () -- C:\WINDOWS\firstaid.ini
[2004/11/20 03:10:13 | 000,003,598 | ---- | C] () -- C:\WINDOWS\HTMLHELP.INI
[2004/11/20 03:10:13 | 000,003,555 | ---- | C] () -- C:\WINDOWS\GWS.INI
[2004/11/20 03:10:13 | 000,003,148 | ---- | C] () -- C:\WINDOWS\TELEPHON.INI
[2004/11/20 03:10:13 | 000,002,707 | ---- | C] () -- C:\WINDOWS\WPUNIMIX.INI
[2004/11/20 03:10:13 | 000,002,481 | ---- | C] () -- C:\WINDOWS\WINCODE.INI
[2004/11/20 03:10:13 | 000,002,443 | ---- | C] () -- C:\WINDOWS\HPFCSS16.INI
[2004/11/20 03:10:13 | 000,002,292 | ---- | C] () -- C:\WINDOWS\7THLEVEL.INI
[2004/11/20 03:10:13 | 000,002,034 | ---- | C] () -- C:\WINDOWS\DATAFAX.INI
[2004/11/20 03:10:13 | 000,002,001 | ---- | C] () -- C:\WINDOWS\U3DEDIT.INI
[2004/11/20 03:10:13 | 000,001,944 | ---- | C] () -- C:\WINDOWS\FORGE32.INI
[2004/11/20 03:10:13 | 000,001,856 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/20 03:10:13 | 000,001,778 | ---- | C] () -- C:\WINDOWS\gvox.ini
[2004/11/20 03:10:13 | 000,001,770 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2004/11/20 03:10:13 | 000,001,370 | ---- | C] () -- C:\WINDOWS\tefview.ini
[2004/11/20 03:10:13 | 000,001,357 | ---- | C] () -- C:\WINDOWS\PLTWIN02.INI
[2004/11/20 03:10:13 | 000,001,165 | ---- | C] () -- C:\WINDOWS\GL_MMP.INI
[2004/11/20 03:10:13 | 000,001,047 | ---- | C] () -- C:\WINDOWS\pae.ini
[2004/11/20 03:10:13 | 000,001,043 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2004/11/20 03:10:13 | 000,000,940 | ---- | C] () -- C:\WINDOWS\MEDIAPAQ.INI
[2004/11/20 03:10:13 | 000,000,865 | ---- | C] () -- C:\WINDOWS\DOSREP.INI
[2004/11/20 03:10:13 | 000,000,856 | ---- | C] () -- C:\WINDOWS\PRESS BLASTER.INI
[2004/11/20 03:10:13 | 000,000,787 | ---- | C] () -- C:\WINDOWS\SCANREG.INI
[2004/11/20 03:10:13 | 000,000,767 | ---- | C] () -- C:\WINDOWS\efscan.ini
[2004/11/20 03:10:13 | 000,000,764 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2004/11/20 03:10:13 | 000,000,763 | ---- | C] () -- C:\WINDOWS\rtcwgoty.INI
[2004/11/20 03:10:13 | 000,000,739 | ---- | C] () -- C:\WINDOWS\Mpcwin02.ini
[2004/11/20 03:10:13 | 000,000,680 | ---- | C] () -- C:\WINDOWS\Tsc.ini
[2004/11/20 03:10:13 | 000,000,666 | ---- | C] () -- C:\WINDOWS\clikbook.ini
[2004/11/20 03:10:13 | 000,000,634 | ---- | C] () -- C:\WINDOWS\QIII.INI
[2004/11/20 03:10:13 | 000,000,581 | ---- | C] () -- C:\WINDOWS\goldwave.ini
[2004/11/20 03:10:13 | 000,000,549 | ---- | C] () -- C:\WINDOWS\rsagent.ini
[2004/11/20 03:10:13 | 000,000,448 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2004/11/20 03:10:13 | 000,000,445 | ---- | C] () -- C:\WINDOWS\CTDEL.INI
[2004/11/20 03:10:13 | 000,000,436 | ---- | C] () -- C:\WINDOWS\LAPLAYER.INI
[2004/11/20 03:10:13 | 000,000,404 | ---- | C] () -- C:\WINDOWS\TSCKL.INI
[2004/11/20 03:10:13 | 000,000,394 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2004/11/20 03:10:13 | 000,000,382 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2004/11/20 03:10:13 | 000,000,364 | ---- | C] () -- C:\WINDOWS\NETSCAPE.INI
[2004/11/20 03:10:13 | 000,000,337 | ---- | C] () -- C:\WINDOWS\MIDIPLYR.INI
[2004/11/20 03:10:13 | 000,000,336 | ---- | C] () -- C:\WINDOWS\dffont.ini
[2004/11/20 03:10:13 | 000,000,320 | ---- | C] () -- C:\WINDOWS\Fwupload.ini
[2004/11/20 03:10:13 | 000,000,319 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2004/11/20 03:10:13 | 000,000,305 | ---- | C] () -- C:\WINDOWS\Rdin0006.ini
[2004/11/20 03:10:13 | 000,000,300 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/11/20 03:10:13 | 000,000,300 | ---- | C] () -- C:\WINDOWS\JETSUITE.INI
[2004/11/20 03:10:13 | 000,000,296 | ---- | C] () -- C:\WINDOWS\moffice.ini
[2004/11/20 03:10:13 | 000,000,263 | ---- | C] () -- C:\WINDOWS\WAVEPLYR.INI
[2004/11/20 03:10:13 | 000,000,259 | ---- | C] () -- C:\WINDOWS\cbtsys.ini
[2004/11/20 03:10:13 | 000,000,247 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2004/11/20 03:10:13 | 000,000,247 | ---- | C] () -- C:\WINDOWS\MPPAGER.INI
[2004/11/20 03:10:13 | 000,000,243 | ---- | C] () -- C:\WINDOWS\HOMESITE.ini
[2004/11/20 03:10:13 | 000,000,240 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2004/11/20 03:10:13 | 000,000,237 | ---- | C] () -- C:\WINDOWS\swacnfg.ini
[2004/11/20 03:10:13 | 000,000,231 | ---- | C] () -- C:\WINDOWS\Ac3api.ini
[2004/11/20 03:10:13 | 000,000,217 | ---- | C] () -- C:\WINDOWS\oh4win.INI
[2004/11/20 03:10:13 | 000,000,214 | ---- | C] () -- C:\WINDOWS\CJBMF.INI
[2004/11/20 03:10:13 | 000,000,205 | ---- | C] () -- C:\WINDOWS\pcmagcd.ini
[2004/11/20 03:10:13 | 000,000,204 | ---- | C] () -- C:\WINDOWS\rtpatch.ini
[2004/11/20 03:10:13 | 000,000,194 | ---- | C] () -- C:\WINDOWS\appr.ini
[2004/11/20 03:10:13 | 000,000,190 | ---- | C] () -- C:\WINDOWS\ctsyn.ini
[2004/11/20 03:10:13 | 000,000,187 | ---- | C] () -- C:\WINDOWS\PROFILER.INI
[2004/11/20 03:10:13 | 000,000,186 | ---- | C] () -- C:\WINDOWS\HEXpert.ini
[2004/11/20 03:10:13 | 000,000,178 | ---- | C] () -- C:\WINDOWS\TESTOUT.INI
[2004/11/20 03:10:13 | 000,000,171 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2004/11/20 03:10:13 | 000,000,157 | ---- | C] () -- C:\WINDOWS\VSTUDIO.INI
[2004/11/20 03:10:13 | 000,000,156 | ---- | C] () -- C:\WINDOWS\JustAudio.ini
[2004/11/20 03:10:13 | 000,000,153 | ---- | C] () -- C:\WINDOWS\ThumbsCD.ini
[2004/11/20 03:10:13 | 000,000,143 | ---- | C] () -- C:\WINDOWS\SYSMIXER.INI
[2004/11/20 03:10:13 | 000,000,131 | ---- | C] () -- C:\WINDOWS\NETSPEED.INI
[2004/11/20 03:10:13 | 000,000,127 | ---- | C] () -- C:\WINDOWS\MRCLOCK.INI
[2004/11/20 03:10:13 | 000,000,127 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2004/11/20 03:10:13 | 000,000,123 | ---- | C] () -- C:\WINDOWS\SURFSTATS.INI
[2004/11/20 03:10:13 | 000,000,121 | ---- | C] () -- C:\WINDOWS\WILD.INI
[2004/11/20 03:10:13 | 000,000,120 | ---- | C] () -- C:\WINDOWS\WINFILE.INI
[2004/11/20 03:10:13 | 000,000,116 | ---- | C] () -- C:\WINDOWS\MEDIARCK.INI
[2004/11/20 03:10:13 | 000,000,116 | ---- | C] () -- C:\WINDOWS\IELnkbak.ini
[2004/11/20 03:10:13 | 000,000,114 | ---- | C] () -- C:\WINDOWS\CDPLYR.INI
[2004/11/20 03:10:13 | 000,000,110 | ---- | C] () -- C:\WINDOWS\treeprt.ini
[2004/11/20 03:10:13 | 000,000,105 | ---- | C] () -- C:\WINDOWS\mapiuid.ini
[2004/11/20 03:10:13 | 000,000,102 | ---- | C] () -- C:\WINDOWS\UABMAIN.INI
[2004/11/20 03:10:13 | 000,000,095 | ---- | C] () -- C:\WINDOWS\WAVEMAN.INI
[2004/11/20 03:10:13 | 000,000,091 | ---- | C] () -- C:\WINDOWS\ap_bat.ini
[2004/11/20 03:10:13 | 000,000,083 | ---- | C] () -- C:\WINDOWS\photos30.ini
[2004/11/20 03:10:13 | 000,000,081 | ---- | C] () -- C:\WINDOWS\JAUDIO.INI
[2004/11/20 03:10:13 | 000,000,076 | ---- | C] () -- C:\WINDOWS\MC.INI
[2004/11/20 03:10:13 | 000,000,071 | ---- | C] () -- C:\WINDOWS\BBW_INFO.INI
[2004/11/20 03:10:13 | 000,000,070 | ---- | C] () -- C:\WINDOWS\efaxview.ini
[2004/11/20 03:10:13 | 000,000,070 | ---- | C] () -- C:\WINDOWS\asym.ini
[2004/11/20 03:10:13 | 000,000,068 | ---- | C] () -- C:\WINDOWS\MYNAPSTER.INI
[2004/11/20 03:10:13 | 000,000,068 | ---- | C] () -- C:\WINDOWS\FPXPRESS.INI
[2004/11/20 03:10:13 | 000,000,066 | ---- | C] () -- C:\WINDOWS\ds2000.ini
[2004/11/20 03:10:13 | 000,000,064 | ---- | C] () -- C:\WINDOWS\SETSCAN.INI
[2004/11/20 03:10:13 | 000,000,064 | ---- | C] () -- C:\WINDOWS\Patch.ini
[2004/11/20 03:10:13 | 000,000,063 | ---- | C] () -- C:\WINDOWS\CTDELLAU.INI
[2004/11/20 03:10:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\URLPROXY.INI
[2004/11/20 03:10:13 | 000,000,060 | ---- | C] () -- C:\WINDOWS\ZDDBVIEW.INI
[2004/11/20 03:10:13 | 000,000,060 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2004/11/20 03:10:13 | 000,000,058 | ---- | C] () -- C:\WINDOWS\WDIRECT.INI
[2004/11/20 03:10:13 | 000,000,058 | ---- | C] () -- C:\WINDOWS\JUSTAUDIO_BASE.INI
[2004/11/20 03:10:13 | 000,000,057 | ---- | C] () -- C:\WINDOWS\m2khd.ini
[2004/11/20 03:10:13 | 000,000,054 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2004/11/20 03:10:13 | 000,000,054 | ---- | C] () -- C:\WINDOWS\TCWIN.INI
[2004/11/20 03:10:13 | 000,000,054 | ---- | C] () -- C:\WINDOWS\setihome.ini
[2004/11/20 03:10:13 | 000,000,053 | ---- | C] () -- C:\WINDOWS\BYCLEAN.INI
[2004/11/20 03:10:13 | 000,000,051 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2004/11/20 03:10:13 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EXCHNG32.INI
[2004/11/20 03:10:13 | 000,000,041 | ---- | C] () -- C:\WINDOWS\FILERECOVER.INI
[2004/11/20 03:10:13 | 000,000,039 | ---- | C] () -- C:\WINDOWS\VIDEOWAVE.INI
[2004/11/20 03:10:13 | 000,000,038 | ---- | C] () -- C:\WINDOWS\magix.ini
[2004/11/20 03:10:13 | 000,000,038 | ---- | C] () -- C:\WINDOWS\dswplug.ini
[2004/11/20 03:10:13 | 000,000,037 | ---- | C] () -- C:\WINDOWS\PROSYS.INI
[2004/11/20 03:10:13 | 000,000,037 | ---- | C] () -- C:\WINDOWS\JRMXDLL.INI
[2004/11/20 03:10:13 | 000,000,037 | ---- | C] () -- C:\WINDOWS\FZDUMP.INI
[2004/11/20 03:10:13 | 000,000,037 | ---- | C] () -- C:\WINDOWS\coolmp3.ini
[2004/11/20 03:10:13 | 000,000,036 | ---- | C] () -- C:\WINDOWS\CYBERD.INI
[2004/11/20 03:10:13 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2004/11/20 03:10:13 | 000,000,032 | ---- | C] () -- C:\WINDOWS\aebpr.ini
[2004/11/20 03:10:13 | 000,000,028 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/11/20 03:10:13 | 000,000,028 | ---- | C] () -- C:\WINDOWS\LAVAPLAY.INI
[2004/11/20 03:10:13 | 000,000,027 | ---- | C] () -- C:\WINDOWS\ACROGRAF.INI
[2004/11/20 03:10:13 | 000,000,026 | ---- | C] () -- C:\WINDOWS\NDW.INI
[2004/11/20 03:10:13 | 000,000,026 | ---- | C] () -- C:\WINDOWS\cleantray.ini
[2004/11/20 03:10:13 | 000,000,024 | ---- | C] () -- C:\WINDOWS\TB60.INI
[2004/11/20 03:10:13 | 000,000,024 | ---- | C] () -- C:\WINDOWS\SOL.INI
[2004/11/20 03:10:13 | 000,000,024 | ---- | C] () -- C:\WINDOWS\ms_shell.ini
[2004/11/20 03:10:13 | 000,000,024 | ---- | C] () -- C:\WINDOWS\@loha.ini
[2004/11/20 03:10:13 | 000,000,022 | ---- | C] () -- C:\WINDOWS\SHAREMEM.INI
[2004/11/20 03:10:13 | 000,000,020 | ---- | C] () -- C:\WINDOWS\MP3com103best.ini
[2004/11/20 03:10:13 | 000,000,015 | ---- | C] () -- C:\WINDOWS\MTB40.INI
[2004/11/20 03:10:13 | 000,000,011 | ---- | C] () -- C:\WINDOWS\Msdevctl.ini
[2004/11/04 16:08:33 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[2004/09/24 10:00:36 | 000,039,208 | ---- | C] () -- C:\WINDOWS\System32\drivers\vgauti.sys
[2004/09/24 09:58:38 | 000,039,208 | ---- | C] () -- C:\WINDOWS\System32\drivers\msicpl.sys
[2004/09/24 01:38:41 | 000,189,952 | ---- | C] () -- C:\WINDOWS\QCARD32.DLL
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/11 19:36:40 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\sysinfoX64.sys
[2004/07/20 20:15:15 | 000,022,464 | ---- | C] () -- C:\WINDOWS\System32\USB2SER.SYS
[2004/07/12 17:07:21 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/05/05 23:32:52 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2004/05/05 23:32:52 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2004/03/08 19:15:44 | 000,000,002 | ---- | C] () -- C:\WINDOWS\r105t1.dll
[2004/02/18 18:32:39 | 000,905,290 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2004/02/10 19:15:36 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2004/01/27 07:13:02 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib_dec.dll
[2003/10/02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2003/07/10 19:54:47 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\ldf252.dll
[2003/05/25 14:57:06 | 000,000,016 | ---- | C] () -- C:\WINDOWS\MOUSEDRW.DLL
[2003/05/22 09:06:21 | 000,071,749 | ---- | C] () -- C:\WINDOWS\HCExtOutput.dll
[2003/05/14 07:37:10 | 000,009,472 | ---- | C] () -- C:\WINDOWS\unsqz.dll
[2003/05/14 07:37:07 | 000,205,312 | R--- | C] () -- C:\WINDOWS\patchw32.A534.dll
[2003/05/14 07:37:07 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2003/05/14 07:37:07 | 000,000,117 | ---- | C] () -- C:\WINDOWS\smp32.dll
[2003/05/14 07:37:05 | 000,081,920 | ---- | C] () -- C:\WINDOWS\asr32311.dll
[2003/05/14 07:37:05 | 000,001,846 | ---- | C] () -- C:\WINDOWS\br.dll
[2003/05/14 07:37:04 | 000,000,380 | ---- | C] () -- C:\WINDOWS\WINRDP10.SYS
[2003/05/14 07:36:52 | 000,001,077 | ---- | C] () -- C:\WINDOWS\Mgxclean.sys
[2003/05/14 07:36:51 | 000,025,600 | ---- | C] () -- C:\WINDOWS\MEMBOOT.DLL
[2003/05/14 07:36:50 | 000,187,392 | ---- | C] () -- C:\WINDOWS\LTANN62N.DLL
[2003/05/14 07:36:50 | 000,175,616 | ---- | C] () -- C:\WINDOWS\LFFAX62N.DLL
[2003/05/14 07:36:50 | 000,158,720 | ---- | C] () -- C:\WINDOWS\LFCMP62N.DLL
[2003/05/14 07:36:50 | 000,110,080 | ---- | C] () -- C:\WINDOWS\LFPNG62N.DLL
[2003/05/14 07:36:50 | 000,076,288 | ---- | C] () -- C:\WINDOWS\LTIMG62N.DLL
[2003/05/14 07:36:50 | 000,047,616 | ---- | C] () -- C:\WINDOWS\LFTIF62N.DLL
[2003/05/14 07:36:50 | 000,043,008 | ---- | C] () -- C:\WINDOWS\LTFIL62N.DLL
[2003/05/14 07:36:50 | 000,029,184 | ---- | C] () -- C:\WINDOWS\LTWND62N.DLL
[2003/05/14 07:36:50 | 000,027,136 | ---- | C] () -- C:\WINDOWS\LFLMA62N.DLL
[2003/05/14 07:36:50 | 000,024,576 | ---- | C] () -- C:\WINDOWS\LFICA62N.DLL
[2003/05/14 07:36:50 | 000,024,064 | ---- | C] () -- C:\WINDOWS\LTTWN62N.DLL
[2003/05/14 07:36:50 | 000,023,552 | ---- | C] () -- C:\WINDOWS\LFPCX62N.DLL
[2003/05/14 07:36:50 | 000,023,552 | ---- | C] () -- C:\WINDOWS\LFLMB62N.DLL
[2003/05/14 07:36:50 | 000,022,528 | ---- | C] () -- C:\WINDOWS\LFEPS62N.DLL
[2003/05/14 07:36:50 | 000,022,016 | ---- | C] () -- C:\WINDOWS\LFPCT62N.DLL
[2003/05/14 07:36:50 | 000,022,016 | ---- | C] () -- C:\WINDOWS\LFGIF62N.DLL
[2003/05/14 07:36:50 | 000,022,016 | ---- | C] () -- C:\WINDOWS\LFBMP62N.DLL
[2003/05/14 07:36:50 | 000,020,480 | ---- | C] () -- C:\WINDOWS\LFPSD62N.DLL
[2003/05/14 07:36:50 | 000,019,968 | ---- | C] () -- C:\WINDOWS\LFWMF62N.DLL
[2003/05/14 07:36:50 | 000,019,968 | ---- | C] () -- C:\WINDOWS\LFTGA62N.DLL
[2003/05/14 07:36:50 | 000,019,456 | ---- | C] () -- C:\WINDOWS\LFWPG62N.DLL
[2003/05/14 07:36:50 | 000,018,944 | ---- | C] () -- C:\WINDOWS\LFIMG62N.DLL
[2003/05/14 07:36:50 | 000,018,432 | ---- | C] () -- C:\WINDOWS\LFRAS62N.DLL
[2003/05/14 07:36:50 | 000,018,432 | ---- | C] () -- C:\WINDOWS\LFMSP62N.DLL
[2003/05/14 07:36:50 | 000,017,920 | ---- | C] () -- C:\WINDOWS\LFMAC62N.DLL
[2003/05/14 07:36:50 | 000,017,920 | ---- | C] () -- C:\WINDOWS\LFCAL62N.DLL
[2003/05/14 07:36:50 | 000,017,408 | ---- | C] () -- C:\WINDOWS\LFWFX62N.DLL
[2003/05/14 07:36:49 | 000,058,368 | ---- | C] () -- C:\WINDOWS\ICQMAPI.DLL
[2003/05/14 07:36:49 | 000,035,328 | ---- | C] () -- C:\WINDOWS\INETWH32.DLL
[2003/05/14 07:36:49 | 000,009,136 | ---- | C] () -- C:\WINDOWS\INETWH16.DLL
[2003/05/14 07:36:44 | 000,202,752 | ---- | C] () -- C:\WINDOWS\CDAC14BA.DLL
[2003/05/14 07:36:43 | 000,038,400 | ---- | C] () -- C:\WINDOWS\ARSENAL.DLL
[2003/03/25 05:49:02 | 000,152,064 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2003/03/25 05:49:02 | 000,066,560 | ---- | C] () -- C:\WINDOWS\System32\atiyuv12.dll
[2003/03/07 02:05:46 | 000,115,712 | ---- | C] () -- C:\WINDOWS\System32\Crush32.dll
[2002/12/19 21:15:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\SAWZip.dll
[2002/08/28 11:42:10 | 000,016,973 | ---- | C] () -- C:\WINDOWS\System32\ZWebAuth.dll
[2002/08/14 13:39:05 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\Oxfwapi.dll
[2002/07/28 01:03:15 | 000,308,928 | ---- | C] () -- C:\WINDOWS\System32\ivflt08.dll
[2002/07/28 01:03:10 | 000,211,456 | ---- | C] () -- C:\WINDOWS\System32\ivbas08.dll
[2002/06/18 22:35:00 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2002/05/20 18:34:58 | 000,041,047 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2002/05/20 16:29:56 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\PTISTP.DLL
[2002/05/18 14:08:12 | 000,107,008 | ---- | C] () -- C:\WINDOWS\System32\FXTLS432.DLL
[2002/05/11 11:26:39 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\LTFIL61N.DLL
[2002/05/11 11:26:39 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\LFGIF61N.DLL
[2002/05/11 11:26:39 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\LFTGA61N.DLL
[2002/05/11 11:26:38 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\LFFAX61N.DLL
[2002/05/11 11:26:38 | 000,158,720 | ---- | C] () -- C:\WINDOWS\System32\LFCMP61N.DLL
[2002/05/11 11:26:38 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\LFPNG61N.DLL
[2002/05/11 11:26:38 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\LFTIF61N.DLL
[2002/05/11 11:26:38 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\LFPCX61N.DLL
[2002/05/11 11:26:38 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\LFPCD61N.DLL
[2002/05/07 16:26:28 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\xfxdll.dll
[2002/05/07 16:24:57 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\WAVhsp32.dll
[2002/05/07 16:24:57 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\Wavlbsys.dll
[2002/05/07 16:24:39 | 000,115,712 | ---- | C] () -- C:\WINDOWS\System32\vboxp403.dll.bak
[2002/05/07 16:24:05 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2002/05/07 16:24:03 | 000,377,856 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[2002/05/07 16:23:58 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\tsd2.dll
[2002/05/07 16:23:57 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\treeprt.dll
[2002/05/07 16:22:58 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\SETUPLIB.DLL
[2002/05/07 16:22:20 | 000,061,952 | ---- | C] () -- C:\WINDOWS\System32\rmmerge2.DLL
[2002/05/07 16:22:20 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\rmevents.DLL
[2002/05/07 16:22:18 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\regxplor.dll
[2002/05/07 16:21:57 | 000,471,040 | ---- | C] () -- C:\WINDOWS\System32\QTExporter.dll
[2002/05/07 16:21:52 | 000,280,576 | ---- | C] () -- C:\WINDOWS\System32\pxd_kom.dll
[2002/05/07 16:21:16 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\PIXTHK32.DLL
[2002/05/07 16:20:59 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[2002/05/07 16:20:50 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\Nmocod.dll
[2002/05/07 16:13:14 | 001,513,984 | ---- | C] () -- C:\WINDOWS\System32\MgxRdr80.dll
[2002/05/07 16:12:48 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\LPNG.DLL
[2002/05/07 16:12:48 | 000,204,288 | ---- | C] () -- C:\WINDOWS\System32\LSXConfig.dll
[2002/05/07 16:11:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2002/05/07 16:11:35 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2002/05/07 16:11:14 | 000,056,832 | R--- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2002/05/07 16:10:13 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\ifl_gif.dll
[2002/05/07 16:09:18 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\ide32.dll
[2002/05/07 16:09:15 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\Hyperman.dll
[2002/05/07 16:09:12 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\Gt4vqt.DLL
[2002/05/07 16:09:03 | 000,311,296 | ---- | C] () -- C:\WINDOWS\System32\fxstudio.dll
[2002/05/07 16:09:01 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\freeisys.dll
[2002/05/07 16:08:52 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\eabtstrp.dll
[2002/05/07 16:08:43 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\drumpad.dll
[2002/05/07 16:07:31 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\D2Icons.Dll
[2002/05/07 15:59:59 | 000,292,352 | ---- | C] () -- C:\WINDOWS\System32\cfproject.dll
[2002/05/07 15:59:59 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\cfmsg.dll
[2002/05/07 15:59:44 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\CFFPTree.dll
[2002/05/07 15:57:52 | 000,075,976 | ---- | C] () -- C:\WINDOWS\System32\BASSDEC.dll
[2002/05/07 15:51:44 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\animation.dll
[2002/05/07 15:47:40 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[2002/04/16 04:41:40 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\memtest.dll
[2002/04/11 20:53:44 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2002/04/11 10:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
[2002/03/25 10:03:26 | 001,865,572 | ---- | C] () -- C:\WINDOWS\System32\ewctl32.dll
[2002/01/06 05:08:16 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2001/09/17 12:20:02 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1999/01/22 13:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/10/11 01:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1998/09/05 05:43:14 | 000,115,712 | ---- | C] () -- C:\WINDOWS\System32\vboxp403.dll
[1995/10/16 19:55:44 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
[1980/01/01 00:00:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\MEMBG.DLL
[1980/01/01 00:00:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ICMFILTER.DLL
[1980/01/01 00:00:00 | 000,000,025 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

