See: http://forums.spybot.info/showthread.php?p=71105#post71105

Thanks for your assistance and here is my latest HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 8:02:42 AM, on 2/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Positive Networks\Drivers\e4mserv.exe
C:\WINDOWS\system32\HDDSvc.exe
C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Positive Networks\Drivers\pospcserv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Hard Drive Inspector\HDInspector.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ZoneTick\zonetick.exe
C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe
C:\Program Files\WinTools\RAM Saver Pro\ramsaverpro.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Program Files\TitleBarClock Pro\Tbcpro.exe
C:\Program Files\Scorpio Software\Handy Animated Emoticons\HAE.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\program files\deskcalc pro\deskcalc.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Positive Networks\PosLoader.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn1\YTBSDK.exe
C:\Documents and Settings\Alex.HOME-ALEX\Desktop\HJThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [DVD43] "C:\Program Files\DVD Region+CSS Free\DVDRegionFree.exe" /hidden
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [PSDrvCheck] "C:\Program Files\Pinnacle\Instant PhotoAlbum\programs\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [HDInspector.exe] C:\Program Files\Hard Drive Inspector\HDInspector.exe
O4 - HKLM\..\Run: [muBlinder] C:\Documents and Settings\Alex.HOME-ALEX\Desktop\muBlinder.exe -startup
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ZoneTick] C:\Program Files\ZoneTick\zonetick.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe" /auto:TivoTransfer /registry /service
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /auto:TivoServer /registry /service
O4 - HKCU\..\Run: [RAMSaverPro] C:\Program Files\WinTools\RAM Saver Pro\ramsaverpro.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [TBC Pro] "C:\Program Files\TitleBarClock Pro\Tbcpro.exe"
O4 - HKCU\..\Run: [Handy Animated Emoticons] "C:\Program Files\Scorpio Software\Handy Animated Emoticons\HAE.exe" /minimized
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [DeskCalc] "c:\program files\deskcalc pro\deskcalc.exe" /hide
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Check For Updates.lnk = C:\Program Files\eDonkey2000Lite\WiseUpdt.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Positive Networks.lnk = C:\Program Files\Positive Networks\PosLoader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www.costcophotocenter.com/CostcoOutlookImport.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (GTDownloaderCtrl Class) - http://inst.c-wss.com/59/EN/html/gtdownlr.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161684026496
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161770650280
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.costcophotocenter.com/CostcoUpload.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: COM+ Alerter Service - Unknown owner - C:\WINDOWS\system32\altsvc.exe (file missing)
O23 - Service: e4mservice - Unknown owner - C:\Program Files\Positive Networks\Drivers\e4mserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Positive Networks VPN Client Manager (pospcserv) - Positive Networks - C:\Program Files\Positive Networks\Drivers\pospcserv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Hi alex95070

Let's take a look this first:

Please download the following program and save it to your desktop:

http://noahdfear.geekstogo.com/FindAWF.exe

Once downloaded, double-click on the file to run it. When it is done there will be a file called awf.txt on your desktop. Please post the contents of that file as a reply to this topic.

Hi Shaba --

Thanks for yuor help in trying to fix this nasty .:spider: . . . :laugh:

Ran the FindAWF scan and here is the log:


Find AWF report by noahdfear ©2006

21504 byte files found
~~~~~~~~~~~~~



21504 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~



25600 byte files found
~~~~~~~~~~~~~

25600 "C:\Documents and Settings\Alex.HOME-ALEX\Desktop\budget.xls"


25600 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~



26450 byte files found
~~~~~~~~~~~~~



26450 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~



bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\321STU~1\PLATINUM\BAK

02/06/2004 08:29 AM 0 makedir
1 File(s) 0 bytes

Directory of C:\PROGRA~1\SUPPORT.COM\BACKUP\HO\HOSTS.BAK

11/22/2003 06:01 AM 12,771 61455_581c9a50f_
1 File(s) 12,771 bytes

Directory of C:\PROGRA~1\SUPPORT.COM\BACKUP\MP\MPLAYER2.BAK

07/02/2003 05:20 AM 3,752 18755_5281fd59a_
1 File(s) 3,752 bytes

Directory of C:\PROGRA~1\ULEADS~1\ULEADV~1.0\PLAYER\UVS8~1.0_O\RUNTIM~1.BAK

0 File(s) 0 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

0 Feb 6 2004 "C:\Program Files\321Studios\Platinum\bak\makedir"
0 Feb 6 2004 "C:\Program Files\321Studios\Platinum\tdf\makedir.dir"
12767 Nov 19 2003 "C:\Program Files\Support.com\backup\HO\HOSTS\61455_581c9a50f_"
12771 Nov 22 2003 "C:\Program Files\Support.com\backup\HO\hosts.bak\61455_581c9a50f_"
3752 Jul 2 2003 "C:\Program Files\Support.com\backup\MP\MPLAYER2.BAK\18755_5281fd59a_"
3752 Jul 2 2003 "C:\Program Files\Support.com\backup\MP\MPLAYER2.INF\18755_5281fd59a_"
47 Aug 25 2006 "C:\My-3D-Album\Album2\autorun.inf"
52 Sep 10 2006 "C:\My-3D-Album\Litwin\autorun.inf"
50 Sep 10 2006 "C:\My-3D-Album\LitwinMix\autorun.inf"
67 Jul 4 2004 "C:\My Intranet\nicole4u\autorun.inf"
67 Jul 4 2004 "C:\My Intranet\spidersoft_webzip\autorun.inf"
77 Jul 15 2004 "C:\My Intranet\technicallead\autorun.inf"
51 Sep 10 2006 "C:\My-3D-Album\Litwin\RecepTitle\autorun.inf"
46 Sep 10 2006 "C:\My-3D-Album\Litwin\Title\autorun.inf"
4824 Aug 30 2005 "C:\Program Files\Corel\Corel Painter Essentials 3 Setup Files\Autorun.inf"
53 May 26 2004 "C:\Program Files\InAlbum\CDTools\Autorun.inf"
53 May 26 2004 "C:\Program Files\InAlbum 2 Deluxe\CDTools\Autorun.inf"
29 Apr 18 2002 "C:\Program Files\MICROMEDEX\WinPDR32\autorun.inf"
0 Apr 29 2000 "C:\Program Files\Multimedia Builder496\Player\autorun.inf"
39 Jul 18 2002 "C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\autorun.inf"
51 Jun 18 1998 "C:\Program Files\Pinnacle\Instant DVD Recorder\AUTORUN.INF"
65 Aug 9 2006 "C:\Program Files\Roxio\Retrieve 9\Autorun.inf"
47 Aug 28 2001 "C:\Program Files\Ulead Systems\Ulead MediaStudio Pro 7.0\AUTORUN.INF"
57 May 12 2006 "C:\Program Files\VideoReDoPlus\HTMLPages\autorun.inf"
51 Sep 10 2006 "C:\My-3D-Album\Litwin\RecepTitle\RecepTitle\autorun.inf"
46 Sep 10 2006 "C:\My-3D-Album\Litwin\RecepTitle\Title\autorun.inf"
56 May 22 2004 "C:\Program Files\CyberLink\PowerProducer\DVDPlayer\AUTORUN.INF"
51 Aug 20 2006 "C:\Program Files\Photodex\CompuPicPro\cdmaster\autorun.inf"
45 Jan 29 2007 "C:\Program Files\Photodex\ProShowGold\english\autorun.inf"
45 Feb 1 2007 "C:\Program Files\Photodex\ProShowProducer\english\autorun.inf"
65 Nov 21 2003 "C:\Program Files\Roxio\Easy Media Creator 7\Creator Classic\Autorun.inf"
43 Aug 5 2003 "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\Autorun.inf"
49 Aug 23 2001 "C:\Program Files\Sonic Solutions\DVDit! LE\Player\Autorun.inf"
31 Mar 15 2004 "C:\Program Files\Ulead Systems\Ulead VideoStudio 8.0\Player\AUTORUN.INF"
41 Aug 31 2003 "C:\Program Files\vso\CopyToDVD\vmp\autorun.inf"
27 Jul 23 2003 "C:\Program Files\vso\CopyToDVD\vsoshow\autorun.inf"
51 Oct 16 1997 "C:\Documents and Settings\Alex\Desktop\Xara Webstyle 3.0 FULL\Xara Webstyle 3.0\AUTORUN.INF"
47 Nov 16 2006 "C:\Documents and Settings\Alex.HOME-ALEX\Local Settings\Temp\WGA Validation v1.5.716.0\AUTORUN.INF"
51 Sep 10 2006 "C:\My-3D-Album\Litwin\RecepTitle\RecepTitle\RecepTitle\autorun.inf"
46 Sep 10 2006 "C:\My-3D-Album\Litwin\RecepTitle\RecepTitle\Title\autorun.inf"
27 Jul 16 2004 "C:\Program Files\Sonic\MyDVD Studio Deluxe Suite\Backup MyPC Deluxe\DR\autorun.inf"
31 Mar 15 2004 "C:\Program Files\Ulead Systems\Ulead VideoStudio 8.0\Player\RunTimePlayer2.0\AUTORUN.INF"
53 Sep 28 2006 "C:\Documents and Settings\Alex.HOME-ALEX\Local Settings\Temp\bye144.tmp\Disk1\AUTORUN.INF"
51 Sep 10 2006 "C:\My-3D-Album\Litwin\RecepTitle\RecepTitle\RecepTitle\RecepTitle\autorun.inf"
49 Sep 18 2003 "C:\Program Files\Ulead Systems\Ulead VideoStudio 8.0\Player\UVS8.0_Other_BakUp\RunTimePlayer2.0.20040309\AUTORUN.INF"
51 Sep 10 2006 "C:\My-3D-Album\Litwin\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\autorun.inf"
49 Sep 18 2003 "C:\Program Files\Ulead Systems\Ulead VideoStudio 8.0\Player\UVS8.0_Other_BakUp\RunTimePlayer2.0.bak\ALL\AUTORUN.INF"
51 Sep 10 2006 "C:\My-3D-Album\Litwin\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\autorun.inf"
51 Sep 10 2006 "C:\My-3D-Album\Litwin\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\autorun.inf"
51 Sep 10 2006 "C:\My-3D-Album\Litwin\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\autorun.inf"
51 Sep 10 2006 "C:\My-3D-Album\Litwin\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\autorun.inf"
51 Sep 10 2006 "C:\My-3D-Album\Litwin\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\autorun.inf"
51 Sep 10 2006 "C:\My-3D-Album\Litwin\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\autorun.inf"
29 Aug 6 2003 "D:\NEW\3d-album_3.2.8\autorun.inf"
25 Mar 28 2006 "D:\NEW\The Physicians Desk Reference Electronic Library\autorun.inf"
31 Aug 22 2003 "D:\FFFFF\Yahoonew\coronadofantasy\ScanSoft PDF Converter\Autorun.inf"
29 Mar 9 2004 "L:\Restoration Training\Autorun.inf"
46 Jun 13 2004 "M:\BitLord Downloads\Lynda.com - Microsoft PowerPoint 2003\Lynda.com - Microsoft PowerPoint 2003\autorun.inf"


end of report

Hi

Ok, awf isn't there

Download WinPFind3U.exe (http://download.bleepingcomputer.com/oldtimer/winpfind3u.exe) to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.