========== LOP Check ==========

[2008/05/26 22:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
[2009/02/04 20:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/05/25 11:38:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/03/16 19:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2006/07/21 00:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2009/05/18 19:28:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2009/06/04 22:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2010/01/17 14:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2010/01/17 14:02:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2008/09/04 19:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Future Systems Solutions
[2009/07/23 07:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2008/02/02 14:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2008/07/04 16:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/05/24 18:45:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Line 6
[2008/06/07 14:52:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2007/10/27 12:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2004/11/20 03:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGI
[2008/09/14 11:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2007/06/23 01:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
[2006/07/20 23:17:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2004/12/18 22:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PowerQuest
[2006/07/26 07:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G4
[2004/11/20 03:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2005/11/06 18:52:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/03/28 22:32:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2009/08/24 21:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tages
[2007/02/07 23:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/06/14 21:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tenebril
[2009/06/11 18:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/08/05 20:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/07/23 07:54:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/11/18 21:52:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{04573380-C04E-4C13-A8A2-EC012D38220A}
[2009/10/23 02:42:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{4982B6A5-FCD5-4198-BF09-66D2F6A7D312}
[2009/09/09 22:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2004/12/31 13:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\1-Step RoboPDF
[2009/08/10 18:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\A4DeskPro
[2008/05/26 22:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Ableton
[2007/01/30 12:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\acccore
[2004/11/20 03:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\ACD Systems
[2009/12/16 19:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Acronis
[2004/11/20 03:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Aim
[2010/03/14 15:26:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Amazon
[2009/02/13 18:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\AutoSync for Yahoo
[2008/10/07 22:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Blender Foundation
[2009/05/18 20:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Cakewalk
[2010/01/03 20:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Canon
[2004/12/10 02:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\ContentGuard
[2005/05/12 03:20:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Downloaded Installations
[2007/03/30 08:18:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\eBookPro6
[2004/12/31 13:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\eHelp
[2005/10/20 01:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Ethereal
[2008/09/04 19:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Future Systems Solutions
[2009/12/07 13:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Gearbox Software
[2007/03/20 09:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\GetRightToGo
[2009/02/17 12:34:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\IBP
[2008/06/29 16:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\iLike
[2009/10/30 20:37:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\ImgBurn
[2007/06/22 22:26:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\InterVideo
[2008/02/02 14:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\iolo
[2004/12/18 22:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\IsolatedStorage
[2005/05/12 03:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Kinko's
[2004/11/20 03:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Leadertech
[2010/05/24 18:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Line 6
[2009/05/06 09:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\LogMeIn Rescue
[2009/12/21 17:46:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Mael
[2004/11/20 03:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\MailWasher
[2010/05/25 10:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\MailWasherPro
[2007/09/03 19:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Mobipocket
[2009/07/22 22:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\MPEG Streamclip
[2004/11/23 16:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\MusicLab
[2004/11/20 03:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\NetMedia Providers
[2005/10/01 20:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Netscape
[2004/12/22 03:58:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Nokia
[2005/11/21 13:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Opera
[2008/10/13 22:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\OverDrive
[2010/03/23 23:19:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\PACE Anti-Piracy
[2004/11/20 03:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Palo Alto Software Inc
[2007/06/28 20:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\PaRaMeter
[2006/07/21 01:29:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\PC Suite
[2006/07/20 23:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\PC Suite(2)
[2004/11/20 03:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\PCForrest
[2004/11/20 03:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Publish Providers
[2009/05/05 16:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Radmin
[2009/12/26 16:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\RIM Palm&PPC Upgrade Wizard
[2006/07/26 07:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\River Past G4
[2006/07/26 07:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\RiverPast G4
[2008/08/28 21:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Sammsoft
[2004/11/20 03:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\ScanSoft
[2004/11/20 03:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\SmartDraw
[2004/11/22 12:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Sony
[2010/03/28 22:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Spyware Terminator
[2009/10/23 02:43:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Stamps.com Internet Postage
[2004/11/20 03:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Steinberg
[2009/01/30 20:35:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\SystemRequirementsLab
[2006/06/14 21:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Tenebril
[2009/06/11 18:19:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\TomTom
[2009/08/05 20:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Ulead Systems
[2006/12/22 17:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Uniblue
[2009/02/02 00:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Viewpoint
[2007/03/22 14:58:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\webex
[2004/11/20 03:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\WildPackets
[2008/03/26 00:20:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\WinBatch
[2009/04/14 18:55:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Windows Desktop Search
[2009/05/31 12:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Windows Search
[2010/03/09 00:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Wireshark
[2010/02/03 18:37:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\YouSendIt
[2009/05/26 13:32:19 | 000,000,518 | ---- | M] () -- C:\WINDOWS\Tasks\Casper Scheduled Copy of C © to BOOT (Q).job
[2009/05/26 13:32:20 | 000,000,518 | ---- | M] () -- C:\WINDOWS\Tasks\Casper Scheduled Copy of C © to NEW VOLUME ®.job
[2009/05/26 13:32:21 | 000,000,720 | ---- | M] () -- C:\WINDOWS\Tasks\Casper Scheduled Copy of Disk 1 to Disk 4.job
[2010/05/25 12:01:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[1991/09/06 15:54:46 | 000,009,708 | ---- | M] () -- C:\MQSETUP.EXE

< %systemroot%\*. /mp /s >

< %ALLUSERSPROFILE%\Application Data\*. >
[2008/05/26 22:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
[2009/02/04 20:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/05/25 11:38:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/01/17 14:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/08/10 22:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe Systems
[2004/12/05 16:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2008/09/12 19:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ALM
[2010/03/16 19:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/02/04 20:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2010/03/21 13:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL Downloads
[2007/01/30 12:53:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL OCP
[2009/09/09 21:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/08/05 20:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/07/12 18:22:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATI
[2008/09/28 23:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2006/07/21 00:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2009/05/18 19:28:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2009/06/04 22:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2008/11/27 11:27:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\comodo
[2007/01/23 14:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2010/01/17 14:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2010/01/17 14:02:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2008/09/12 07:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2008/09/04 19:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Future Systems Solutions
[2009/11/08 19:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2008/06/28 16:48:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2007/05/21 10:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Identities
[2005/05/12 03:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2009/07/23 07:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2009/06/19 23:12:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2008/02/02 14:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2008/10/05 13:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/07/04 16:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/05/24 18:45:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Line 6
[2008/06/23 09:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logishrd
[2008/05/21 14:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2008/06/07 14:52:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2005/11/01 10:40:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2007/10/27 12:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2010/05/24 19:59:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2004/11/20 03:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGI
[2009/06/15 12:02:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2007/03/20 09:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
[2010/05/23 12:54:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2005/10/06 00:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MixMeister Technology
[2007/06/22 23:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2008/09/14 11:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2007/06/23 01:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
[2006/07/20 23:17:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2004/12/18 22:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PowerQuest
[2005/03/10 11:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2009/08/05 20:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2006/07/26 07:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G4
[2010/05/23 11:47:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Roxio
[2004/11/20 03:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2005/11/06 18:52:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2008/06/03 12:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2009/12/26 15:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2009/08/05 20:53:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/03/28 22:32:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2009/04/15 22:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sunbelt
[2004/11/20 03:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/08/24 21:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tages
[2007/02/07 23:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/06/14 21:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tenebril
[2009/06/11 18:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/08/05 20:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/07/23 07:54:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/09/04 21:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/05/23 16:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2009/11/18 21:52:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{04573380-C04E-4C13-A8A2-EC012D38220A}
[2009/10/23 02:42:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{4982B6A5-FCD5-4198-BF09-66D2F6A7D312}
[2009/09/09 22:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009/10/21 19:07:35 | 005,121,264 | ---- | M] (Stamps.com, Inc. ) -- C:\Documents and Settings\All Users\Application Data\{4982B6A5-FCD5-4198-BF09-66D2F6A7D312}\stamps.exe
[2009/02/04 13:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\DifXInstall32.exe
[2009/05/19 01:35:46 | 002,402,104 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\AIMinst.exe
[2009/05/19 01:35:48 | 000,550,024 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\AIMLang.exe
[2009/05/19 01:36:04 | 000,142,040 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\alsetup.exe
[2009/05/19 01:35:52 | 000,037,888 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\amoinst.exe
[2009/05/19 01:35:52 | 000,069,104 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\amos.exe
[2009/05/19 01:35:58 | 000,120,368 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\aoldlmgr.exe
[2009/05/19 01:36:04 | 000,097,072 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\bsetutil.exe
[2009/05/19 01:35:52 | 000,231,216 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\migrator.exe
[2009/05/19 01:35:52 | 001,225,352 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\msvc9rt.exe
[2009/05/19 01:35:54 | 004,480,040 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\ocpinst.exe
[2009/05/19 01:35:44 | 000,036,704 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\postproc.exe
[2009/05/19 01:35:42 | 000,172,840 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\setup.exe
[2009/05/19 01:35:56 | 000,383,128 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\tbsetup.exe
[2009/05/19 01:36:04 | 001,484,856 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\toolbar.exe
[2009/05/19 01:35:56 | 000,376,568 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\unagi3.exe
[2009/05/19 01:36:02 | 000,030,512 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\Uninstaller.exe
[2009/05/19 01:36:04 | 002,884,832 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4426\vwpt.exe
[2009/12/15 07:14:36 | 000,095,568 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4482\RunOnce.exe
[2009/12/15 07:33:18 | 000,120,144 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4482\SBFix.exe
[2009/12/16 08:07:34 | 000,136,528 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4482\Vercopy.exe
[2007/04/18 21:57:24 | 001,272,592 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\AIMinst.exe
[2007/04/18 22:01:12 | 000,481,360 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\AIMLang.exe
[2007/04/18 21:59:02 | 000,141,944 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\alsetup.exe
[2007/04/18 21:59:16 | 000,120,368 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\aoldlmgr.exe
[2007/04/18 22:00:14 | 000,228,912 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\migrator.exe
[2007/04/18 22:00:08 | 005,312,840 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\ocpinst.exe
[2007/04/18 21:58:58 | 000,035,888 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\postproc.exe
[2007/04/18 21:57:56 | 000,169,520 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\setup.exe
[2007/04/18 22:00:44 | 000,357,776 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\tbsetup.exe
[2007/04/18 22:00:56 | 000,376,568 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\unagi3.exe
[2007/04/18 22:00:34 | 003,858,056 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\Vwpt.exe
[2007/01/30 12:24:32 | 001,178,096 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3\AIMinst.exe
[2007/01/30 12:25:02 | 000,560,784 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3\AIMLang.exe
[2007/01/30 12:24:38 | 000,141,944 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3\alsetup.exe
[2007/01/30 12:25:08 | 000,631,624 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3\ampx.exe
[2007/01/30 12:24:36 | 000,164,912 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3\inst.exe
[2007/01/30 12:25:06 | 000,055,200 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3\instopts.exe
[2007/01/30 12:24:22 | 000,228,912 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3\migrator.exe
[2007/01/30 12:24:40 | 000,579,248 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3\muinst.exe
[2007/01/30 12:24:56 | 005,358,864 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3\ocpinst.exe
[2007/01/30 12:25:06 | 000,035,888 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3\postproc.exe
[2007/01/30 12:25:00 | 000,312,880 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3\setup.exe
[2007/01/30 12:24:58 | 000,357,776 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3\tbsetup.exe
[2007/01/30 12:24:34 | 001,082,064 | ---- | M] (AOL) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3\toolbar.exe
[2007/01/30 12:25:04 | 000,409,640 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3\vwpt.exe
[2009/12/15 13:38:18 | 000,004,096 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL\F_America Online 9.0\DialReg.exe
[2005/03/24 12:36:18 | 000,007,680 | ---- | M] (America Online, Inc) -- C:\Documents and Settings\All Users\Application Data\AOL\F_America Online 9.0\OptClean.exe
[2005/12/02 18:12:46 | 000,009,216 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL\F_America Online 9.0\OptScan.exe
[2005/03/10 17:48:16 | 000,167,999 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL\F_America Online 9.0\aolEULanPack\cswitch.exe
[2005/03/10 17:48:16 | 003,298,040 | ---- | M] (America Online Inc) -- C:\Documents and Settings\All Users\Application Data\AOL\F_America Online 9.0\aolEULanPack\langpack.exe
[2009/12/15 13:38:35 | 000,011,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL\F_America Online 9.0\AOLTEMP\ygprm.exe
[2009/06/05 13:57:34 | 000,075,048 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
[2006/09/01 17:32:20 | 000,081,920 | ---- | M] (Apple Computer, Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.1.3.100\QuickTimeInstallerAdmin.exe
[2010/05/24 20:01:28 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
[2009/04/22 23:26:18 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe

< %APPDATA%\*. >
[2004/12/31 13:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\1-Step RoboPDF
[2009/08/10 18:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\A4DeskPro
[2008/05/26 22:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Ableton
[2007/01/30 12:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\acccore
[2004/11/20 03:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\ACD Systems
[2009/12/16 19:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Acronis
[2010/03/17 16:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Adobe
[2004/11/22 14:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\AdobeUM
[2004/12/05 16:59:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Ahead
[2004/11/20 03:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Aim
[2010/03/14 15:26:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Amazon
[2005/03/10 11:47:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\AOL
[2009/08/05 20:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Apple Computer
[2007/05/30 18:38:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Arcsoft
[2009/05/24 09:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\ATI
[2009/02/13 18:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\AutoSync for Yahoo
[2009/06/16 22:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\AVS4YOU
[2008/10/07 22:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Blender Foundation
[2009/05/18 20:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Cakewalk
[2010/01/03 20:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Canon
[2004/12/10 02:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\ContentGuard
[2006/12/22 19:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\DivX
[2005/05/12 03:20:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Downloaded Installations
[2009/12/03 01:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\dvdcss
[2007/03/30 08:18:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\eBookPro6
[2004/12/31 13:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\eHelp
[2005/10/20 01:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Ethereal
[2008/09/04 19:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Future Systems Solutions
[2009/12/07 13:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Gearbox Software
[2007/03/20 09:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\GetRightToGo
[2009/11/08 19:13:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Google
[2004/11/20 12:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Help
[2009/02/17 12:34:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\IBP
[2004/11/20 03:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Identities
[2009/08/24 17:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\IGN_DLM
[2008/06/29 16:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\iLike
[2009/10/30 20:37:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\ImgBurn
[2007/03/02 00:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\InstallShield
[2007/06/22 22:26:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\InterVideo
[2009/06/19 23:13:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Intuit
[2008/02/02 14:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\iolo
[2004/12/18 22:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\IsolatedStorage
[2005/05/12 03:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Kinko's
[2004/12/17 18:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Lavasoft
[2004/11/20 03:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Leadertech
[2010/05/24 18:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Line 6
[2009/05/06 09:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\LogMeIn Rescue
[2008/12/11 19:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Macromedia
[2009/12/21 17:46:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Mael
[2004/11/20 03:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\MailWasher
[2010/05/25 10:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\MailWasherPro
[2010/05/24 20:00:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Malwarebytes
[2007/01/23 13:33:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Media Player Classic
[2010/03/23 18:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Microsoft
[2004/11/20 03:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Microsoft Web Folders
[2004/11/20 03:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\MixMeister Technology
[2007/09/03 19:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Mobipocket
[2004/11/20 03:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Mozilla
[2009/07/22 22:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\MPEG Streamclip
[2004/11/23 16:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\MusicLab
[2006/11/23 09:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\MySpace
[2004/11/20 03:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\NetMedia Providers
[2005/10/01 20:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Netscape
[2004/12/22 03:58:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Nokia
[2010/01/14 01:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\OpenOffice.org2
[2005/11/21 13:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Opera
[2008/10/13 22:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\OverDrive
[2010/03/23 23:19:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\PACE Anti-Piracy
[2004/11/20 03:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Palo Alto Software Inc
[2007/06/28 20:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\PaRaMeter
[2006/07/21 01:29:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\PC Suite
[2006/07/20 23:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\PC Suite(2)
[2004/11/20 03:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\PCForrest
[2004/11/20 03:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Publish Providers
[2009/05/05 16:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Radmin
[2004/11/20 03:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Real
[2009/12/26 16:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\RIM Palm&PPC Upgrade Wizard
[2006/07/26 07:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\River Past G4
[2006/07/26 07:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\RiverPast G4
[2009/12/26 16:36:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Roxio
[2008/08/28 21:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Sammsoft
[2004/11/20 03:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\ScanSoft
[2009/06/18 22:37:38 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\SecuROM
[2004/11/20 03:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Share-to-Web Upload Folder
[2008/06/03 12:36:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Skype
[2008/06/03 12:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\skypePM
[2004/11/20 03:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\SmartDraw
[2006/12/22 19:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Sonic
[2004/11/20 03:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Sonic Foundry
[2008/02/13 15:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\SonicWALL
[2004/11/22 12:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Sony
[2008/10/05 14:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Spybot - Search & Destroy
[2010/03/28 22:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Spyware Terminator
[2009/10/23 02:43:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Stamps.com Internet Postage
[2004/11/20 03:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Steinberg
[2007/10/08 19:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Sun
[2009/04/15 22:03:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Sunbelt
[2005/10/24 02:07:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Symantec
[2010/02/04 02:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Syntrillium
[2009/01/30 20:35:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\SystemRequirementsLab
[2006/06/14 21:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Tenebril
[2009/06/11 18:19:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\TomTom
[2005/09/17 08:33:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Trend Micro
[2009/08/05 20:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Ulead Systems
[2006/12/22 17:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Uniblue
[2009/02/02 00:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Viewpoint
[2007/03/22 14:58:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\webex
[2004/11/20 03:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\WildPackets
[2008/09/14 11:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Winamp
[2008/03/26 00:20:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\WinBatch
[2009/04/14 18:55:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Windows Desktop Search
[2009/05/31 12:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Windows Search
[2010/03/09 00:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\Wireshark
[2005/03/10 11:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\You've Got Pictures Screensaver
[2010/02/03 18:37:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Alexander\Application Data\YouSendIt

< %APPDATA%\*.exe /s >
[2007/01/10 19:43:54 | 000,015,872 | R--- | M] () -- C:\Documents and Settings\Russell Alexander\Application Data\Microsoft\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C9.exe
[2010/02/17 23:26:37 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Russell Alexander\Application Data\Microsoft\Installer\{2D314071-26CD-47EA-A01E-82FADDE951C5}\ARPPRODUCTICON.exe
[2010/02/17 23:26:37 | 000,049,152 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Russell Alexander\Application Data\Microsoft\Installer\{2D314071-26CD-47EA-A01E-82FADDE951C5}\LiquidInstrument.exe_2D31407126CD47EAA01E82FADDE951C5.exe
[2005/03/14 13:59:56 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Russell Alexander\Application Data\Microsoft\Installer\{36495C59-089C-49D1-BD15-9E5BD86DC9A1}\ARPPRODUCTICON.exe
[2005/03/14 13:59:56 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Russell Alexander\Application Data\Microsoft\Installer\{36495C59-089C-49D1-BD15-9E5BD86DC9A1}\NewShortcut11_36495C59089C49D1BD159E5BD86DC9A1.exe
[2005/03/14 13:59:56 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Russell Alexander\Application Data\Microsoft\Installer\{36495C59-089C-49D1-BD15-9E5BD86DC9A1}\NewShortcut1_36495C59089C49D1BD159E5BD86DC9A1.exe
[2010/02/17 13:45:09 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Russell Alexander\Application Data\Microsoft\Installer\{36F0FA39-2875-4EFD-977C-C405A5E4A403}\ARPPRODUCTICON.exe
[2006/04/13 19:43:48 | 000,012,288 | R--- | M] () -- C:\Documents and Settings\Russell Alexander\Application Data\Microsoft\Installer\{3CEA3FEC-1AF5-4818-89D5-406F627E7337}\IconF5FF112D.exe
[2010/03/04 00:10:18 | 000,002,238 | R--- | M] () -- C:\Documents and Settings\Russell Alexander\Application Data\Microsoft\Installer\{8B46024A-8C90-4725-AE47-6444109CF5A9}\ARPPRODUCTICON.exe
[2010/03/04 00:10:18 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Russell Alexander\Application Data\Microsoft\Installer\{8B46024A-8C90-4725-AE47-6444109CF5A9}\NewShortcut11_8B46024A8C904725AE476444109CF5A9.exe
[2010/03/04 00:10:18 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Russell Alexander\Application Data\Microsoft\Installer\{8B46024A-8C90-4725-AE47-6444109CF5A9}\NewShortcut1_8B46024A8C904725AE476444109CF5A9.exe
[2010/03/04 00:10:18 | 000,008,854 | R--- | M] () -- C:\Documents and Settings\Russell Alexander\Application Data\Microsoft\Installer\{8B46024A-8C90-4725-AE47-6444109CF5A9}\Uninstall_Don_t_Pani_8B46024A8C904725AE476444109CF5A9.exe
[2010/03/31 22:48:19 | 000,411,494 | R--- | M] () -- C:\Documents and Settings\Russell Alexander\Application Data\Microsoft\Installer\{90CAF868-0B06-4C4A-A6E9-D0FD17C7BAE1}\controlPanelIcon.exe
[2009/06/19 23:13:55 | 000,092,854 | R--- | M] () -- C:\Documents and Settings\Russell Alexander\Application Data\Microsoft\Installer\{91208A47-5D08-4C79-986F-1931940F51BB}\_bb32ea6.exe
[2007/03/02 00:28:28 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Russell Alexander\Application Data\Microsoft\Installer\{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}\ARPPRODUCTICON.exe
[2007/03/02 00:28:28 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Russell Alexander\Application Data\Microsoft\Installer\{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}\NewShortcut3_2E7595EC4FB14E2993D49083C8A9B107.exe
[2008/10/13 21:50:24 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Russell Alexander\Application Data\Microsoft\Installer\{D3621EAA-00D6-4791-97BF-7E8EE3437BF2}\ARPPRODUCTICON.exe
[2008/10/13 21:50:24 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Russell Alexander\Application Data\Microsoft\Installer\{D3621EAA-00D6-4791-97BF-7E8EE3437BF2}\NewShortcut3_D3621EAA00D6479197BF7E8EE3437BF2.exe
[2008/10/13 21:50:24 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Russell Alexander\Application Data\Microsoft\Installer\{D3621EAA-00D6-4791-97BF-7E8EE3437BF2}\VPhotoResize.exe_D3621EAA00D6479197BF7E8EE3437BF2.exe
[2006/04/04 19:41:10 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Russell Alexander\Application Data\Microsoft\Installer\{F1E906E7-1120-428D-A124-4938C306427E}\ARPPRODUCTICON.exe
[2006/04/04 19:41:10 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Russell Alexander\Application Data\Microsoft\Installer\{F1E906E7-1120-428D-A124-4938C306427E}\PalmDesktopShortcut.exe
[2010/01/15 14:25:04 | 000,372,736 | ---- | M] (LogMeIn, Inc.) -- C:\Documents and Settings\Russell Alexander\Application Data\Mozilla\Firefox\Profiles\8658kj9u.default\extensions\[email protected]\plugins\LMIGuardian.exe
[2010/01/15 14:26:54 | 000,070,984 | ---- | M] () -- C:\Documents and Settings\Russell Alexander\Application Data\Mozilla\Firefox\Profiles\8658kj9u.default\extensions\[email protected]\plugins\LMIProxyHelper.exe
[2008/10/13 12:45:16 | 000,087,368 | ---- | M] (LogMeIn, Inc.) -- C:\Documents and Settings\Russell Alexander\Application Data\Mozilla\Firefox\Profiles\8658kj9u.default\extensions\[email protected]\platform\WINNT\plugins\LMIGuardian.exe
[2008/10/13 12:44:54 | 000,071,248 | ---- | M] () -- C:\Documents and Settings\Russell Alexander\Application Data\Mozilla\Firefox\Profiles\8658kj9u.default\extensions\[email protected]\platform\WINNT\plugins\LMIProxyHelper.exe
[2008/06/21 01:18:18 | 006,850,312 | ---- | M] (MySpace Inc.) -- C:\Documents and Settings\Russell Alexander\Application Data\MySpace\IM\Install\MSIMClientSetup.1.0.756.0-static.exe


< MD5 for: AGP440.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/16 20:10:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/09/16 20:10:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/16 20:10:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/16 20:10:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 01:05:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008/04/13 20:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\cmdcons\autochk.exe
[2008/04/13 20:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008/04/13 20:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\SYSTEM32\autochk.exe
[2004/08/04 00:56:48 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: BEEP.SYS >
[2001/08/23 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys
[2001/08/23 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\SYSTEM32\DRIVERS\beep.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 07:26:04 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:08 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: IMM32.DLL >
[2008/04/13 20:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ERDNT\cache\imm32.dll
[2008/04/13 20:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ServicePackFiles\i386\imm32.dll
[2008/04/13 20:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\SYSTEM32\imm32.dll
[2004/08/04 00:56:44 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=87CA7CE6469577F059297B9D6556D66D -- C:\WINDOWS\$NtServicePackUninstall$\imm32.dll

< MD5 for: KERNEL32.DLL >
[2007/04/16 12:07:28 | 000,986,112 | ---- | M] (Microsoft Corporation) MD5=09F7CB3687F86EDAA4CA081F7AB66C03 -- C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[2004/08/04 00:56:44 | 000,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\WINDOWS\$NtUninstallKB935839$\kernel32.dll
[2007/04/16 11:52:54 | 000,984,576 | ---- | M] (Microsoft Corporation) MD5=A01F9CA902A88F7CED06884174D6419D -- C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll
[2009/03/21 10:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\ERDNT\cache\kernel32.dll
[2009/03/21 10:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\SYSTEM32\dllcache\kernel32.dll
[2009/03/21 10:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\SYSTEM32\kernel32.dll
[2008/04/13 20:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll
[2008/04/13 20:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\ServicePackFiles\i386\kernel32.dll
[2009/03/21 09:59:23 | 000,991,744 | ---- | M] (Microsoft Corporation) MD5=DA11D9D6ECBDF0F93436A4B7C13F7BEC -- C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2008/06/20 13:41:10 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=097722F235A1FB698BF9234E01B52637 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2008/06/20 13:36:11 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2004/08/04 00:56:46 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll
[2008/06/20 13:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[2008/06/20 13:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\ERDNT\cache\mswsock.dll
[2008/06/20 13:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\SYSTEM32\dllcache\mswsock.dll
[2008/06/20 13:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\SYSTEM32\mswsock.dll
[2008/04/13 20:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/06/20 13:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NDIS.SYS >
[2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SYSTEM32\DRIVERS\ndis.sys
[2004/08/03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NTFS.SYS >
[2007/02/09 07:23:36 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=05AB81909514BFD69CBB1F2C147CF6B9 -- C:\WINDOWS\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[2007/02/09 07:10:36 | 000,574,464 | ---- | M] (Microsoft Corporation) MD5=19A811EF5F1ED5C926A028CE107FF1AF -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys
[2008/04/13 15:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ERDNT\cache\ntfs.sys
[2008/04/13 15:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008/04/13 15:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\SYSTEM32\DRIVERS\ntfs.sys
[2004/08/03 23:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\cmdcons\NTFS.SYS
[2004/08/03 23:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtUninstallKB930916$\ntfs.sys

< MD5 for: NTMSSVC.DLL >
[2008/04/13 20:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ERDNT\cache\ntmssvc.dll
[2008/04/13 20:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
[2008/04/13 20:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\SYSTEM32\ntmssvc.dll
[2004/08/04 00:56:46 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=B62F29C00AC55A761B2E45877D85EA0F -- C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll

< MD5 for: PROQUOTA.EXE >
[2004/08/04 00:56:56 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/13 20:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/13 20:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\SYSTEM32\proquota.exe

< MD5 for: QMGR.DLL >
[2004/08/04 00:56:46 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ERDNT\cache\qmgr.dll
[2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\SYSTEM32\bits\qmgr.dll
[2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\SYSTEM32\qmgr.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< MD5 for: SFCFILES.DLL >
[2004/08/04 00:56:46 | 001,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll
[2008/04/13 20:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ERDNT\cache\sfcfiles.dll
[2008/04/13 20:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[2008/04/13 20:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\SYSTEM32\sfcfiles.dll

< MD5 for: SPOOLSV.EXE >
[2004/08/04 00:56:58 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
[2005/06/10 20:17:14 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=AD3D9D191AEA7B5445FE1D82FFBB4788 -- C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[2008/04/13 20:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ERDNT\cache\spoolsv.exe
[2008/04/13 20:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
[2008/04/13 20:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\SYSTEM32\spoolsv.exe
[2005/06/10 19:53:32 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=DA81EC57ACD4CDC3D4C51CF3D409AF9F -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe

< MD5 for: SRSVC.DLL >
[2008/04/13 20:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ERDNT\cache\srsvc.dll
[2008/04/13 20:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[2008/04/13 20:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\SYSTEM32\srsvc.dll
[2004/08/04 00:56:46 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SYSTEM32\svchost.exe
[2004/08/04 00:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TERMSRV.DLL >
[2004/08/04 00:56:48 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=B60C877D16D9C880B952FDA04ADF16E6 -- C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll
[2008/04/13 20:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ERDNT\cache\termsrv.dll
[2008/04/13 20:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
[2008/04/13 20:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\SYSTEM32\termsrv.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SYSTEM32\userinit.exe

< MD5 for: WS2_32.DLL >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\SYSTEM32\ws2_32.dll
[2004/08/04 00:56:48 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

< MD5 for: XMLPROV.DLL >
[2008/04/13 20:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ERDNT\cache\xmlprov.dll
[2008/04/13 20:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll
[2008/04/13 20:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\SYSTEM32\xmlprov.dll
[2004/08/04 00:56:48 | 000,129,536 | ---- | M] (Microsoft Corporation) MD5=EEF46DAB68229A14DA3D8E73C99E2959 -- C:\WINDOWS\$NtServicePackUninstall$\xmlprov.dll

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/11/20 02:59:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\config\default.sav
[2004/11/20 02:59:16 | 000,659,456 | ---- | M] () -- C:\WINDOWS\SYSTEM32\config\software.sav
[2004/11/20 02:59:16 | 000,901,120 | ---- | M] () -- C:\WINDOWS\SYSTEM32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/05/06 16:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys
[2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswFsBlk.sys
[2010/05/06 16:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswmon.sys
[2010/05/06 16:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys
[2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys
[2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswSP.sys
[2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys
[2010/03/09 21:47:26 | 000,134,344 | ---- | M] (COMODO) -- C:\WINDOWS\SYSTEM32\DRIVERS\cmdguard.sys
[2010/03/04 20:01:12 | 000,029,312 | ---- | M] (Line 6) -- C:\WINDOWS\SYSTEM32\DRIVERS\l6dp.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
[2010/05/24 23:17:39 | 000,035,816 | ---- | M] (Greatis Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\Partizan.sys
[2010/05/24 23:59:33 | 000,024,416 | ---- | M] (Greatis Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\regguard.sys
< End of report >


Here's the Extras report:

OTL Extras logfile created on: 5/25/2010 11:53:23 AM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Russell Alexander\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.04 Gb Total Space | 14.16 Gb Free Space | 29.49% Space Free | Partition Type: NTFS
Drive D: | 12.65 Gb Total Space | 3.03 Gb Free Space | 23.97% Space Free | Partition Type: FAT32
Drive E: | 35.94 Gb Total Space | 23.66 Gb Free Space | 65.84% Space Free | Partition Type: NTFS
Drive F: | 35.74 Gb Total Space | 20.18 Gb Free Space | 56.46% Space Free | Partition Type: NTFS
Drive G: | 35.80 Gb Total Space | 22.68 Gb Free Space | 63.35% Space Free | Partition Type: NTFS
Drive H: | 35.79 Gb Total Space | 13.67 Gb Free Space | 38.20% Space Free | Partition Type: NTFS
Drive I: | 41.57 Gb Total Space | 25.65 Gb Free Space | 61.69% Space Free | Partition Type: NTFS
Drive J: | 10.65 Gb Total Space | 3.62 Gb Free Space | 34.02% Space Free | Partition Type: FAT32
Drive K: | 8.65 Gb Total Space | 3.08 Gb Free Space | 35.65% Space Free | Partition Type: FAT32
Drive L: | 11.74 Gb Total Space | 2.54 Gb Free Space | 21.60% Space Free | Partition Type: FAT32
Drive M: | 9.47 Gb Total Space | 4.89 Gb Free Space | 51.66% Space Free | Partition Type: FAT32
Drive N: | 21.32 Gb Total Space | 4.27 Gb Free Space | 20.04% Space Free | Partition Type: FAT32
Drive P: | 2.49 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive Q: | 465.76 Gb Total Space | 286.99 Gb Free Space | 61.62% Space Free | Partition Type: NTFS
Drive W: | 149.05 Gb Total Space | 64.38 Gb Free Space | 43.20% Space Free | Partition Type: NTFS