In the Files Created Within group click 30 days
In the Files Modified Within group select 30 days
In the File String Search group select Non-Microsoft

Now click the Run Scan button on the toolbar.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

Shaba --

Here is the log file from WinPFind3. It is too long for a single post, so it will take several:

Part 1:

WinPFind3 logfile created on: 2/25/2007 1:18:53 PM
WinPFind3U by OldTimer - Version 1.0.19 Folder = C:\Documents and Settings\Alex.HOME-ALEX\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

654340 Kb Total Physical Memory | 225500 Kb Available Physical Memory | 34.46% Memory free
2582648 Kb Paging File | 2149652 Kb Available in Paging File | 83.23% Paging File free
Paging file location(s): c:\pagefile.sys 1920 1920;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 122897248 Kb Total Space | 9285412 Kb Free Space | 7.56% Space Free
Drive D: | 58613120 Kb Total Space | 29417579 Kb Free Space | 50.19% Space Free
E: Drive not present or media not loaded
Drive F: | 72429020 Kb Total Space | 37787968 Kb Free Space | 52.17% Space Free


[Processes - Non-Microsoft Only]
acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Distillr\acrotray.exe -> Adobe Systems Inc. [Ver = 7.0.7.2006011200 | Size = 483328 bytes | Modified Date = 1/12/2006 8:52:32 PM | Attr = ]
agent.exe -> %CommonProgramFiles%\InstallShield\UpdateService\agent.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 618496 bytes | Modified Date = 6/10/2005 9:44:02 AM | Attr = ]
anydvd.exe -> %ProgramFiles%\SlySoft\AnyDVD\AnyDVD.exe -> SlySoft, Inc. [Ver = 6.0.5.0 | Size = 471040 bytes | Modified Date = 8/18/2006 2:15:36 AM | Attr = ]
apdproxy.exe -> %ProgramFiles%\Adobe\Photoshop Elements 5.0\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.66984 | Size = 61440 bytes | Modified Date = 9/14/2006 6:55:52 AM | Attr = ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 4:20:00 AM | Attr = ]
cpshelprunner.exe -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe -> Sonic Solutions [Ver = 9.0.1.31 | Size = 10752 bytes | Modified Date = 8/10/2006 10:38:54 AM | Attr = ]
deskcalc.exe -> %ProgramFiles%\deskcalc pro\deskcalc.exe -> DeskCalc GbR [Ver = 4, 0, 11, 0 | Size = 3080192 bytes | Modified Date = 1/29/2007 1:38:22 PM | Attr = ]
drgtodsc.exe -> %ProgramFiles%\Roxio\Drag-to-Disc\DrgToDsc.exe -> Sonic Solutions [Ver = 9.0.0.50 | Size = 1116920 bytes | Modified Date = 7/31/2006 8:00:00 AM | Attr = ]
e4mserv.exe -> %ProgramFiles%\Positive Networks\Drivers\e4mserv.exe -> [Ver = | Size = 80792 bytes | Modified Date = 4/28/2003 1:28:32 PM | Attr = ]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 2, 1128, 5462 | Size = 171448 bytes | Modified Date = 1/24/2007 2:14:26 AM | Attr = ]
hae.exe -> %ProgramFiles%\Scorpio Software\Handy Animated Emoticons\HAE.exe -> Scorpio Software [Ver = 3.00.0045 | Size = 679936 bytes | Modified Date = 5/4/2005 4:12:58 PM | Attr = ]
hddsvc.exe -> %System32%\HDDSvc.exe -> AltrixSoft (http://www.altrixsoft.com/) [Ver = 2, 5, 184, 0 | Size = 192512 bytes | Modified Date = 2/12/2007 10:26:34 PM | Attr = ]
hdinspector.exe -> %ProgramFiles%\Hard Drive Inspector\HDInspector.exe -> Altrixsoft [Ver = 2, 0, 317, 0 | Size = 991744 bytes | Modified Date = 2/14/2007 11:25:08 AM | Attr = ]
idman.exe -> %ProgramFiles%\Internet Download Manager\IDMan.exe -> Tonec Inc. [Ver = 5.08.4 | Size = 892672 bytes | Modified Date = 2/7/2007 12:04:56 AM | Attr = ]
iemonitor.exe -> %ProgramFiles%\Internet Download Manager\IEMonitor.exe -> Tonec Inc. [Ver = 2, 0, 0, 1 | Size = 251576 bytes | Modified Date = 1/25/2007 7:09:06 AM | Attr = ]
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 6/10/2005 9:44:02 AM | Attr = ]
mediadetect.exe -> %ProgramFiles%\Corel\Corel Photo Album 6\MediaDetect.exe -> Corel, Inc. [Ver = 6.3.3 (20060209.16) | Size = 106496 bytes | Modified Date = 2/9/2006 2:34:54 PM | Attr = ]
mssysmgr.exe -> %ProgramFiles%\Comcast\Comcast PhotoShow 4\data\Xtras\mssysmgr.exe -> Simple Star, Inc. [Ver = 4.0.0.0 | Size = 192512 bytes | Modified Date = 5/9/2005 3:16:16 PM | Attr = ]
nmsaccess.exe -> %ProgramFiles%\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe -> [Ver = | Size = 45056 bytes | Modified Date = 12/7/2005 9:44:20 AM | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 81920 bytes | Modified Date = 10/6/2003 1:16:00 PM | Attr = ]
oodag.exe -> %System32%\oodag.exe -> O&O Software GmbH [Ver = 8.0.1398 | Size = 225280 bytes | Modified Date = 5/11/2005 2:09:54 AM | Attr = ]
pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0910 | Size = 30208 bytes | Modified Date = 12/7/2005 10:57:00 PM | Attr = ]
photoshopelementsfileagent.exe -> %ProgramFiles%\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -> [Ver = | Size = 102400 bytes | Modified Date = 9/14/2006 6:56:06 AM | Attr = ]
posloader.exe -> %ProgramFiles%\Positive Networks\PosLoader.exe -> Positive Networks [Ver = 2, 1, 45, 1 | Size = 712192 bytes | Modified Date = 9/5/2006 12:53:02 PM | Attr = ]
pospcserv.exe -> %ProgramFiles%\Positive Networks\Drivers\pospcserv.exe -> Positive Networks [Ver = 2, 1, 9, 2 | Size = 295424 bytes | Modified Date = 9/5/2006 12:53:02 PM | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.0.3 | Size = 155648 bytes | Modified Date = 12/12/2005 12:06:38 AM | Attr = ]
ramsaverpro.exe -> %ProgramFiles%\WinTools\RAM Saver Pro\ramsaverpro.exe -> [Ver = | Size = 77824 bytes | Modified Date = 4/14/2005 1:37:14 AM | Attr = ]
richvideo.exe -> %ProgramFiles%\CyberLink\Shared Files\RichVideo.exe -> [Ver = 1.1.1006 | Size = 167936 bytes | Modified Date = 10/6/2005 12:15:32 AM | Attr = ]
roxwatchtray9.exe -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe -> Sonic Solutions [Ver = 9.0.1.31 | Size = 221184 bytes | Modified Date = 8/10/2006 11:10:14 AM | Attr = ]
schedhlp.exe -> %CommonProgramFiles%\Acronis\Schedule2\schedhlp.exe -> Acronis [Ver = 1,0,0,237 | Size = 87584 bytes | Modified Date = 10/16/2006 9:13:32 PM | Attr = ]
schedul2.exe -> %CommonProgramFiles%\Acronis\Schedule2\schedul2.exe -> Acronis [Ver = 1,0,0,237 | Size = 230944 bytes | Modified Date = 10/16/2006 9:13:28 PM | Attr = ]
scsiaccess.exe -> %ProgramFiles%\Photodex\ProShowProducer\ScsiAccess.exe -> [Ver = | Size = 181312 bytes | Modified Date = 2/1/2007 11:05:10 PM | Attr = ]
sm1bg.exe -> %SystemRoot%\SM1bg.exe -> Cypress Semiconductor [Ver = 6.01.1000.0 | Size = 94208 bytes | Modified Date = 8/27/2003 1:20:00 PM | Attr = R ]
smsystemanalyzer.exe -> %ProgramFiles%\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe -> [Ver = | Size = 557056 bytes | Modified Date = 12/20/2006 5:47:56 PM | Attr = ]
tbcpro.exe -> %ProgramFiles%\TitleBarClock Pro\Tbcpro.exe -> [Ver = | Size = 36352 bytes | Modified Date = 3/4/2006 7:19:46 AM | Attr = ]
timountermonitor.exe -> %ProgramFiles%\Acronis\TrueImageHome\TimounterMonitor.exe -> Acronis [Ver = 3.3 build 443 | Size = 1941784 bytes | Modified Date = 10/16/2006 9:17:16 PM | Attr = ]
tivobeacon.exe -> %CommonProgramFiles%\TiVo Shared\Beacon\TiVoBeacon.exe -> TiVo Inc. [Ver = 1.2 | Size = 844288 bytes | Modified Date = 4/29/2005 11:28:28 AM | Attr = ]
tivotransfer.exe -> %CommonProgramFiles%\TiVo Shared\Transfer\TivoTransfer.exe -> TiVo Inc. [Ver = 1.0 | Size = 1009664 bytes | Modified Date = 4/29/2005 11:29:16 AM | Attr = ]
trueimagemonitor.exe -> %ProgramFiles%\Acronis\TrueImageHome\TrueImageMonitor.exe -> Acronis [Ver = 10,0,0,4871 | Size = 1164912 bytes | Modified Date = 10/16/2006 9:12:20 PM | Attr = ]