Computer Name: RUSSELL
Current User Name: Russell Alexander
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "%1"
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
jsfile [edit] -- "F:\Macromedia Studio 8\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "J:\ACD USE WITH HP PHOTOSMART\ACDSEE\ACDSEE.EXE" "%1" (ACD Systems, Ltd.)
Directory [ChangeCase] -- M:\CHANGE~1\chgcase.exe "%1" (Zeal SoftStudio)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Print_Directory_Listing] -- c:\windows\Dirlist.bat %1 ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- (America Online Inc)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- (America Online Inc.)
"F:\America Online 9.0\waol.exe" = F:\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\1110494747\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1110494747\EE\AOLServiceHost.exe:*:Enabled:AOL -- (America Online, Inc.)
"F:\bittorrent\bittorrent.exe" = F:\bittorrent\bittorrent.exe:*:Enabled:BitTorrent -- ()
"C:\Program Files\Messenger\Msmsgs.exe" = C:\Program Files\Messenger\Msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5 -- (Microsoft Corporation)
"F:\TurboTax\Home & Business 2006\32bit\ttax.exe" = F:\TurboTax\Home & Business 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"F:\TurboTax\Home & Business 2006\32bit\updatemgr.exe" = F:\TurboTax\Home & Business 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"F:\TurboTax Deluxe 2006\TurboTax Deluxe 2006\32bit\ttax.exe" = F:\TurboTax Deluxe 2006\TurboTax Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"F:\TurboTax Deluxe 2006\TurboTax Deluxe 2006\32bit\updatemgr.exe" = F:\TurboTax Deluxe 2006\TurboTax Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\AnalogX\BitPump\bitpump.exe" = C:\Program Files\AnalogX\BitPump\bitpump.exe:*:Enabled:BitPump -- ()
"F:\TurboTax Business 2007\TurboTax Business 2007\32bit\ttax.exe" = F:\TurboTax Business 2007\TurboTax Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"F:\TurboTax Business 2007\TurboTax Business 2007\32bit\updatemgr.exe" = F:\TurboTax Business 2007\TurboTax Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"E:\TurboTax Premier 2007\TurboTax Premier 2007\32bit\ttax.exe" = E:\TurboTax Premier 2007\TurboTax Premier 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"E:\TurboTax Premier 2007\TurboTax Premier 2007\32bit\updatemgr.exe" = E:\TurboTax Premier 2007\TurboTax Premier 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- (Orb Networks, Inc.)
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- (Orb Networks)
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- (Orb Networks)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"F:\QuickBooks 2007\QBDBMgrN.exe" = F:\QuickBooks 2007\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager -- (iAnywhere Solutions, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"H:\iTunes\iTunes.exe" = H:\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{01363D36-93FB-45C9-B7F3-7C2AF5F6BC27}" = Learning QuickBooks 2007
"{019210C1-32C8-423C-BEFD-763C8E7A188F}" = Microsoft Money 2003
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{02CA7E66-1AD1-4DE9-BA9E-86A0EEB019C7}" = Microsoft Money 2003 System Pack
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{0345F1FF-4A99-4D97-A0ED-579F03FDBB72}_is1" = Port Analyzer 1.0
"{038A4EB1-47BE-4B91-BF66-0E9B078944E5}" = uCertify M70-270: Windows XP Professional
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B8.1208.1
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A37AA80-885E-11D3-9AC4-00105A0D24F9}" = Sonicbox iM Tuner
"{0B72508E-A32C-40DD-9A26-C5E92A039595}" = AT&T Plug&Share 54Mbps Wireless PCI Adapter
"{0BA14EDE-4C45-482B-BBA2-B3159EFAD60B}" = DirectiXer 2.3
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0E3CCCDC-3BB2-B5D5-A547-5F157E1BADB8}" = Catalyst Control Center Core Implementation
"{0E59731F-1CE5-46A4-A20D-854E6C815029}" = Calendar Upgrade
"{0E753927-F773-40D2-8504-F302A464ED9C}" = Boson Standardized Tests v5.02
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{131C976E-E991-40FA-163F-B29022346F01}" = CCC Help English
"{15E00491-0DE1-4A2A-B833-1B0F81EAF53C}" = CoffeeCup Free Flash Text Wizard
"{167E4A06-F407-11D3-95F5-0080AD910D79}" = Saitek Gaming Extensions
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{18E70170-C334-44BB-ACCA-3DCCC65CE4C7}" = VOCALOID SKIN (Zero-G LOLA)
"{1CB63C5C-DA69-4793-BD35-43BDE2A86D43}" = MGI VideoWave 4
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1FD0C5C1-B01B-4B4C-9607-E5D3B3D1318F}" = Microsoft IntelliPoint 4.1
"{223C0721-A6B0-4853-88C0-331029841734}" = HP Color LaserJet CP1510 Series 2.0
"{243FA669-BEA1-4FD7-906F-DAF000D6B33A}" = Casper XP
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 17
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2875A5F5-E613-4F99-9B47-8882C9DD24A5}" = OfotoNow
"{28C80CD6-14DF-42E7-B460-CBF194A6439C}" = Sonic Foundry CD Architect 5.0
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2D314071-26CD-47EA-A01E-82FADDE951C5}" = LiquidInstrument Standalone 1.1
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{2F353D44-73BB-4971-B31D-F7642E9E9531}" = Macromedia Flash MX 2004
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{32199E94-CA76-4BA8-B0B6-76A856A5DA98}" = QBWebConnector
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{32785539-3BB4-470C-962B-997FCD0232DA}" = Multi Direct Print Type S IPP port
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36495C59-089C-49D1-BD15-9E5BD86DC9A1}" = ItsDeductible Express
"{36F0FA39-2875-4EFD-977C-C405A5E4A403}" = LiquidInstrumentDXi2 1.1
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup
"{3B8186F0-EAA2-012B-AE69-000000000000}" = TurboTax 2009 wnyiper
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3CEA3FEC-1AF5-4818-89D5-406F627E7337}" = World Community Grid Agent
"{414C803A-6115-4DB6-BD4E-FD81EA6BC71C}" = Product_SF_Min_QFolder
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{4424b048-5725-11dc-8314-0800200c9a66}" = FontLab ScanFont 5
"{448AB2CB-C94A-47DE-80B8-9D7824DEFA57}" = Ulead DVD MovieFactory 4.0 SE
"{450A41F4-4511-4D5C-8412-6BA4DD88F65F}" = VIPRE Antivirus + Antispyware
"{49A44B9B-DF54-4BFD-BC15-55FFA6566053}" = Atomic Harvester III
"{4B719A70-F14A-4f5c-90B5-346B24B7FFF1}" = Windows 7 Upgrade Advisor
"{4C93C363-414E-11D4-9756-00C04F8EEB39}" = Macromedia Flash 5
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{5007E629-8769-44BB-BD51-A20B6DCC5CC9}" = Microsoft Office Accounting 2009
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{53276F5A-85AB-4BEF-BAA2-2490975DC006}" = Microsoft Office Accounting 2009 Fixed Asset Manager
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54DD126C-E5F5-404C-B4B7-66DF7FD4F2FF}" = MSSoap
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{55D08777-EFAA-41AD-942A-5A2CD4B580F3}" = MixMeister Pro 4
"{55EE08EE-77A4-475E-A163-D6A673498ECF}" = VOCALOID Voice DB (Lola)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5A53992C-48D6-D4DB-75A7-5D13388DAB9A}" = ccc-core-static
"{5B893587-00A8-4A4E-83F0-8AFA7BFC7C1A}" = PVR Plus
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{5E749AEB-5A19-43BA-BB20-3CBB37539FE4}" = Paint.NET v3.10
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{5FEA7A01-D361-460D-8E7D-C1C96A5EC61B}" = sdTwoWav
"{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"{62F9F352-A7F7-4051-B2AD-6D1A3C325407}" = OmniPage Pro 11.0
"{639858DD-4966-40F3-A706-7C838BCF3A2B}" = MaxBlast 3
"{65F1CF63-31E0-450B-96F3-4A88BE7361A6}" = AGEIA PhysX v7.07.09
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis True Image Home
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
"{6A136B9A-1895-436F-83F8-30D9C68BB6EA}" = Rhapsody Player Engine
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B6F3A57-99B2-418F-9F30-A480E93C0746}" = Sonic Foundry DVD Architect 1.0c
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B23535-8136-4863-965C-33A60FFA3CE7}" = EASEUS Data Recovery Wizard Professional 3.3.4
"{745877DC-8FFE-4E4C-ABBC-589B887A47D1}" = Virtual Sound Canvas DXi
"{748F4870-8350-11D3-B0BF-080009FB4A19}" = HP Share-to-Web
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}" = Ulead VideoStudio 7 ESD
"{75B61CF0-B8A8-46E2-8709-C4A79898AC1D}" = Data Lifeguard Diagnostic for Windows
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{799118AC-7489-40BA-A7C1-498D84D451C5}" = Weed
"{7AE858CD-7AD6-D9E6-627E-E452A71896E7}" = Catalyst Control Center Graphics Full Existing
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Syste⑭ Utilit⑹
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7E545666-F424-45FD-B3DF-C0B99A1A579F}" = QuickBooks Premier Edition 2007
"{7F1C5D75-E232-4C2B-A394-E5FB7FBB3D66}" = Sonic Foundry Sound Forge 6.0d
"{7FB37294-8155-11D3-A809-0050BAAFB1BB}" = Business Plan Pro 4.0
"{7FDE7746-74D2-4EAA-9F1E-BB6B0252657B}" = iLike Sidebar
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81E76DE9-BBCB-449C-91BB-6E4E5436D496}" = Adobe Audition 1.0
"{831053E0-79D4-11D4-B1C4-0050BAAABBFD}" = WOW Love
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{838F0053-8744-4B63-8819-CC44C06308AC}" = Visualizer Photo Resize
"{8398B542-3CC4-44D9-83DF-696CCE70124B}" = Windows Support Tools
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B46024A-8C90-4725-AE47-6444109CF5A9}" = Don't Panic - Photo Edition
"{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}" = MP3 Player Utilities 4.18
"{8BC8DA36-302D-14FA-55AE-5CAAF1CA4F25}" = Catalyst Control Center Graphics Light
"{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8D3562E7-C795-4B5D-A091-6DAA3FF0DF3B}" = Macromedia HomeSite+
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F156C85-23F2-4F13-89A6-B0B286D1B4CD}" = File, Print FedEx Kinko's
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8F3CF9E1-D738-4C2B-8193-F45AC8B0EC7C}" = Windows Vista Upgrade Advisor
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90CAF868-0B06-4C4A-A6E9-D0FD17C7BAE1}" = Casper 5.0
"{91108AD9-F983-4FDA-A089-ED269C75F21B}" = E-MU Xboard
"{91208A47-5D08-4C79-986F-1931940F51BB}" = QuickBooks Product Listing Service
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{939740B5-0064-4779-854A-8C1086181C05}" = Macromedia FreeHand MXa
"{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{98B672F2-857C-4CC9-A25D-6B218077F4F6}" = Yahoo! Autosync
"{99D34763-7E45-4FE5-8424-28DBC3A5F0BF}" = GUIDE PLUS+™ for Windows® System
"{9B89EB0D-68C3-4E5D-A705-CD8D37DABF50}" = VOCALOID Expression DB (Standard)
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D1C26BD-E792-4159-9D16-07EA222D8EF0}" = Windows Messenger 5.1
"{9D623E1A-30E1-4E55-BD80-5C1359DB120B}" = Melodyne 3.1
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{9E34B40A-CFF3-11D3-8302-00A024A89C17}" = Looper
"{9E34B40B-CFF3-11D3-8302-00A024A89C17}" = FixedLength
"{9E34B40D-CFF3-11D3-8302-00A024A89C17}" = VeloMaster Lite CW
"{9E34B40F-CFF3-11D3-8302-00A024A89C17}" = SlicyDrummer Lite
"{9E34B508-CFF3-11D3-8302-00A024A89C17}" = Rhythm'n'Chords 2 Lite CW
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A1BC8E02-6B5B-4B4A-A75F-B27A16918C2B}" = DiscWizard for Windows
"{A1F143D1-1F0D-44FB-A44B-71D4367D16DE}" = Melodyne 3.1
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A44C8D37-B36B-D378-2201-97137494E339}" = ccc-utility
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A7EC08D3-419E-4568-B59A-82D652450D48}" = WOW
"{A85D8CC4-4DB9-11D6-B038-0000B49CEE91}" = PCForrest StartMan 1.2.70
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{ABDA9912-5D00-11D4-BAE7-9367CA097955}" = Macromedia Dreamweaver 4
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AFD9E698-03C2-4E88-80A6-1496562D4304}" = Google SketchUp 7.1
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B023185F-F1EF-4F97-B0BD-AE6D802226D1}" = NVIDIA WDM Drivers
"{B123B3B1-C2A0-47E7-AAAB-D1E2DBE259CB}" = VOCALOID Editor V1.0.0.1
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B360A8E5-C171-4AAE-9777-65B3CDB0072C}" = CanoScan LiDE20,30 Manual
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BA2D4D22-0B99-4D63-BCEE-D2EA4736F27F}" = LogMeIn
"{BB37C263-9B7F-6A1C-A1B8-333C3FB80614}" = ccc-core-preinstall
"{BB81360F-041C-4CF7-B15E-71380D154244}" = Adobe Setup
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BEE9DFE1-7CDF-4D1C-A473-3B3DF8FF1431}_is1" = Hot CPU Tester Pro 4.3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1121C1F-1962-4A23-B2C2-B9515C837179}" = OverDrive Media Console
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C2995A04-6209-40C2-B31D-4D85852B6D8B}" = TVR Update
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C3A6202F-8F3E-424C-83B8-189F92A1AB43}" = One Touch Video Capture
"{C3DE07CB-036F-45BC-85BD-D6FFC5D33603}" = TurboTax 2008 wnyiper
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C4FFCD8D-3A06-E243-2747-2CE771A8B7D4}" = EA Download Manager UI
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
"{C6C148EC-55FB-4FDF-AD4F-ECEA579D040D}" = Microsoft Office Accounting 2009 Equifax Addin
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}" = Linksys Wireless-G USB Network Adapter
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}" = MSN Messenger 7.5
"{CEE2C9FF-FAB4-4A36-B2CD-862C26A58E7E}" = ATI Multimedia Center
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3621EAA-00D6-4791-97BF-7E8EE3437BF2}" = Visualizer Photo Resize
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D59967FF-4DCC-4695-BCD9-FA47B94047D6}" = Debugging Tools for Windows
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D8EA8CB7-6FEE-49EB-A7FD-AD8F8CB1A924}" = Pitch Fix Trial
"{D917F618-DDB8-4653-95FF-14A9A29A4E3B}" = Zinio Reader
"{D925601D-25E3-4E95-A456-FBD8C2995289}" = E-MU Xboard
"{D9AE6BE1-5847-4962-86B0-2A290B7E6C43}" = Microsoft Office Accounting 2009 Tax Integration Add-in
"{D9C70541-ADA5-40A4-B176-6AAFCBA05C8F}" = Airfix Dogfighter
"{DA22A6BB-10B5-4595-BD59-1AD4023C8536}" = Virtual Sound Canvas VST
"{DA71A94B-3617-4935-8BBE-1566B2174C95}" = VC500 Driver
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DC0C35E4-CD3D-4F12-95BB-7C74D9467BD7}" = Microsoft Office Accounting 2009 PayPal Addin
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE5CD0E9-9296-788D-F082-54454791A65E}" = Catalyst Control Center Graphics Previews Common
"{E0233B01-BE70-4D0B-8B69-64331593535C}" = eBook Pro Viewer 5.54
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E583ED6F-BD99-4066-A420-C815BF692B69}" = Macromedia Fireworks MX 2004
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" = Alcohol 120%
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EA82FF50-E258-4DFE-839B-8F26A01A34A7}" = Microsoft Tool Web Package:WntIpcfg.exe
"{EABACFC4-1CB1-438E-A418-0A3B21CD30D3}" = Waves Restoration
"{EBB15EA8-B7CF-E90C-B977-18777AFC63F0}" = Catalyst Control Center HydraVision Full
"{EC1F2687-6922-43E9-A6A5-73D750A8C8CE}" = MediaFACE II
"{EC27630A-EAFB-AB2A-56CC-7F5189845D85}" = Catalyst Control Center Graphics Full New
"{ED386A62-2BA2-4544-A723-5DFFDC283F6A}" = Mobipocket Reader 6.0
"{EEAA3E5E-1296-45AD-A59E-5D63F604867D}" = Radmin Viewer 3.3
"{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02
"{F01C1DBB-E5DE-49BE-97A6-483F128AEFAF}" = VOCALOID Expression DB (Lola)
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E906E7-1120-428D-A124-4938C306427E}" = Palm Desktop
"{F2472B05-AC59-4363-A8D9-3E722B778633}" = Liquid Player
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6E36639-10C8-4FAD-AF1F-E84D5B6653D1}" = FontLab Studio 5
"{F87A8E11-02A4-4875-A3A5-5961081B0E4E}" = OpenOffice.org 2.4
"{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}" = Windows Resource Kit Tools
"{FAC611DA-E445-4D7A-8311-7389C627FA32}" = VOCALOID VSTi V1.0.0.1
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FBCCF9CE-61EE-425E-BE4D-959D76FA7701}" = Adobe GoLive 5.0 Tryout
"{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"{FFC1ADE3-944B-4231-894E-3903C37271D2}" = Adobe Setup
"0" = YASA MPEG/AVI to VCD/DVD/SVCD/MPEG/AVI Converter v2.4 (build 0047)
"1-0" = AltaVista FreeAccess
"123 Flash Menu" = 123 Flash Menu v3.2.0.1309
"3D Frog Frenzy" = 3D Frog Frenzy
"3D Pinball Express" = 3D Pinball Express
"3DCD" = Worlds
"3gp Player" = 3gp Player
"3ivx D4 4.5.1 Decoder" = 3ivx D4 4.5.1 Decoder (remove only)
"a4deskpro_webunion_is1" = A4DeskPro v1.38
"AAScripter_is1" = AAScripter v2.0
"AccuBurn-R" = AccuBurn-R
"ACDSee" = ACDSee
"Acoustica Beatcraft" = Acoustica Beatcraft
"Acoustica Effects Pack" = Acoustica Effects Pack
"Active Ports" = Active Ports
"Active@ UNDELETE Professional " = Active@ UNDELETE Professional
"ActiveTouchMeetingClient" = WebEx
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.0 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe PageMaker 6.5" = Adobe PageMaker 6.5
"Adobe Premiere 6.0" = Adobe Premiere 6.0
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_32fdd767b4383606e8168e834af5d90" = Adobe Premiere Pro CS3
"Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"Adobe_c3c7fe8b09d497ab2b3fd91c9353390" = Adobe Flash CS3 Professional
"Advanced PDF Password Recovery Pro" = Advanced PDF Password Recovery Pro (remove only)
"Advanced Port Scanner v1.3" = Advanced Port Scanner v1.3
"Advanced Registry Optimizer_is1" = Advanced Registry Optimizer 5.1
"AFPL Ghostscript 8.51" = AFPL Ghostscript 8.51
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"After Effects 4.0" = Adobe After Effects 4.0
"AIM_6" = AIM 6
"All ATI Software" = ATI - Software Uninstall Utility
"All Video to VCD SVCD DVD Converter_is1" = All Video to VCD SVCD DVD Converter 3.0
"Allok AVI to DVD SVCD VCD Converter_is1" = Allok AVI to DVD SVCD VCD Converter 1.5.8
"Alone in the Dark - The New Nightmare" = Alone in the Dark - The New Nightmare
"AnalogX BitPump" = AnalogX BitPump
"Antares Harmony Engine VST RTAS_is1" = Antares Harmony Engine VST RTAS v1.0
"AntiFreeze_is1" = AntiFreeze 1.01
"AnyDVD" = AnyDVD
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Instant Messenger" = AOL Instant Messenger
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Arc DVD Copy_is1" = Arc DVD Copy 1.1.3
"ASIO4ALL" = ASIO4ALL
"ASUS Probe V2.24.10" = ASUS Probe V2.24.10
"ATI Display Driver" = ATI Display Driver
"Audio Converter" = River Past Audio Converter
"avast5" = avast! Free Antivirus
"AVS Video Tools 5.1_is1" = AVS Video Tools 5.1
"AVSDiscCreator_is1" = AVS Disc Creator version 2.1
"Axandra's Reciprocal Links Solution_is1" = ARELIS 4.4.2
"BackupXpress Pro" = BackupXpress Pro 2.72
"BATTLEFIELDV1.0" = Battles of the World
"BB_is1" = Band-in-a-Box and RealBand 2010
"BBE Sonic Maximizer Plugin" = BBE Sonic Maximizer Plugin
"bbfinder 4.1" = bbfinder 4.1
"BBVIDPAK_is1" = Video Tutorial PAK
"BCWipe" = BCWipe 2.0
"BeatModel T1 Plug-in Pack v1.01" = BeatModel T1 Plug-in Pack v1.01
"BetZip_is1" = BetZip Version 2.0.6.91
"BHO Cop" = BHO Cop
"BHODemon_is1" = BHODemon 2.0.0.23
"Binaryfish All Mobile Mines - Pocket PC Edition" = All Mobile Mines - Pocket PC Edition 4.0.1
"BitTorrent" = BitTorrent 4.2.2
"Blender" = Blender (remove only)
"BLPMC1_1_is1" = Blues Piano MasterClass Volume 1
"Board Games" = Board Games
"BookReader_is1" = BookReader 4.6
"Bookshop Classics" = Bookshop Classics
"Boson CCNA eBook" = Boson CCNA eBook
"Burstware - Windows Media Player Bridge" = Burstware - Windows Media Player Bridge
"Cacheman 4.0" = Cacheman 4.0
"CakeFX3" = Cakewalk Audio FX Pack3 v1.0
"Cakewalk VST Adapter 4.4.4.0" = Cakewalk VST Adapter 4.4.4.0
"CANONBJ_Deinstall_CNMCP4w.DLL" = Canon i450
"Card Classics and Solitaire Gold" = Card Classics and Solitaire Gold
"Card Games for Windows" = Card Games for Windows
"CatchUp V1.3" = CatchUp V1.3
"CdaC13Ba" = SafeCast Shared Components
"CDex" = CDex extraction audio
"CDex_is1" = Cdex version 1.30
"CD-R Inspector" = CD-R Inspector
"CD-R Verifier" = CD-R Verifier
"Cdrom List Creator" = Cdrom List Creator
"Certification Genie" = Certification Genie
"CFSC Chris Free Software Cleaner" = CFSC Chris Free Software Cleaner
"Change Case v3.1" = Change Case v3.1
"CJPDRV_Deinstall 4W" = Canon i450
"CJRSTR_Deinstall" = BJ Printer Driver
"Class Ad Factory V1.0" = Class Ad Factory V1.0
"Cleaner 5 EZ" = Cleaner 5 EZ
"CleanTray" = CleanTray
"C-Media USB Sound" = C-Media USB Sound
"C-Media USB Sound Driver" = C-Media USB Sound Driver
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"COMODO Internet Security" = COMODO Internet Security
"CopyScat" = CopyScat
"CoyoteWT_is1" = CoyoteWT 1.0
"Creative Launcher" = Creative Launcher
"Creative LAVA" = Creative LAVA!
"CrossFont_is1" = CrossFont version 4.3
"CToolbar_UNINSTALL" = Crawler Toolbar with Web Security Guard
"CutePDF Writer Installation" = CutePDF Writer 2.8
"CWAFV3" = Cakewalk Audio Finder Tool
"CyberKit" = CyberKit
"DartPro 32" = DartPro 32
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"dBpowerAMP Real Audio Codec" = dBpowerAMP Real Audio Codec
"DeClicker" = Steinberg DeClicker v1.21
"DeductionPro 2005-06" = DeductionPro 2005-06
"Dell Laser MFP 1600n" = Dell Laser MFP 1600n Software Uninstall
"Desktop Server 2000" = Desktop Server 2000
"DHTML_Menu_Builder" = DHTML Menu Builder 3.0
"Digital Editions" = Adobe Digital Editions
"DirectoryPrinter" = Directory Printer
"DiskCheckup_is1" = DiskCheckup V2.1
"Download Manager" = Download Manager 2.3.9
"DrawPlus 3.0" = DrawPlus 3.0
"DreamStation DXi2" = DreamStation DXi2
"DriverAgent.exe" = DriverAgent by eSupport.com
"DriverCleanerDotNET" = DH Driver Cleaner.NET
"DVD Ripper Platinum 4" = DVD Ripper Platinum 4
"DVD Shrink_is1" = DVD Shrink 3.2
"EA Download Manager" = EA Download Manager
"EACOM Game Installer" = EACOM Game Installer
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"Emagic Logic Audio Platinum 5.5" = Emagic Logic Audio Platinum 5.5
"eMule" = eMule
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EnvelopV1.0" = Envelop
"ERUNT_is1" = ERUNT 1.1g
"Ethereal" = Ethereal 0.10.13
"EtherPeek 4.1 Demo" = WildPackets EtherPeek 4.1 Demo
"eWhiz Ad Creator V.1" = eWhiz Ad Creator V.1
"ExamForce Engine Installation CM 7.7" = ExamForce Engine Installation CM 7.7
"exPressit S.E. 3.0" = exPressit S.E. 3.0
"Faber Toys_is1" = Faber Toys
"FinePrint" = FinePrint
"FixYa" = FixYa Expert Utility
"Flaming Pear Photoshop Plug-ins" = Flaming Pear Photoshop Plug-ins
"Flash Designer 5" = Flash Designer 5 (5.0.22.6)
"Flash Renamer" = Flash Renamer
"Flash Website Design_is1" = Flash Website Design Free 1.1563(563 Templates/Unicode UTF8)
"FMJSoft Awave Audio v8.1" = FMJSoft Awave Audio v8.1
"Foxit PDF Editor" = Foxit PDF Editor
"FTP Commander" = FTP Commander
"Full Canvas Jacket Servicepack 1.2" = Full Canvas Jacket Servicepack 1.2
"Full Canvas Jacket Superpatch" = Full Canvas Jacket Superpatch
"gBurner" = gBurner
"GEARPME605" = GEAR PRO "Mastering Edition" 6.05
"GetRight" = GetRight
"Greatis Reanimator_is1" = RegRun Reanimator
"Gsar-1.12_is1" = GnuWin32: Gsar version 1.12
"GSview 4.7" = GSview 4.7
"G-VOX Guitar" = G-VOX Guitar
"Handmark Solitaire for Palm OS" = Handmark Solitaire for Palm OS
"HijackThis" = HijackThis 2.0.2
"HolyGrail" = Holy Grail
"Home Improvement 1-2-3" = Home Improvement 1-2-3
"HouseCall (for Netscape)" = HouseCall (for Netscape)
"HP DeskJet 690C Series" = HP DeskJet 690C Series (Remove only)
"HP Photo Imaging Software" = HP Photo Imaging Software
"HP Photo Printing Software" = HP Photo Printing Software
"HTML Guard" = HTML Guard
"HxD Hex Editor_is1" = HxD Hex Editor version 1.7.7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IIS 4 MMC Simulator" = IIS 4 MMC Simulator
"Image Convert_is1" = Image Convert 1.0
"ImgBurn" = ImgBurn
"InstallShield_{0E753927-F773-40D2-8504-F302A464ED9C}" = Boson Standardized Tests v5.02
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA System Utility
"InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"Introduction to XML" = Introduction to XML
"inzider" = inzider
"IsoBuster_is1" = IsoBuster 1.9
"Java Web Start" = Java Web Start
"JRE 1.3.1_02" = Java 2 Runtime Environment Standard Edition v1.3.1_02
"Kingdia DVD Ripper_is1" = Kingdia DVD Ripper V2.5.0
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.2.5 Standard
"KnowledgeLINK" = KnowledgeLINK
"LAPlayerPlugins" = Liquid Player Plugins (remove only)
"Lavasoft VX2 Cleaner" = Lavasoft VX2 Cleaner
"Line 6 Uninstaller" = Line 6 Uninstaller
"Linkbot 4.0" = Linkbot 4.0
"List Manager" = List Manager
"LivePerson Expert Messenger" = LivePerson Expert Messenger
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"LSProSE" = LiveSynth Pro SE (DXi)
"lvdrivers_11.50" = Logitech QuickCam Driver Package
"Macallan Outlook Express Extraction" = Macallan Outlook Express Extraction
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Magic ISO Maker v5.3 (build 0216)" = Magic ISO Maker v5.3 (build 0216)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"MailWasher" = MailWasher
"MailWasher Pro_is1" = MailWasher Pro
"MailWasher_is1" = MailWasher
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MasterClipsDeinstKey" = MasterClips Browser v2.03
"Mastering Edition" = Steinberg Mastering Edition v1.0
"MasterWriter 2.0" = MasterWriter 2.0
"Meta Whiz 1.0" = Meta Whiz 1.0
"MetPro001_is1" = Metronome Pro
"MFGS1_1_is1" = Master Flatpick Guitar Volume 1
"Microangelo 5.0" = Microangelo 5.5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Internet Gaming Zone" = MSN Gaming Zone
"Microsoft NetShow Tools 2.0" = Windows Media Tools 4.0
"Microsoft Office Accounting 2009" = Microsoft Office Accounting 2009
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MJGSolo_1-4_is1" = Master Jazz Guitar Solos SuperPAK
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MP3 Plug-in" = Sonic Foundry MP3 Plug-In
"MPower" = MPower
"MRW!UninstallKey" = InCD EasyWrite Reader
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Musicnotes Player_is1" = Musicnotes Player V1.22.3
"MVApplication1" = Memorex exPressit Label Design Studio
"My Drivers 3.00" = My Drivers 3.00
"MySpaceIM" = MySpaceIM
"Myst 1.3" = Myst
"Myth II" = Myth II
"Nero PhotoShow Express" = Nero PhotoShow Express
"NeroMultiInstaller!UninstallKey" = Nero Suite
"Netscape (7.1)" = Netscape (7.1)
"Netscape (7.2)" = Netscape (7.2)
"Netscape Browser" = Netscape Browser (remove only)
"Netscape Communicator 4.5" = Netscape Communicator 4.5
"Network Play System (Patching)" = Network Play System (Patching)
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"nLite_is1" = nLite 1.4.9.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSPVA" = Top-10 Word Tracker
"NVIDIA Drivers" = NVIDIA Drivers
"Open Contacts_is1" = Open Contacts v4.1.10
"Orb" = Winamp Remote
"OXFW900 Upload Utility" = OXFW900 Upload Utility
"Panorama Tools (PTGui edition)" = Panorama Tools (PTGui edition) 2.7.0.9.nh1
"PaRaMeter_is1" = PaRaMeter 1.2
"Parrot 2.0" = Prody Parrot 2.0
"PayPal to QuickBooks Link" = PayPal to QuickBooks Link
"PCFriendly" = PCFriendly
"PCMagazineUninstallKey" = PC Magazine Extra
"PE Builder_is1" = PE Builder 3.1.10a
"PG Music DirectX Plugins_is1" = PG Music DirectX Plugins 2.0.0.0
"PG_DX_Plugins_is1" = PG Music DirectX Plugins 2.0.0.0
"Photo Organizer 1.8" = Photo Organizer
"Picasa2" = Picasa 2
"Power Retouche Pro" = Power Retouche Pro
"PowerISO" = PowerISO
"Print Server Driver" = Print Server Driver
"PrintMaster 10" = PrintMaster
"printQuick" = printQuick
"Product Quality Assurance" = Product Quality Assurance
"Pyro Drive Kit Software" = Pyro Drive Kit Software
"Pyst" = Pyst
"Quicken WillMaker 2004" = Quicken WillMaker 2004
"Radio@Netscape Plus" = Radio@Netscape Plus
"Rainbow Sentinel Driver" = Sentinel System Driver
"Reality 1.5" = Reality 1.5
"RealPlayer 6.0" = RealPlayer
"Recycle" = Recycle v1.71
"Red Baron II" = Red Baron II
"RegAlyzer_is1" = RegAlyzer 1.1
"Registrar Lite 2.00" = Registrar Lite 2.00
"Registry First Aid_is1" = Registry First Aid
"RegSupreme Pro_is1" = RegSupreme Pro 1.4
"Replay Media Catcher2.10" = Replay Media Catcher
"rgcAudio Triangle II DXi2 Synthesizer_is1" = rgcAudio Triangle II DXi2
"Rhymesaurus 1.3" = Rhymesaurus 1.3
"RiskDeinstKey" = Risk
"RNCompiler 6.0" = Advanced RealMedia Export Plug-in for Premiere 6.0
"ROI Forecaster V. 1" = ROI Forecaster V. 1
"Security Task Manager" = Security Task Manager 1.6f
"Selteco Flash Designer" = Selteco Flash Designer 4
"SETI@home" = SETI@home
"Shockwave" = Shockwave
"Sierra Superpatch conversion for FCJ" = Sierra Superpatch conversion for FCJ
"Sierra Utilities" = Sierra Utilities
"Slots 100" = Slots 100
"SmartForce Player" = SmartForce Player
"SnadBoy's Revelation" = SnadBoy's Revelation
"SONAR 5 Producer Edition" = SONAR 5 Producer Edition
"SONAR6Producer_is1" = SONAR 6.2 Producer Edition
"Sonic Foundry ACID Pro 3.0 Crack" = Sonic Foundry ACID Pro 3.0 Crack
"Sonic Foundry XFX vol2 v1.0b" = Sonic Foundry XFX vol2 v1.0b
"Sonic Foundry XFX vol3 v1.0b" = Sonic Foundry XFX vol3 v1.0b
"Sonic Foundry XFX1 v1.0b" = Sonic Foundry XFX1 v1.0b
"Sonic Timeworks Sonar 2 Plug-ins" = Sonic Timeworks Sonar 2 Plug-ins
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"Sound Blaster Live!" = Sound Blaster Live!
"SoundDiver Line6" = SoundDiver Line6
"Space Hack_is1" = Space Hack
"Space Station_is1" = Space Station
"Speed Video Converter_is1" = Speed Video Converter 3.0.4
"SpyNet" = SpyNet
"Spyware Terminator_is1" = Spyware Terminator
"SpywareBlaster_is1" = SpywareBlaster v2.6.1
"ST6UNST #1" = Beat Calc v2.5 By FUALI
"ST6UNST #2" = Driver Detective v2.0
"ST6UNST #3" = Backup To CD-RW (Made Simple) 3.0
"ST6UNST #4" = Stream Save 6.1
"ST6UNST #5" = Iron(FE)-Works - PictureClip v2.0
"Stamps.com" = Stamps.com
"StreetPlugin" = Learn.com Player (Uninstall Only)
"Style Enhancer Micro 1.28" = Style Enhancer Micro 1.28
"Style Enhancer Micro 2.0" = Style Enhancer Micro 2.0
"Sunrise Sunset Calculator_is1" = Sunrise Sunset Calculator 1.4
"SUPER ©" = SUPER © Version 2007.bld.22 (Mar 14, 2007)
"SWiSH v2.0" = SWiSH v2.0
"SWiSHmax" = SWiSHmax
"Sybex e-trainer" = Sybex e-trainer
"SystemRequirementsLab" = System Requirements Lab
"TAEngine 2.1" = TAEngine 2.1
"TagMaster" = TagMaster Remove
"TaxCut Deluxe 2005" = TaxCut Deluxe 2005
"TC Bundle" = TC Bundle v2.0
"tdp" = 3Deep
"TextAssist 2.1" = TextAssist 2.1
"The Sims" = The Sims
"The_Logo_Creator_v2.0" = The Logo Creator v2
"ThePlaya" = The Playa
"THOMSON mp3PRO Audio Player" = THOMSON mp3PRO Audio Player
"TomTom HOME" = TomTom HOME 2.7.3.1894
"Toolbar optionsToolbar" = URSEARCH Toolbar. Release 2.2
"Top 20 Solid Gold" = Top 20 Solid Gold
"Top 30 Games 4 Kids" = Top 30 Games 4 Kids
"Top 50 Blazing Games" = Top 50 Blazing Games
"Total Video Converter 3.02_is1" = Total Video Converter 3.02
"T-RackS 24" = T-RackS 24
"Transcribe!" = Transcribe!
"TreePrint" = TreePrint
"True Internet Color" = E-Color Indicator
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax Business 2007" = TurboTax Business 2007
"TurboTax Deluxe 2004" = TurboTax Deluxe 2004
"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006
"TurboTax Home & Business 2006" = TurboTax Home & Business 2006
"TurboTax Premier 2005" = TurboTax Premier 2005
"TurboTax Premier 2007" = TurboTax Premier 2007
"TVC8XDrv" = KWorld PVR 883 WDM Drivers
"Tweak UI 2.10" = Tweak UI
"Type 103" = Type 103
"UA-100 Controller" = UA-100 Controller
"UBCD4Win_is1" = UBCD4Win 3.50
"Ulead ArtTexture.Plugin 1.0" = Ulead ArtTexture.Plugin 1.0
"Ulead Button.Applet 1.01" = Ulead Button.Applet 1.0
"Ulead COOL 3D 2" = Ulead COOL 3D 2
"Ulead COOL 3D 2.0" = Ulead COOL 3D 2.0 Trial
"Ulead FantasyWarp.Plugin 1.0" = Ulead FantasyWarp.Plugin 1.0
"Ulead Particle.Plugin 1.0" = Ulead Particle.Plugin 1.0
"Ulead Type.Plugin 1.0" = Ulead Type.Plugin 1.0
"Unit Converter" = Unit Converter
"Unlocker" = Unlocker 1.8.3
"Unreal Gold" = Unreal Gold
"Updates.Com" = Updates.Com
"VAEngine 2.1" = VAEngine 2.1
"Vienna" = Vienna SoundFont Studio
"ViewpointMediaPlayer" = Viewpoint Media Player
"Viscape Universal" = Superscape Viscape Universal
"VISPRO" = Microsoft Office Visio Professional 2007
"Vivitar ViviScan Compact II-VSF300" = Vivitar ViviScan Compact II-VSF300
"Voice Editor" = Voice Editor
"VoiceAssist 2.1" = VoiceAssist 2.1
"VSC32" = Virtual Sound Canvas 3.2
"vSim" = vSim
"Warcraft II BNE" = Warcraft II BNE
"Waves Audio Processors 3.2" = Waves Audio Processors 3.2
"Waves Gold Native bundle" = Waves Gold Native bundle
"WebVideoCap" = WebVideoCap
"WildWest1.5" = WildWest1.5
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media On-Demand Producer" = Windows Media On-Demand Producer
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinMerge_is1" = WinMerge 2.6.2.0
"WinMX" = WinMX v3.54 beta 4 Patch level: 3.0 mod 2
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"Wireshark" = Wireshark 1.2.6
"WM Recorder 12.0" = WM Recorder 12.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV to AVI MPEG DVD WMV Converter_is1" = WMV to AVI MPEG DVD WMV Converter 1.7.8
"WMV9APDMOE" = Windows Media Video 9 Advanced Profile Codec
"Wondershare Flash Album Studio_is1" = Wondershare Flash Album Studio (1.6.5.0) Trial Version
"Wondershare Flash SlideShow Builder_is1" = Wondershare Flash SlideShow Builder (3.1.0.92) Trial Version
"Wondershare Flash SlideShow Suite Trial Version_is1" = Wondershare Flash SlideShow Suite (3.1.0.92) Trial Version
"Wondershare Pocket DVD Ripper_is1" = Wondershare Pocket DVD Ripper(Build 1.1.3.0) Trial Version
"Wondershare Pocket DVD Suite Trial Version_is1" = Pocket DVD Suite (Build 1.1.2.0)
"Wondershare Pocket Video Converter Trial Version_is1" = Pocket Video Converter (Build 1.1.2.0)
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"x2VCD" = Super DVD Ripper (remove only)
"XQXSetup_is1" = Xteq Systems X-Setup 6.1
"xSite" = xSite
"XviD" = XviD MPEG-4 Video Codec
"Yahoo! Messenger" = Yahoo! Messenger
"Zip Backup to CD" = Zip Backup to CD
"Zip Password Recovery" = Zip Password Recovery
"Zwei-Stein_is1" = Zwei-Stein Video Compositor 3.01 (Beta 2).

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"998502f2522abe8d" = FOREXTrader
"Adobe Reader for Palm OS" = Adobe Reader for Palm OS, 3.05
"cca7cf78de353a76" = QImport4
"FamilySearch Indexing (www.familysearchindexing.org)" = FamilySearch Indexing (www.familysearchindexing.org)
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.0.0.320
"Image Web Server IE Plugin" = Image Web Server 8.1 IE Plugins (Build:3,4,0,242)
"MOGClient" = MOG-O-MATIC -- Listening preferences and sharing
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11/11/2009 11:30:19 PM | Computer Name = RUSSELL | Source = avast! | ID = 33554522
Description =

Error - 11/11/2009 11:30:22 PM | Computer Name = RUSSELL | Source = avast! | ID = 33554522
Description =

Error - 11/11/2009 11:30:23 PM | Computer Name = RUSSELL | Source = avast! | ID = 33554522
Description =

Error - 11/11/2009 11:30:25 PM | Computer Name = RUSSELL | Source = avast! | ID = 33554522
Description =

Error - 11/11/2009 11:30:27 PM | Computer Name = RUSSELL | Source = avast! | ID = 33554522
Description =

Error - 11/11/2009 11:30:27 PM | Computer Name = RUSSELL | Source = avast! | ID = 33554522
Description =

Error - 12/11/2009 1:13:27 PM | Computer Name = RUSSELL | Source = avast! | ID = 33554522
Description =

Error - 3/11/2010 1:52:45 PM | Computer Name = RUSSELL | Source = avast! | ID = 33554522
Description =

Error - 3/11/2010 1:52:45 PM | Computer Name = RUSSELL | Source = avast! | ID = 33554522
Description =

Error - 3/11/2010 1:52:55 PM | Computer Name = RUSSELL | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 4/1/2010 10:54:02 AM | Computer Name = RUSSELL | Source = Windows Search Service | ID = 3013
Description = The entry <G:\MY DOCUMENTS\REALEX\0YHT21QC.SLT\CACHE\21F7807ED01>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 4/1/2010 10:54:02 AM | Computer Name = RUSSELL | Source = Windows Search Service | ID = 3013
Description = The entry <G:\MY DOCUMENTS\REALEX\0YHT21QC.SLT\CACHE\2A44CE1FD01>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 4/1/2010 10:54:02 AM | Computer Name = RUSSELL | Source = Windows Search Service | ID = 3013
Description = The entry <G:\MY DOCUMENTS\REALEX\0YHT21QC.SLT\CACHE\2A44CE1FD01>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 4/1/2010 7:03:18 PM | Computer Name = RUSSELL | Source = Windows Search Service | ID = 3079
Description = Notifications for the volume r:\ are not active. Context: Windows
Application Details: The device is not ready. (0x80070015)

Error - 5/23/2010 11:09:45 AM | Computer Name = RUSSELL | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/23/2010 11:12:18 AM | Computer Name = RUSSELL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 5/24/2010 2:54:55 PM | Computer Name = RUSSELL | Source = Application Hang | ID = 1002
Description = Hanging application taskmgr.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/24/2010 3:37:03 PM | Computer Name = RUSSELL | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.46.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/24/2010 3:37:12 PM | Computer Name = RUSSELL | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.46.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/24/2010 3:37:24 PM | Computer Name = RUSSELL | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.46.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 8/21/2009 12:31:44 AM | Computer Name = RUSSELL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6014.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 173335
seconds with 1560 seconds of active time. This session ended with a crash.