ulcdrsvr.exe -> %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe -> Ulead Systems, Inc. [Ver = 1, 0, 0, 4 | Size = 49152 bytes | Modified Date = 1/31/2005 9:45:20 AM | Attr = ]
usisrv.exe -> %CommonProgramFiles%\Ulead Systems\DVD\USISrv.exe -> Ulead Systems [Ver = 1, 0, 1, 16 | Size = 81920 bytes | Modified Date = 12/23/2004 4:27:50 PM | Attr = ]
vcddaemon.exe -> %ProgramFiles%\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe -> Elaborate Bytes AG [Ver = 5, 0, 0, 0 | Size = 45056 bytes | Modified Date = 4/12/2005 7:27:20 AM | Attr = ]
winampa.exe -> %ProgramFiles%\Winamp\winampa.exe -> [Ver = | Size = 35328 bytes | Modified Date = 6/21/2006 9:14:50 AM | Attr = ]
wincinemamgr.exe -> %ProgramFiles%\InterVideo\Common\Bin\WinCinemaMgr.exe -> InterVideo Inc. [Ver = IVI_MAJOR_VERSION.IVI_MINOR_VERSION | Size = 278528 bytes | Modified Date = 4/17/2006 1:28:42 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.19.0 | Size = 311296 bytes | Modified Date = 2/23/2007 9:00:08 PM | Attr = ]
wzqkpick.exe -> %ProgramFiles%\WinZip\WZQKPICK.EXE -> WinZip Computing LP [Ver = 1.0 (32-bit) | Size = 122880 bytes | Modified Date = 4/7/2006 9:00:00 AM | Attr = ]
ytbsdk.exe -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\YTBSDK.exe -> Symantec Corporation [Ver = 2006.0.0.13 | Size = 214704 bytes | Modified Date = 6/28/2006 11:34:34 AM | Attr = ]
zonetick.exe -> %ProgramFiles%\ZoneTick\zonetick.exe -> WR Consulting [Ver = 2, 6, 6, 0 | Size = 126976 bytes | Modified Date = 8/29/2005 9:34:52 AM | Attr = ]

Part 2

[Win32 Services - Non-Microsoft Only]
(AcrSch2Svc) Acronis Scheduler2 Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Acronis\Schedule2\schedul2.exe -> Acronis [Ver = 1,0,0,237 | Size = 230944 bytes | Modified Date = 10/16/2006 9:13:28 PM | Attr = ]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 4/28/2005 8:08:30 PM | Attr = ]
(AdobeActiveFileMonitor5.0) Adobe Active File Monitor V5 [Win32_Own | Auto | Running] -> %ProgramFiles%\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -> [Ver = | Size = 102400 bytes | Modified Date = 9/14/2006 6:56:06 AM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Disabled | Stopped] -> -> File not found
(ccPwdSvc) Symantec Password Validation [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccPwdSvc.exe -> Symantec Corporation [Ver = 103.5.6.3 | Size = 83568 bytes | Modified Date = 10/4/2005 12:42:48 PM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Disabled | Stopped] -> -> File not found
(COM+ Alerter Service) COM+ Alerter Service [Win32_Own | Auto | Stopped] -> %System32%\altsvc.exe -> File not found
(DefWatch) Symantec AntiVirus Definition Watcher [Win32_Own | Disabled | Stopped] -> -> File not found
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
(e4mservice) e4mservice [Win32_Own | Auto | Running] -> %ProgramFiles%\Positive Networks\Drivers\e4mserv.exe -> [Ver = | Size = 80792 bytes | Modified Date = 4/28/2003 1:28:32 PM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 1/24/2007 2:14:22 AM | Attr = ]
(HDDSvc) HDD Information Service [Win32_Own | Auto | Running] -> %System32%\HDDSvc.exe -> AltrixSoft (http://www.altrixsoft.com/) [Ver = 2, 5, 184, 0 | Size = 192512 bytes | Modified Date = 2/12/2007 10:26:34 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 2:24:18 AM | Attr = ]
(iPodService) iPodService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.1.3 | Size = 323584 bytes | Modified Date = 10/18/2005 11:58:40 AM | Attr = ]
(Macromedia Licensing Service) Macromedia Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macromedia Shared\Service\Macromedia Licensing.exe -> Macromedia [Ver = 2.65.000 | Size = 69632 bytes | Modified Date = 11/3/2004 3:14:48 AM | Attr = ]
(NMSAccess) NMSAccess [Win32_Own | Auto | Running] -> %ProgramFiles%\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe -> [Ver = | Size = 45056 bytes | Modified Date = 12/7/2005 9:44:20 AM | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 81920 bytes | Modified Date = 10/6/2003 1:16:00 PM | Attr = ]
(O&O Defrag) O&O Defrag [Win32_Own | Auto | Running] -> %System32%\oodag.exe -> O&O Software GmbH [Ver = 8.0.1398 | Size = 225280 bytes | Modified Date = 5/11/2005 2:09:54 AM | Attr = ]
(pospcserv) Positive Networks VPN Client Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\Positive Networks\Drivers\pospcserv.exe -> Positive Networks [Ver = 2, 1, 9, 2 | Size = 295424 bytes | Modified Date = 9/5/2006 12:53:02 PM | Attr = ]
(RichVideo) Cyberlink RichVideo Service(CRVS) [Win32_Own | Auto | Running] -> %ProgramFiles%\CyberLink\Shared Files\RichVideo.exe -> [Ver = 1.1.1006 | Size = 167936 bytes | Modified Date = 10/6/2005 12:15:32 AM | Attr = ]
(Roxio UPnP Renderer 9) Roxio UPnP Renderer 9 [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -> Sonic Solutions [Ver = 8.0.0.47 | Size = 57344 bytes | Modified Date = 8/9/2006 3:30:32 AM | Attr = ]
(Roxio Upnp Server 9) Roxio Upnp Server 9 [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Roxio\Digital Home 9\RoxioUpnpService9.exe -> Sonic Solutions [Ver = 9.0.0.94 | Size = 294912 bytes | Modified Date = 8/9/2006 3:30:06 AM | Attr = ]
(RoxLiveShare9) LiveShare P2P Server 9 [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -> Sonic Solutions [Ver = 9.0.1.31 | Size = 303104 bytes | Modified Date = 8/10/2006 11:04:22 AM | Attr = ]
(RoxMediaDB9) RoxMediaDB9 [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -> Sonic Solutions [Ver = 9.0.1.31 | Size = 880640 bytes | Modified Date = 8/10/2006 11:02:44 AM | Attr = ]
(RoxWatch9) Roxio Hard Drive Watcher 9 [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -> Sonic Solutions [Ver = 9.0.1.31 | Size = 159744 bytes | Modified Date = 8/10/2006 10:59:26 AM | Attr = ]
(SavRoam) SavRoam [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec AntiVirus\SavRoam.exe -> symantec [Ver = 10.0.2.2000 | Size = 169200 bytes | Modified Date = 11/15/2005 1:27:56 PM | Attr = ]
(ScsiAccess) ScsiAccess [Win32_Own | Auto | Running] -> %ProgramFiles%\Photodex\ProShowProducer\ScsiAccess.exe -> [Ver = | Size = 181312 bytes | Modified Date = 2/1/2007 11:05:10 PM | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | Disabled | Stopped] -> -> File not found
(SPBBCSvc) Symantec SPBBCSvc [Win32_Own | Disabled | Stopped] -> -> File not found
(stllssvr) stllssvr [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\SureThing Shared\stllssvr.exe -> MicroVision Development, Inc. [Ver = 1.2.447 | Size = 73728 bytes | Modified Date = 7/20/2006 6:25:04 PM | Attr = ]
(Symantec AntiVirus) Symantec AntiVirus [Win32_Own | Auto | Stopped] -> -> File not found
(TivoBeacon2) TiVo Beacon [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\TiVo Shared\Beacon\TiVoBeacon.exe -> TiVo Inc. [Ver = 1.2 | Size = 844288 bytes | Modified Date = 4/29/2005 11:28:28 AM | Attr = ]
(TUWinStylerThemeSvc) TuneUp WinStyler Theme Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\TuneUp Utilities 2004\WinStylerThemeSvc.exe -> TuneUp Software GmbH [Ver = 1.0.0.78 | Size = 117760 bytes | Modified Date = 8/5/2004 4:02:44 PM | Attr = ]
(UleadBurningHelper) Ulead Burning Helper [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe -> Ulead Systems, Inc. [Ver = 1, 0, 0, 4 | Size = 49152 bytes | Modified Date = 1/31/2005 9:45:20 AM | Attr = ]

Part 3

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
-> -> File not found
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 4:20:00 AM | Attr = ]
Acrobat Assistant 7.0 -> %ProgramFiles%\Adobe\Acrobat 7.0\Distillr\acrotray.exe -> Adobe Systems Inc. [Ver = 7.0.7.2006011200 | Size = 483328 bytes | Modified Date = 1/12/2006 8:52:32 PM | Attr = ]
Acronis Scheduler2 Service -> %CommonProgramFiles%\Acronis\Schedule2\schedhlp.exe -> Acronis [Ver = 1,0,0,237 | Size = 87584 bytes | Modified Date = 10/16/2006 9:13:32 PM | Attr = ]
AcronisTimounterMonitor -> %ProgramFiles%\Acronis\TrueImageHome\TimounterMonitor.exe -> Acronis [Ver = 3.3 build 443 | Size = 1941784 bytes | Modified Date = 10/16/2006 9:17:16 PM | Attr = ]
Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Elements 5.0\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.66984 | Size = 61440 bytes | Modified Date = 9/14/2006 6:55:52 AM | Attr = ]
CloneCDTray -> %ProgramFiles%\SlySoft\CloneCD\CloneCDTray.exe -> SlySoft, Inc. [Ver = 5, 0, 1, 1 | Size = 57344 bytes | Modified Date = 12/9/2004 5:56:52 AM | Attr = ]
Corel Photo Downloader -> %ProgramFiles%\Corel\Corel Photo Album 6\MediaDetect.exe -> Corel, Inc. [Ver = 6.3.3 (20060209.16) | Size = 106496 bytes | Modified Date = 2/9/2006 2:34:54 PM | Attr = ]
DVD43 -> %ProgramFiles%\DVD Region+CSS Free\DVDRegionFree.exe -> Fengtao Software Inc. [Ver = 5, 6, 0, 8 | Size = 503808 bytes | Modified Date = 12/1/2004 10:48:38 PM | Attr = ]
HDInspector.exe -> %ProgramFiles%\Hard Drive Inspector\HDInspector.exe -> Altrixsoft [Ver = 2, 0, 317, 0 | Size = 991744 bytes | Modified Date = 2/14/2007 11:25:08 AM | Attr = ]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 249856 bytes | Modified Date = 6/10/2005 9:44:02 AM | Attr = ]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 6/10/2005 9:44:02 AM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.1.3 | Size = 278528 bytes | Modified Date = 10/18/2005 11:58:54 AM | Attr = ]
LanguageShortcut -> %ProgramFiles%\CyberLink\PowerDVD\Language\Language.exe -> [Ver = 1, 0, 1718, 0 | Size = 49152 bytes | Modified Date = 5/18/2006 11:29:00 AM | Attr = ]
muBlinder -> %UserDesktop%\muBlinder.exe -> KRX [Ver = 3.2.0.0 | Size = 425984 bytes | Modified Date = 10/19/2006 6:21:40 AM | Attr = ]
NeroFilterCheck -> %CommonProgramFiles%\Ahead\Lib\NeroCheck.exe -> Nero AG [Ver = 1, 0, 0, 5 | Size = 155648 bytes | Modified Date = 1/12/2006 3:40:44 PM | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 5058560 bytes | Modified Date = 10/6/2003 1:16:00 PM | Attr = ]
PinnacleDriverCheck -> %System32%\PSDrvCheck.exe -> [Ver = 1.0.0.63 | Size = 406016 bytes | Modified Date = 3/10/2004 4:26:10 PM | Attr = ]
PSDrvCheck -> %ProgramFiles%\Pinnacle\Instant PhotoAlbum\Programs\PSDrvCheck.exe -> [Ver = 1.0.0.59 | Size = 406016 bytes | Modified Date = 9/12/2003 3:08:58 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.0.3 | Size = 155648 bytes | Modified Date = 12/12/2005 12:06:38 AM | Attr = ]
RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0910 | Size = 30208 bytes | Modified Date = 12/7/2005 10:57:00 PM | Attr = ]
RoxioDragToDisc -> %ProgramFiles%\Roxio\Drag-to-Disc\DrgToDsc.exe -> Sonic Solutions [Ver = 9.0.0.50 | Size = 1116920 bytes | Modified Date = 7/31/2006 8:00:00 AM | Attr = ]
RoxWatchTray -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe -> Sonic Solutions [Ver = 9.0.1.31 | Size = 221184 bytes | Modified Date = 8/10/2006 11:10:14 AM | Attr = ]
SM1BG -> %SystemRoot%\SM1bg.exe -> Cypress Semiconductor [Ver = 6.01.1000.0 | Size = 94208 bytes | Modified Date = 8/27/2003 1:20:00 PM | Attr = R ]
TrueImageMonitor.exe -> %ProgramFiles%\Acronis\TrueImageHome\TrueImageMonitor.exe -> Acronis [Ver = 10,0,0,4871 | Size = 1164912 bytes | Modified Date = 10/16/2006 9:12:20 PM | Attr = ]
USIUDF_Eject_Monitor -> %CommonProgramFiles%\Ulead Systems\DVD\USISrv.exe -> Ulead Systems [Ver = 1, 0, 1, 16 | Size = 81920 bytes | Modified Date = 12/23/2004 4:27:50 PM | Attr = ]
VirtualCloneDrive -> %ProgramFiles%\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe -> Elaborate Bytes AG [Ver = 5, 0, 0, 0 | Size = 45056 bytes | Modified Date = 4/12/2005 7:27:20 AM | Attr = ]
WinampAgent -> %ProgramFiles%\Winamp\winampa.exe -> [Ver = | Size = 35328 bytes | Modified Date = 6/21/2006 9:14:50 AM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AnyDVD -> %ProgramFiles%\SlySoft\AnyDVD\AnyDVD.exe -> SlySoft, Inc. [Ver = 6.0.5.0 | Size = 471040 bytes | Modified Date = 8/18/2006 2:15:36 AM | Attr = ]
DeskCalc -> %ProgramFiles%\deskcalc pro\deskcalc.exe -> DeskCalc GbR [Ver = 4, 0, 11, 0 | Size = 3080192 bytes | Modified Date = 1/29/2007 1:38:22 PM | Attr = ]
Handy Animated Emoticons -> %ProgramFiles%\Scorpio Software\Handy Animated Emoticons\HAE.exe -> Scorpio Software [Ver = 3.00.0045 | Size = 679936 bytes | Modified Date = 5/4/2005 4:12:58 PM | Attr = ]
IDMan -> %ProgramFiles%\Internet Download Manager\IDMan.exe -> Tonec Inc. [Ver = 5.08.4 | Size = 892672 bytes | Modified Date = 2/7/2007 12:04:56 AM | Attr = ]
NvMediaCenter -> %System32%\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 49152 bytes | Modified Date = 10/6/2003 1:16:00 PM | Attr = ]
PhotoShow Deluxe Media Manager -> %ProgramFiles%\Comcast\Comcast PhotoShow 4\data\Xtras\mssysmgr.exe -> Simple Star, Inc. [Ver = 4.0.0.0 | Size = 192512 bytes | Modified Date = 5/9/2005 3:16:16 PM | Attr = ]
RAMSaverPro -> %ProgramFiles%\WinTools\RAM Saver Pro\ramsaverpro.exe -> [Ver = | Size = 77824 bytes | Modified Date = 4/14/2005 1:37:14 AM | Attr = ]
SMSystemAnalyzer -> %ProgramFiles%\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe -> [Ver = | Size = 557056 bytes | Modified Date = 12/20/2006 5:47:56 PM | Attr = ]
Spyware Doctor -> %ProgramFiles%\Spyware Doctor\swdoctor.exe -> File not found
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 2, 1128, 5462 | Size = 171448 bytes | Modified Date = 1/24/2007 2:14:26 AM | Attr = ]
TBC Pro -> %ProgramFiles%\TitleBarClock Pro\Tbcpro.exe -> [Ver = | Size = 36352 bytes | Modified Date = 3/4/2006 7:19:46 AM | Attr = ]
TivoServer -> %ProgramFiles%\TiVo\Desktop\TiVoServer.exe -> TiVo Inc. [Ver = 1.1 | Size = 1819648 bytes | Modified Date = 4/29/2005 11:30:44 AM | Attr = ]
TivoTransfer -> %CommonProgramFiles%\TiVo Shared\Transfer\TivoTransfer.exe -> TiVo Inc. [Ver = 1.0 | Size = 1009664 bytes | Modified Date = 4/29/2005 11:29:16 AM | Attr = ]
ZoneTick -> %ProgramFiles%\ZoneTick\zonetick.exe -> WR Consulting [Ver = 2, 6, 6, 0 | Size = 126976 bytes | Modified Date = 8/29/2005 9:34:52 AM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Acrobat Speed Launcher.lnk -> -> File not found
%AllUsersStartup%\InterVideo WinCinema Manager.lnk -> %ProgramFiles%\InterVideo\Common\Bin\WinCinemaMgr.exe -> InterVideo Inc. [Ver = IVI_MAJOR_VERSION.IVI_MINOR_VERSION | Size = 278528 bytes | Modified Date = 4/17/2006 1:28:42 PM | Attr = ]
%AllUsersStartup%\Positive Networks.lnk -> %ProgramFiles%\Positive Networks\PosLoader.exe -> Positive Networks [Ver = 2, 1, 45, 1 | Size = 712192 bytes | Modified Date = 9/5/2006 12:53:02 PM | Attr = ]
%AllUsersStartup%\WinZip Quick Pick.lnk -> %ProgramFiles%\WinZip\WZQKPICK.EXE -> WinZip Computing LP [Ver = 1.0 (32-bit) | Size = 122880 bytes | Modified Date = 4/7/2006 9:00:00 AM | Attr = ]
< User Startup > -> C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\ST\Startup
%UserStartup%\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 3/16/2005 6:16:50 PM | Attr = ]
%UserStartup%\Check For Updates.lnk -> %ProgramFiles%\eDonkey2000Lite\WiseUpdt.exe -> [Ver = | Size = 162834 bytes | Modified Date = 7/26/2002 5:04:24 PM | Attr = ]
< File Associations > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\
.bat [@ = batfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.cmd [@ = cmdfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.com [@ = comfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.cpl [@ = cplfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.exe [@ = exefile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.hta [@ = htafile] -> PersistentHandler = Reg Data - Key not found ->
.html [@ = htmlfile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} ->
.inf [@ = inffile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.ini [@ = inifile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.url [@ = InternetShortcut] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.js [@ = JSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.jse [@ = JSEFile] -> PersistentHandler = Reg Data - Key not found ->
.pif [@ = piffile] -> PersistentHandler = Reg Data - Key not found ->
.reg [@ = regfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.scr [@ = scrfile] -> PersistentHandler = Reg Data - Key not found ->
.txt [@ = txtfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.vbe [@ = VBEFile] -> PersistentHandler = Reg Data - Key not found ->
.vbs [@ = VBSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.wsf [@ = WSFFile] -> PersistentHandler = Reg Data - Key not found ->
.wsh [@ = WSHFile] -> PersistentHandler = Reg Data - Key not found ->
< Registry Shell Spawning > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command
batfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
batfile [open] -> "%1" %* ->
batfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
cmdfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
cmdfile [open] -> "%1" %* ->
cmdfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
comfile [open] -> "%1" %* ->
cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL "%1",%* -> Microsoft Corporation [Ver = 6.00.2900.2951 (xpsp_sp2_gdr.060713-0009) | Size = 8453632 bytes | Modified Date = 7/13/2006 5:33:28 AM | Attr = ]
exefile [open] -> "%1" %* ->
htafile [open] -> %System32%\mshta.exe "%1" %* -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 29184 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
htmlfile [edit] -> "%ProgramFiles%\Microsoft Office\OFFICE11\msohtmed.exe" %1 -> Microsoft Corporation [Ver = 11.0.5510 | Size = 55360 bytes | Modified Date = 7/14/2003 9:52:56 PM | Attr = ]
htmlfile [open] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" -nohome -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
htmlfile [opennew] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" %1 -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
htmlfile [print] -> "%ProgramFiles%\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 -> Microsoft Corporation [Ver = 11.0.5510 | Size = 55360 bytes | Modified Date = 7/14/2003 9:52:56 PM | Attr = ]
http [open] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" -nohome -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
https [open] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" -nohome -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33280 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
inffile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
inffile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
inifile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
inifile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
InternetShortcut [open] -> rundll32.exe shdocvw.dll,OpenURL %l -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp_sp2_gdr.061023-0214) | Size = 1494528 bytes | Modified Date = 10/23/2006 7:17:54 AM | Attr = ]
InternetShortcut [print] -> rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp_sp2_gdr.061023-0214) | Size = 3055104 bytes | Modified Date = 10/23/2006 7:17:52 AM | Attr = ]
jsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
jsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
jsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
jsefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
jsefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
jsefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
piffile [open] -> "%1" %* ->
regfile [edit] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
regfile [open] -> regedit.exe "%1" -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 146432 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
regfile [merge] -> Reg Data - Key not found ->

Part 4

regfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
scrfile [config] -> "%1" ->
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 135168 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
scrfile [open] -> "%1" %* ->
txtfile [edit] -> Reg Data - Key not found ->
txtfile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
txtfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
txtfile [printto] -> %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
vbefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
vbefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
vbefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
vbsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
vbsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
vbsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
wsffile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
wsffile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
wsffile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
wshfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> Microsoft Corporation [Ver = 6.00.2900.2951 (xpsp_sp2_gdr.060713-0009) | Size = 8453632 bytes | Modified Date = 7/13/2006 5:33:28 AM | Attr = ]
Directory [!ezcddaxa] -> "%ProgramFiles%\Easy CD-DA Extractor 10\\convert.exe" "%1" -> [Ver = | Size = 6656 bytes | Modified Date = 7/27/2006 1:35:02 AM | Attr = ]
Directory [!ezcddaxb] -> "%ProgramFiles%\Easy CD-DA Extractor 10\\burn.exe" "%1" -> [Ver = | Size = 6656 bytes | Modified Date = 7/27/2006 1:35:02 AM | Attr = ]
Directory [!ezcddaxc] -> "%ProgramFiles%\Easy CD-DA Extractor 10\\burn2.exe" "%1" -> [Ver = | Size = 6656 bytes | Modified Date = 7/27/2006 1:35:02 AM | Attr = ]
Directory [ACDBrowse] -> "%ProgramFiles%\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" -> ACD Systems Ltd. [Ver = 1,0,68,1 | Size = 512000 bytes | Modified Date = 9/7/2006 11:03:20 AM | Attr = ]
Directory [Browse in Ember] -> %ProgramFiles%\Firehand Technologies\Ember\Ember.exe %1 -> Firehand Technologies Corporation [Ver = 7.0.10 | Size = 733184 bytes | Modified Date = 1/15/2005 4:20:44 PM | Attr = ]
Directory [find] -> %SystemRoot%\Explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
Directory [UsePrintFolders] -> "%ProgramFiles%\PrintFolders\PrintFolders.exe" "%1" -> Stratopoint Software [Ver = 2, 2, 1, 0 | Size = 249856 bytes | Modified Date = 7/22/2005 3:07:44 AM | Attr = ]
Directory [Winamp.Bookmark] -> "%ProgramFiles%\Winamp\Winamp.exe" /BOOKMARK "%1" -> Nullsoft [Ver = 5,2,4,703 | Size = 1075200 bytes | Modified Date = 6/21/2006 9:16:10 AM | Attr = ]
Directory [Winamp.Enqueue] -> "%ProgramFiles%\Winamp\Winamp.exe" /ADD "%1" -> Nullsoft [Ver = 5,2,4,703 | Size = 1075200 bytes | Modified Date = 6/21/2006 9:16:10 AM | Attr = ]
Directory [Winamp.Play] -> "%ProgramFiles%\Winamp\Winamp.exe" "%1" -> Nullsoft [Ver = 5,2,4,703 | Size = 1075200 bytes | Modified Date = 6/21/2006 9:16:10 AM | Attr = ]
Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
Drive [find] -> %SystemRoot%\Explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
Applications\iexplore.exe [open] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" %1 -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
< ActiveX StubPath [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -> ->
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> ->
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ->
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ->
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ->
{4b218e3e-bc98-4770-93d3-2731b9329278} -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf ->
{5945c046-1e7d-11d1-bc44-00c04fd912be} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ->
{6BF52A52-394A-11d3-B153-00C04F79FAA6} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub ->
{73FA19D0-2D75-11D2-995D-00C04F98BBC9} -> ->
{7790769C-0471-11d2-AF11-00C04FA35D02} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ->
{89820200-ECBD-11cf-8B85-00AA005B4340} -> regsvr32.exe /s /n /i:U shell32.dll ->
{89820200-ECBD-11cf-8B85-00AA005B4383} -> %SystemRoot%\system32\ie4uinit.exe ->
{89B4C1CD-B018-4511-B0A1-5476DBF70820} -> C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ->
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> C:\WINDOWS\inf\unregmp2.exe /ShowWMP ->
>{26923b43-4d38-484f-9b9e-de460746276c} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ->
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ->
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ->
< WOW Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW
cmdline -> %SystemRoot%\system32\ntvdm.exe ->
wowcmdline -> %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386 ->
< Session Manager Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
BootExecute -> sprestrt; ->
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 9/28/2006 6:13:28 AM | Attr = ]
{93994DE8-8239-4655-B1D1-5F4E91300429} [HKLM] -> %ProgramFiles%\DVD Region+CSS Free\DVDShell.dll [] -> Fengtao Software Inc. [Ver = 5, 5, 0, 8 | Size = 49152 bytes | Modified Date = 10/9/2004 3:18:02 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
NavLogon -> %System32%\NavLogon.dll -> Symantec Corporation [Ver = 10.0.2.2000 | Size = 43760 bytes | Modified Date = 11/15/2005 1:28:12 PM | Attr = ]
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveSearch -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\\NoResolveTrack -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 144 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer not found. -> ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = ->
0 -> Source = file:///C:/DOCUME~1/ALEX~1.HOM/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg ->
0 -> SubscribedURL = file:///C:/DOCUME~1/ALEX~1.HOM/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg ->
1 -> [Key] ->
1 -> FriendlyName = My Current Home Page ->
1 -> Source = About:Home ->
1 -> SubscribedURL = About:Home ->
< HOSTS File > (813 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://www.excite.com/ ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 5, 1 | Size = 439872 bytes | Modified Date = 9/6/2006 9:09:00 AM | Attr = ]
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
*.update_microsoft.com [http] -> ->
*.update_microsoft.com [https] -> ->
turbotax.com [http] -> ->
turbotax.com [https] -> ->
download_windowsupdate.com [http] -> ->

Part 5

< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{0055C089-8582-441B-A0BF-17B458C2A3A8} [HKLM] -> %ProgramFiles%\Internet Download Manager\IDMIECC.dll [IDMIEHlprObj Class] -> Tonec Inc. [Ver = 3, 0, 2, 1 | Size = 79544 bytes | Modified Date = 1/25/2007 7:15:28 AM | Attr = ]
{00C6482D-C502-44C8-8409-FCE54AD9C208} [HKLM] -> %ProgramFiles%\TechSmith\SnagIt 8\SnagItBHO.dll [HelperObject Class] -> TechSmith Corporation [Ver = 1.0.1 | Size = 49152 bytes | Modified Date = 3/14/2006 7:01:00 AM | Attr = ]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 9, 5, 1 | Size = 439872 bytes | Modified Date = 9/6/2006 9:09:00 AM | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 4:16:42 AM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> d:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Reg Data - Value does not exist] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} [HKLM] -> %ProgramFiles%\Spyware Doctor\tools\iesdsg.dll [PCTools Site Guard] -> PC Tools [Ver = 3.6.0.2071 | Size = 825528 bytes | Modified Date = 8/1/2006 3:27:06 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 11/10/2005 1:22:10 PM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
{AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 12/18/2006 4:18:14 AM | Attr = ]
{B56A7D7D-6927-48C8-A975-17DF180C71AC} [HKLM] -> %ProgramFiles%\Spyware Doctor\tools\iesdpb.dll [PCTools Browser Monitor] -> PC Tools [Ver = 3.6.0.2283 | Size = 850104 bytes | Modified Date = 8/1/2006 3:23:12 PM | Attr = ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 12/18/2006 4:18:14 AM | Attr = ]
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\yhexbmes0521.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2004, 5, 21, 2 | Size = 320656 bytes | Modified Date = 10/27/2004 1:20:42 AM | Attr = ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\yhexbmes0521.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2004, 5, 21, 2 | Size = 320656 bytes | Modified Date = 10/27/2004 1:20:42 AM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 12/18/2006 4:18:14 AM | Attr = ]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} [HKLM] -> %ProgramFiles%\TechSmith\SnagIt 8\SnagItIEAddin.dll [SnagIt] -> TechSmith Corporation [Ver = 1.0.6 | Size = 131072 bytes | Modified Date = 3/14/2006 7:01:00 AM | Attr = ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 5, 1 | Size = 439872 bytes | Modified Date = 9/6/2006 9:09:00 AM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
ShellBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 12/18/2006 4:18:14 AM | Attr = ]
ShellBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 12/18/2006 4:18:14 AM | Attr = ]
WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 5, 1 | Size = 439872 bytes | Modified Date = 9/6/2006 9:09:00 AM | Attr = ]
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8192 - Sun Java Console ->
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -> 8196 - Reg Data - Value does not exist ->
{4528BBE0-4E08-11D5-AD55-00010333D0AD} -> 8193 - Yahoo! Messenger ->
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> 8194 - Reg Data - Value does not exist ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8195 - Windows Messenger ->
NextId -> 8197 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\npjpi150_06.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 11/10/2005 1:22:10 PM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 11/10/2005 1:22:10 PM | Attr = ]
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -> Reg Data - Value does not exist [ButtonText: Spyware Doctor] -> File not found
{4528BBE0-4E08-11D5-AD55-00010333D0AD} -> Reg Data - Value does not exist [ButtonText: Messenger] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&Yahoo! Search -> %ProgramFiles%\Yahoo!\Common\YCSRCH.HTM -> [Ver = | Size = 605 bytes | Modified Date = 5/18/2004 4:57:16 PM | Attr = ]
Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECaptureSelLinks.htm -> File not found
Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppendSelLinks.htm -> File not found
Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
Convert to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
Download All Links with IDM -> %ProgramFiles%\Internet Download Manager\IEGetAll.htm -> [Ver = | Size = 283 bytes | Modified Date = 10/20/2003 2:13:14 AM | Attr = ]
Download with IDM -> %ProgramFiles%\Internet Download Manager\IEExt.htm -> [Ver = | Size = 277 bytes | Modified Date = 12/2/2004 8:31:10 AM | Attr = ]
E&xport to Microsoft Excel -> -> File not found

Part 6

Open using &Advanced JPEG Compressor -> %ProgramFiles%\Advanced JPEG Compressor\ajcieex.htm -> [Ver = | Size = 415 bytes | Modified Date = 11/21/2001 7:10:28 PM | Attr = ]
Yahoo! &Dictionary -> %ProgramFiles%\Yahoo!\Common\YCDICT.HTM -> [Ver = | Size = 616 bytes | Modified Date = 5/18/2004 4:56:58 PM | Attr = ]
Yahoo! &Maps -> %ProgramFiles%\Yahoo!\Common\YCDICT.HTM -> [Ver = | Size = 616 bytes | Modified Date = 5/18/2004 4:56:58 PM | Attr = ]
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} [HKLM] -> %ProgramFiles%\TuneUp Utilities 2004\SDShelEx.dll [TuneUp Shredder Shell Context Menu Extension] -> TuneUp Software GmbH [Ver = 1.0.0.145 | Size = 45568 bytes | Modified Date = 8/5/2004 4:02:42 PM | Attr = ]
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} [HKLM] -> Reg Data - Key not found [Autoplay for SlideShow] -> File not found
{0873D142-79EF-49fa-81B5-211AAC0B0A7F} [HKLM] -> %ProgramFiles%\Roxio\Easy Media Creator 7\Creator Classic\TargetFinder.dll [Target Finder Shell Extension] -> [Ver = 1, 0, 0, 1 | Size = 172032 bytes | Modified Date = 4/13/2004 3:29:52 PM | Attr = ]
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C} [HKLM] -> %ProgramFiles%\Roxio\Virtual Drive 9\DC_ShellExt.dll [RXDCExtShlExt extension] -> Sonic Solutions [Ver = 9.0.1.16 | Size = 81920 bytes | Modified Date = 8/9/2006 1:49:14 AM | Attr = ]
{1CDB2949-8F65-4355-8456-263E7C208A5D} [HKLM] -> %System32%\nvshell.dll [Desktop Explorer] -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 430152 bytes | Modified Date = 10/6/2003 1:16:00 PM | Attr = ]
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} [HKLM] -> %System32%\nvshell.dll [Desktop Explorer Menu] -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 430152 bytes | Modified Date = 10/6/2003 1:16:00 PM | Attr = ]
{23170F69-40C1-278A-1000-000100020000} [HKLM] -> %ProgramFiles%\7-Zip\7-zip.dll [7-Zip Shell Extension] -> [Ver = | Size = 138752 bytes | Modified Date = 5/13/2006 8:23:40 PM | Attr = ]
{2AA59FC0-31E8-42DA-9D3C-E9A52953853B} [HKLM] -> %ProgramFiles%\vso\CopyToDVD\CtcdShell.dll [CopyToCD shell extension] -> VSO Software [Ver = 1.2.0.43 | Size = 222208 bytes | Modified Date = 6/2/2003 6:33:00 AM | Attr = ]
{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} [HKLM] -> %ProgramFiles%\Illustrate\dBpowerAMP\dMCShell.dll [dBpowerAMP Music Converter] -> [Ver = 6, 0, 0, 1 | Size = 118784 bytes | Modified Date = 1/29/2005 12:05:12 AM | Attr = ]
{32020A01-506E-484D-A2A8-BE3CF17601C3} [HKLM] -> %ProgramFiles%\Alcohol Soft\Alcohol 120\AXShlEx.dll [AlcoholShellEx] -> Alcohol Soft Development Team [Ver = 1.9.5.3718 | Size = 343424 bytes | Modified Date = 7/29/2006 10:36:42 AM | Attr = ]
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> [Display Panning CPL Extension] -> File not found
{46E22146-59C0-4136-9233-FB7720E777B2} [HKLM] -> %ProgramFiles%\Easy CD-DA Extractor 10\ezcddax10.dll [EzCddax extension] -> [Ver = | Size = 48128 bytes | Modified Date = 8/22/2006 9:28:38 PM | Attr = ]
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} [HKLM] -> %ProgramFiles%\Microsoft Office\Visio11\VISSHE.DLL [{506F4668-F13E-4AA1-BB04-B43203AB3CC0}] -> [Ver = | Size = 785464 bytes | Modified Date = 8/16/2003 5:29:34 AM | Attr = ]
{5071CDA5-D3E1-11D5-BFC0-005004A71005} [HKLM] -> %ProgramFiles%\Advanced JPEG Compressor\ContextMenuExt.dll [Advanced JPEG Compressor Context Menu Shell Extension] -> [Ver = | Size = 48640 bytes | Modified Date = 11/22/2001 2:43:48 PM | Attr = ]
{51A64D28-F937-4045-A420-065CEFBD8A76} [HKLM] -> %ProgramFiles%\ARAR\ARARSHL.dll [ARAR Context Menu Shell Extension] -> [Ver = 1, 0, 0, 0 | Size = 64000 bytes | Modified Date = 6/22/2005 7:17:26 PM | Attr = ]
{5464D816-CF16-4784-B9F3-75C0DB52B499} [HKLM] -> %ProgramFiles%\Yahoo!\Common\ymmapi.dll [Yahoo! Mail] -> Yahoo! Inc. [Ver = 2004, 6, 13, 1 | Size = 180296 bytes | Modified Date = 6/14/2004 5:13:24 PM | Attr = ]
{5E44E225-A408-11CF-B581-008029601108} [HKLM] -> %ProgramFiles%\Roxio\Drag-to-Disc\Shellex.dll [Roxio DragToDisc Shell Extension] -> Sonic Solutions [Ver = 9.0.0.50 | Size = 367352 bytes | Modified Date = 7/31/2006 8:00:00 AM | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{79BC0345-1015-11D2-A299-006008312725} [HKLM] -> %ProgramFiles%\Pinnacle\Studio 10\programs\BlueShellExt.dll [blue.shell] -> [Ver = | Size = 188416 bytes | Modified Date = 10/13/2005 5:01:34 PM | Attr = ]
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} [HKLM] -> %ProgramFiles%\TechSmith\SnagIt 8\SnagItIEAddin.dll [SnagIt] -> TechSmith Corporation [Ver = 1.0.6 | Size = 131072 bytes | Modified Date = 3/14/2006 7:01:00 AM | Attr = ]
{8FF88D21-7BD0-11D1-BFB7-00AA00262A11} [HKLM] -> %ProgramFiles%\WinAce\arcext.dll [WinAce Archiver 2.6 Context Menu Shell Extension] -> e-merge GmbH [Ver = 2.5.1.0 | Size = 166912 bytes | Modified Date = 8/9/2005 1:06:00 AM | Attr = ]
{8FF88D23-7BD0-11D1-BFB7-00AA00262A11} [HKLM] -> %ProgramFiles%\WinAce\arcext.dll [WinAce Archiver 2.6 Property Sheet Shell Extension] -> e-merge GmbH [Ver = 2.5.1.0 | Size = 166912 bytes | Modified Date = 8/9/2005 1:06:00 AM | Attr = ]
{8FF88D25-7BD0-11D1-BFB7-00AA00262A11} [HKLM] -> %ProgramFiles%\WinAce\arcext.dll [WinAce Archiver 2.6 DragDrop Shell Extension] -> e-merge GmbH [Ver = 2.5.1.0 | Size = 166912 bytes | Modified Date = 8/9/2005 1:06:00 AM | Attr = ]
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} [HKLM] -> %ProgramFiles%\WinAce\arcext.dll [WinAce Archiver 2.6 Context Menu Shell Extension] -> e-merge GmbH [Ver = 2.5.1.0 | Size = 166912 bytes | Modified Date = 8/9/2005 1:06:00 AM | Attr = ]
{99BCFECE-CB38-4983-BFCA-0390EDE66384} [HKLM] -> %ProgramFiles%\Exif Farm\ExifFarm.dll [Exif Farm Context Menu Shell Extension] -> Two Pilots [Ver = 1.6.0.0 | Size = 781824 bytes | Modified Date = 7/18/2005 7:02:00 AM | Attr = ]
{A965C8E0-54A7-11D6-BF08-00079500BB23} [HKLM] -> Reg Data - Key not found [ZipZag Shell extension] -> File not found
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR shell extension] -> [Ver = | Size = 126464 bytes | Modified Date = 8/5/2006 10:34:34 AM | Attr = ]
{B7056B8E-4F99-44f8-8CBD-282390FE5428} [HKLM] -> %ProgramFiles%\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [VirtualCloneDrive] -> Elaborate Bytes AG [Ver = 5, 0, 0, 2 | Size = 69632 bytes | Modified Date = 8/20/2004 11:14:30 AM | Attr = ]
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} [HKLM] -> %ProgramFiles%\iTunes\iTunesMiniPlayer.dll [iTunes] -> Apple Computer, Inc. [Ver = 6.0.1.3 | Size = 102400 bytes | Modified Date = 10/18/2005 12:10:06 PM | Attr = ]
{BAB66DEA-6E13-473b-AA5A-B4172418F54B} [HKLM] -> %ProgramFiles%\Firehand Technologies\Ember\fhndicon.dll [Firehand Ember Thumbnail Icon Generator] -> Firehand Technologies Corporation [Ver = 7.0.10 | Size = 53248 bytes | Modified Date = 1/15/2005 4:21:18 PM | Attr = ]
{BDA77241-42F6-11d0-85E2-00AA001FE28C} [HKLM] -> %CommonProgramFiles%\Symantec Shared\SSC\vpshell2.dll [LDVP Shell Extensions] -> Symantec Corporation [Ver = 10.0.2.2000 | Size = 46320 bytes | Modified Date = 11/15/2005 1:28:42 PM | Attr = ]
{C539A15A-3AF9-4c92-B771-50CB78F5C751} [HKLM] -> %ProgramFiles%\Acronis\TrueImageHome\tishell.dll [Acronis True Image Shell Context Menu Extension] -> Acronis [Ver = 10,0,0,4871 | Size = 499872 bytes | Modified Date = 10/16/2006 9:17:08 PM | Attr = ]
{C539A15B-3AF9-4c92-B771-50CB78F5C751} [HKLM] -> %ProgramFiles%\Acronis\TrueImageHome\tishell.dll [Acronis True Image Shell Extension] -> Acronis [Ver = 10,0,0,4871 | Size = 499872 bytes | Modified Date = 10/16/2006 9:17:08 PM | Attr = ]
{CF74B903-3389-469c-B3B6-0204D204FCBD} [HKLM] -> %ProgramFiles%\TechSmith\SnagIt 8\SnagItShellExt.dll [SnagIt Shell Extension] -> TechSmith Corporation [Ver = 1.0.0.1 | Size = 110592 bytes | Modified Date = 3/14/2006 7:01:00 AM | Attr = ]
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll [Adobe.Acrobat.ContextMenu] -> Adobe Systems Inc. [Ver = 7.0.7.2006011200\0 | Size = 581632 bytes | Modified Date = 1/12/2006 8:49:02 PM | Attr = ]
{D66DC78C-4F61-447F-942B-3FB6980118CF} [HKLM] -> %ProgramFiles%\Microsoft Office\Visio11\VISSHE.DLL [{D66DC78C-4F61-447F-942B-3FB6980118CF}] -> [Ver = | Size = 785464 bytes | Modified Date = 8/16/2003 5:29:34 AM | Attr = ]
{DBD8E168-244D-448C-9922-25508950D1DC} [HKLM] -> %CommonProgramFiles%\Ulead Systems\DVD\USIShex.dll [Ulead UDF Driver] -> Ulead Systems, Inc. [Ver = 1, 1, 1, 21 | Size = 49152 bytes | Modified Date = 3/2/2005 2:52:46 AM | Attr = ]
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} [HKLM] -> %ProgramFiles%\Unlocker\UnlockerCOM.dll [UnlockerShellExtension] -> [Ver = | Size = 9216 bytes | Modified Date = 2/1/2006 3:14:26 PM | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 20552 bytes | Modified Date = 2/11/2003 8:10:00 AM | Attr = ]
{E0D79305-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 20552 bytes | Modified Date = 2/11/2003 8:10:00 AM | Attr = ]
{E0D79306-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 20552 bytes | Modified Date = 2/11/2003 8:10:00 AM | Attr = ]
{E0D79307-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 20552 bytes | Modified Date = 2/11/2003 8:10:00 AM | Attr = ]
{e57ce731-33e8-4c51-8354-bb4de9d215d1} [HKLM] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\UPnPUI.dll [Universal Plug and Play Devices] -> Sonic Solutions [Ver = 9.0.1.31 | Size = 655360 bytes | Modified Date = 8/10/2006 11:00:38 AM | Attr = ]
{E8CF73E1-2D2B-465D-9740-8E85349FD65A} [HKLM] -> %ProgramFiles%\DxO Labs\DxO Optics Pro v4\DOPMenu.dll [DOPMenu] -> [Ver = 1, 0, 0, 1 | Size = 1249280 bytes | Modified Date = 10/26/2006 9:34:44 PM | Attr = ]
{EC34FF98-16DB-4EBA-A91E-2596C03C35F6} [HKLM] -> %ProgramFiles%\AOEV\AOEVSHL.dll [AOEV Context Menu Shell Extension] -> [Ver = 1, 1, 0, 1 | Size = 64000 bytes | Modified Date = 6/7/2005 10:12:46 AM | Attr = ]
{F5D92341-0A64-11D0-9956-0000E8096023} [HKLM] -> %System32%\ShellExt\CDWshext.dll [CD Copy Shell Extension] -> Pinnacle Systems, Inc. [Ver = 6.0.0.0 | Size = 100352 bytes | Modified Date = 2/24/2003 10:48:50 AM | Attr = ]
{F5D92342-0A64-11D0-9956-0000E8096023} [HKLM] -> %System32%\ShellExt\CDWshext.dll [CD Wizard Shell Extension] -> Pinnacle Systems, Inc. [Ver = 6.0.0.0 | Size = 100352 bytes | Modified Date = 2/24/2003 10:48:50 AM | Attr = ]
{F5D92344-0A64-11D0-9956-0000E8096023} [HKLM] -> Reg Data - Key not found [InstantWrite Shellextension] -> File not found
{FED7043D-346A-414D-ACD7-550D052499A7} [HKLM] -> %ProgramFiles%\Illustrate\dBpowerAMP\dBShell.dll [dBpowerAMP Music Converter 1] -> [Ver = 6, 0, 0, 1 | Size = 110592 bytes | Modified Date = 1/29/2005 12:05:12 AM | Attr = ]
DxRecord Shell Extension [HKLM] -> Reg Data - Key not found [{8BF95282-F6F3-41a5-9423-1EB926E6624F}] -> File not found
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{0BD4AC2F-20DA-43e6-A2BB-CCA4A39B930D} [HKLM] -> %ProgramFiles%\Droppix\Droppix Recorder\ShImgFile.dll [DWShellContextMenu Class] -> Droppix [Ver = 1,7,5 Build 60 | Size = 241664 bytes | Modified Date = 6/10/2006 11:00:00 AM | Attr = ]
{C539A15A-3AF9-4c92-B771-50CB78F5C751} [HKLM] -> %ProgramFiles%\Acronis\TrueImageHome\tishell.dll [Acronis True Image Shell Context Menu Extension] -> Acronis [Ver = 10,0,0,4871 | Size = 499872 bytes | Modified Date = 10/16/2006 9:17:08 PM | Attr = ]
{23170F69-40C1-278A-1000-000100020000} [HKLM] -> %ProgramFiles%\7-Zip\7-zip.dll [7-Zip] -> [Ver = | Size = 138752 bytes | Modified Date = 5/13/2006 8:23:40 PM | Attr = ]
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll [Adobe.Acrobat.ContextMenu] -> Adobe Systems Inc. [Ver = 7.0.7.2006011200\0 | Size = 581632 bytes | Modified Date = 1/12/2006 8:49:02 PM | Attr = ]
{5071CDA5-D3E1-11D5-BFC0-005004A71005} [HKLM] -> %ProgramFiles%\Advanced JPEG Compressor\ContextMenuExt.dll [AJC] -> [Ver = | Size = 48640 bytes | Modified Date = 11/22/2001 2:43:48 PM | Attr = ]
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 10/6/2006 3:40:48 AM | Attr = ]
{2AA59FC0-31E8-42DA-9D3C-E9A52953853B} [HKLM] -> %ProgramFiles%\vso\CopyToDVD\CtcdShell.dll [CopyToCD] -> VSO Software [Ver = 1.2.0.43 | Size = 222208 bytes | Modified Date = 6/2/2003 6:33:00 AM | Attr = ]
{E8CF73E1-2D2B-465D-9740-8E85349FD65A} [HKLM] -> %ProgramFiles%\DxO Labs\DxO Optics Pro v4\DOPMenu.dll [DOPMenu] -> [Ver = 1, 0, 0, 1 | Size = 1249280 bytes | Modified Date = 10/26/2006 9:34:44 PM | Attr = ]
{99BCFECE-CB38-4983-BFCA-0390EDE66384} [HKLM] -> %ProgramFiles%\Exif Farm\ExifFarm.dll [exifinfofarm] -> Two Pilots [Ver = 1.6.0.0 | Size = 781824 bytes | Modified Date = 7/18/2005 7:02:00 AM | Attr = ]
{46E22146-59C0-4136-9233-FB7720E777B2} [HKLM] -> %ProgramFiles%\Easy CD-DA Extractor 10\ezcddax10.dll [EzCddax] -> [Ver = | Size = 48128 bytes | Modified Date = 8/22/2006 9:28:38 PM | Attr = ]
{75FACB91-6630-4481-908C-3A69DDC2F1E7} [HKLM] -> %ProgramFiles%\LumaPix\FotoFusion\FFSheller.dll [FFSheller] -> LumaPix [Ver = 1.0.0.1 | Size = 91744 bytes | Modified Date = 3/10/2006 7:59:42 PM | Attr = ]
{BDA77241-42F6-11d0-85E2-00AA001FE28C} [HKLM] -> %CommonProgramFiles%\Symantec Shared\SSC\vpshell2.dll [LDVPMenu] -> Symantec Corporation [Ver = 10.0.2.2000 | Size = 46320 bytes | Modified Date = 11/15/2005 1:28:42 PM | Attr = ]
{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e} [HKLM] -> %ProgramFiles%\PowerArchiver\PASHLEXT.DLL [PowerArchiver] -> ConeXware, Inc. [Ver = 9.1.0.0 | Size = 80384 bytes | Modified Date = 3/6/2005 3:16:00 PM | Attr = ]
{0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C} [HKLM] -> %ProgramFiles%\Roxio\Virtual Drive 9\DC_ShellExt.dll [RXDCExtSvr] -> Sonic Solutions [Ver = 9.0.1.16 | Size = 81920 bytes | Modified Date = 8/9/2006 1:49:14 AM | Attr = ]
{CF74B903-3389-469c-B3B6-0204D204FCBD} [HKLM] -> %ProgramFiles%\TechSmith\SnagIt 8\SnagItShellExt.dll [SnagItMainShellExt] -> TechSmith Corporation [Ver = 1.0.0.1 | Size = 110592 bytes | Modified Date = 3/14/2006 7:01:00 AM | Attr = ]
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} [HKLM] -> %ProgramFiles%\Unlocker\UnlockerCOM.dll [UnlockerShellExtension] -> [Ver = | Size = 9216 bytes | Modified Date = 2/1/2006 3:14:26 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Modified Date = 8/5/2006 10:34:34 AM | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 20552 bytes | Modified Date = 2/11/2003 8:10:00 AM | Attr = ]
{5464D816-CF16-4784-B9F3-75C0DB52B499} [HKLM] -> %ProgramFiles%\Yahoo!\Common\ymmapi.dll [Yahoo! Mail] -> Yahoo! Inc. [Ver = 2004, 6, 13, 1 | Size = 180296 bytes | Modified Date = 6/14/2004 5:13:24 PM | Attr = ]
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} [HKLM] -> %ProgramFiles%\WinAce\arcext.dll [ZFAdd] -> e-merge GmbH [Ver = 2.5.1.0 | Size = 166912 bytes | Modified Date = 8/9/2005 1:06:00 AM | Attr = ]
< ContextMenuHandlers - AllFilesystemObjects [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} [HKLM] -> %ProgramFiles%\Unlocker\UnlockerCOM.dll [UnlockerShellExtension] -> [Ver = | Size = 9216 bytes | Modified Date = 2/1/2006 3:14:26 PM | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{0BD4AC2F-20DA-43e6-A2BB-CCA4A39B930D} [HKLM] -> %ProgramFiles%\Droppix\Droppix Recorder\ShImgFile.dll [DWShellContextMenu Class] -> Droppix [Ver = 1,7,5 Build 60 | Size = 241664 bytes | Modified Date = 6/10/