Error - 11/7/2009 11:17:16 PM | Computer Name = RUSSELL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6014.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 720002
seconds with 7380 seconds of active time. This session ended with a crash.

Error - 11/30/2009 5:44:18 PM | Computer Name = RUSSELL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6014.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1146378
seconds with 15960 seconds of active time. This session ended with a crash.

Error - 12/2/2009 10:44:08 PM | Computer Name = RUSSELL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6014.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 190775
seconds with 3120 seconds of active time. This session ended with a crash.

Error - 12/12/2009 1:25:06 PM | Computer Name = RUSSELL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6014.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 93618
seconds with 1860 seconds of active time. This session ended with a crash.

Error - 12/14/2009 11:13:43 PM | Computer Name = RUSSELL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6014.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 208048
seconds with 4140 seconds of active time. This session ended with a crash.

Error - 12/17/2009 11:39:58 AM | Computer Name = RUSSELL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6014.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 58579
seconds with 780 seconds of active time. This session ended with a crash.

Error - 12/17/2009 7:44:27 PM | Computer Name = RUSSELL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/27/2010 8:48:23 PM | Computer Name = RUSSELL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 444651
seconds with 4380 seconds of active time. This session ended with a crash.

Error - 3/31/2010 4:50:01 PM | Computer Name = RUSSELL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 92
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 5/24/2010 11:22:22 PM | Computer Name = RUSSELL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 5/25/2010 12:00:34 AM | Computer Name = RUSSELL | Source = Service Control Manager | ID = 7034
Description = The Viewpoint Manager Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 5/25/2010 12:17:33 AM | Computer Name = RUSSELL | Source = Service Control Manager | ID = 7000
Description = The WPA Security Protocol (IEEE 802.1x) v2.2.0.0 service failed to
start due to the following error: %%183

Error - 5/25/2010 12:17:40 AM | Computer Name = RUSSELL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 5/25/2010 10:43:03 AM | Computer Name = RUSSELL | Source = Service Control Manager | ID = 7000
Description = The WPA Security Protocol (IEEE 802.1x) v2.2.0.0 service failed to
start due to the following error: %%183

Error - 5/25/2010 10:43:03 AM | Computer Name = RUSSELL | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Windows Search service
to connect.

Error - 5/25/2010 10:43:03 AM | Computer Name = RUSSELL | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053

Error - 5/25/2010 10:43:05 AM | Computer Name = RUSSELL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 5/25/2010 11:28:06 AM | Computer Name = RUSSELL | Source = Service Control Manager | ID = 7000
Description = The WPA Security Protocol (IEEE 802.1x) v2.2.0.0 service failed to
start due to the following error: %%183

Error - 5/25/2010 11:28:18 AM | Computer Name = RUSSELL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd


< End of report >


Regarding P2P or icq: no. Regarding the c:\windows\temp\setup.exe file, it only appears when it tries to start. Then, either Avast or MBAM catches it and quarantines it. It has not appeared during the last day or so, and it's possible that it's gone. However, I'm still getting repetitive attempts to connect to various sites, which MBAM blocks. I'd love to know which program or dll is doing this!

If I run Wireshark, I can see when it does these attempts but I don't know how to trace it to see what is initiating the process.

Thanks for your help!
  • 0

#24
therealex
Posted 25 May 2010 - 12:33 PM

therealex

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 112 posts
temp/setup is back. I know it's a virus generated file, there's no reason why it would get flagged by both avast and MBAM if it wasn't. Avast caught it and quarantined it.
  • 0

#25
therealex
Posted 25 May 2010 - 05:06 PM

therealex

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 112 posts
This may be a clue: the clicking sound starts, and I noticed two copies of iexplore.exe running. That makes sense, as the alerts say iexplore is trying to access various sites (even though I don't use IE). I've checked my Windows\system32 directory, and there isn't any copy there. I deleted one I found in Systems32/DLLCache, and removed the pre-fetch command.

When I stop the processes, the clicking goes away. I assume the random clips would also, if I caught it in time.

I check with LopSD, and it came up blank. None of the signs of a LOP infection are there, although I read that LOP can cause this.

Any suggestions would be greatly appreciated.
  • 0

Advertisements

#26
myrti
Posted 26 May 2010 - 04:33 AM

myrti

    Expert

  • Expert
  • 2,580 posts
Hi,

iexplore doesn't normally lie in C:\windows\system32 but in C:\program files\internet explorer, so it's normal not to see it in system32.

Please run this scan with OTL:
Please run OTL again and use the following setting
s:
  • Check Scan All Users.
  • Click on none at the top.
  • Under Custom Scans/Fixes paste:
    drivers32 /all
  • Finally hit Run Scan and wait for the log to open.
  • Please post the content of the log into your next reply.


Please also provide a fresh log from gmer. As what does setup.exe get detected by Avast and Malwarebytes?

regards myrti
  • 0

#27
therealex
Posted 26 May 2010 - 12:17 PM

therealex

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 112 posts
Here's the OTL log:
OTL logfile created on: 5/26/2010 2:09:19 PM - Run 2
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Russell Alexander\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.04 Gb Total Space | 14.47 Gb Free Space | 30.12% Space Free | Partition Type: NTFS
Drive D: | 12.65 Gb Total Space | 3.03 Gb Free Space | 23.97% Space Free | Partition Type: FAT32
Drive E: | 35.94 Gb Total Space | 23.91 Gb Free Space | 66.52% Space Free | Partition Type: NTFS
Drive F: | 35.74 Gb Total Space | 20.18 Gb Free Space | 56.46% Space Free | Partition Type: NTFS
Drive G: | 35.80 Gb Total Space | 22.68 Gb Free Space | 63.34% Space Free | Partition Type: NTFS
Drive H: | 35.79 Gb Total Space | 13.67 Gb Free Space | 38.20% Space Free | Partition Type: NTFS
Drive I: | 41.57 Gb Total Space | 25.29 Gb Free Space | 60.83% Space Free | Partition Type: NTFS
Drive J: | 10.65 Gb Total Space | 3.62 Gb Free Space | 34.02% Space Free | Partition Type: FAT32
Drive K: | 8.65 Gb Total Space | 3.08 Gb Free Space | 35.65% Space Free | Partition Type: FAT32
Drive L: | 11.74 Gb Total Space | 2.54 Gb Free Space | 21.60% Space Free | Partition Type: FAT32
Drive M: | 9.47 Gb Total Space | 4.89 Gb Free Space | 51.67% Space Free | Partition Type: FAT32
Drive N: | 21.32 Gb Total Space | 4.27 Gb Free Space | 20.04% Space Free | Partition Type: FAT32
Drive O: | 2.47 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive P: | 2.49 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive Q: | 465.76 Gb Total Space | 281.44 Gb Free Space | 60.43% Space Free | Partition Type: NTFS
Drive W: | 149.05 Gb Total Space | 64.38 Gb Free Space | 43.20% Space Free | Partition Type: NTFS
Drive Y: | 3.76 Gb Total Space | 1.22 Gb Free Space | 32.35% Space Free | Partition Type: FAT32

Computer Name: RUSSELL
Current User Name: Russell Alexander
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux7 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux8 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux9 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\System32\rddv1006.dll (Roland Corporation)
Drivers32: midi3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: MIDI7 - C:\WINDOWS\System32\vscapi.dll (Roland)
Drivers32: midi8 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi9 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\rddv1006.dll (Roland Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer7 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer8 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer9 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.imc - C:\WINDOWS\SYSTEM32\IMC32.ACM (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\LHACM.ACM (Microsoft Corporation)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: MSACM.MSNAUDIO - msnaudio.acm File not found
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corp.)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vivog723 - C:\WINDOWS\System32\VIVOG723.ACM (Vivo Software)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co....hors/VA012897/)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.3IV2 - C:\WINDOWS\System32\3ivxVfWCodec_dec.dll (3ivx.com)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.DRAW - C:\WINDOWS\System32\DVIDEO.DLL (Microsoft Corporation)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - frapsvid.dll File not found
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.JPGL - C:\WINDOWS\System32\jpgl.dll (Tekom Technologies, Inc.)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: VIDC.MJPG - C:\WINDOWS\System32\Pvmjpg20.dll (Pegasus Imaging Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MP43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: VIDC.MSUD - msulvc05.dll File not found
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.TR20 - C:\WINDOWS\System32\TR2032.DLL (The Duck Corporation)
Drivers32: VIDC.TSCC - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.UCOD - C:\WINDOWS\System32\CLRVIDDD.DLL (Iterated Systems, Inc.)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.VCR1 - ATIVCR1.DLL File not found
Drivers32: VIDC.VCR2 - ATIVCR2.DLL File not found
Drivers32: VIDC.VDOM - C:\WINDOWS\System32\vdowave.drv (VDOnet LTD..)
Drivers32: vidc.vivo - C:\WINDOWS\System32\IVVIDEO.DLL (Vivo Software)
Drivers32: VIDC.VP40 - vp4vfw.dll File not found
Drivers32: vidc.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP70 - vp7vfw.dll File not found
Drivers32: VIDC.WMV3 - wmv9vcm.dll File not found
Drivers32: vidc.X264 - x264vfw.dll File not found
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vids.draw - C:\WINDOWS\System32\DVIDEO.DLL (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\rddv1006.dll (Roland Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: WAVE6 - C:\WINDOWS\System32\vscapi.dll (Roland)
Drivers32: wave7 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave8 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave9 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
< End of report >

GMER bombed out. However, here is what I've done:
Realizing that this was some kind of Iexplore virus, I upgraded to IE8, which uninstalled the previous version. This morning, MBAM gave this report (edited for brevity):
Files Infected:
C:\System Volume Information\_restore{6345526C-5717-4BF8-8BD3-D2881EFF6922}\RP700\A0332055.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

So, even though all restore points were deleted when I re-imaged the drive from the backup, I guess there was a combination of things that allowed this one to hide. I've since deleted all restore points and started over.

The symptoms have not reappeared as of yet, so it may be finished (finally). I don't know why GMER isn't working properly, though, which bothers me. Also, I would appreciate a definitive answer on this: is there only ONE place where iexplore.exe should be? Not in any of the Windows/ServicePackFiles directories, or anyplace else it might have decided to put an old or backup copy?

Thanks again for your help - here's hoping this is it. Whatever the virus was, it didn't respond to any of the fixes listed for "random clicks and music" (easily found on Google and here on GTG), so it may be a new variant.
  • 0

#28
therealex
Posted 26 May 2010 - 12:36 PM

therealex

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 112 posts
Spoke to soon - the temp file re-appeared and Avast! snagged it.
  • 0

#29
myrti
Posted 26 May 2010 - 02:26 PM

myrti

    Expert

  • Expert
  • 2,580 posts
Hi,

no iexplore should normally be in more than one place.

This is a list from my Windows Vista for example:
[codebox]./Program Files/Internet Explorer/iexplore.exe
./Windows/winsxs/x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16757_none_2d4cb5b31cfa2a15/iexplore.exe
./Windows/winsxs/x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16764_none_2d3ee4e91d04fa01/iexplore.exe
./Windows/winsxs/x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_2d84c7c91ccfce35/iexplore.exe
./Windows/winsxs/x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16830_none_2d5b556b1cf03df9/iexplore.exe
./Windows/winsxs/x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16851_none_2d46b5dd1cff8f32/iexplore.exe
./Windows/winsxs/x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16890_none_2d1a75e31d20e59f/iexplore.exe
./Windows/winsxs/x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20927_none_2df6c42835ff7333/iexplore.exe
./Windows/winsxs/x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20937_none_2debf43c36078f24/iexplore.exe
./Windows/winsxs/x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20996_none_2daa146a36391d73/iexplore.exe
./Windows/winsxs/x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22418_none_2fe8d4ea331cfeb1/iexplore.exe
./Windows/winsxs/x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22475_none_2fa4f48433505a52/iexplore.exe
./Windows/winsxs/x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_124d22632fc9f126/iexplore.exe
./Windows/winsxs/x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18813_none_124354a72fd12395/iexplore.exe
./Windows/winsxs/x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22903_none_12d7c15e48e6a76e/iexplore.exe
./Windows/winsxs/x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21023_none_2df29b2236034119/iexplore.exe
./Windows/winsxs/x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21046_none_2ddffc283610c500/iexplore.exe
./Windows/winsxs/x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21089_none_2db7bd56362e80c9/iexplore.exe
./Windows/winsxs/x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_2f62000919fe80c9/iexplore.exe
./Windows/winsxs/x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18226_none_2f5265b91a094b03/iexplore.exe
./Windows/winsxs/x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18248_none_2f3ec6751a17b593/iexplore.exe
./Windows/winsxs/x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18294_none_2f04b5b11a43dbec/iexplore.exe
./Windows/winsxs/x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22389_none_2f9e23da3354de78/iexplore.exe
[/codebox]

What does Avast say when it snags the file?

regards myrti
  • 0

#30
therealex
Posted 26 May 2010 - 02:44 PM

therealex

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 112 posts
It just says it caught it. doesn't say what process started it. It seems to just notice it when it appears, but can't catch what's generating it!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP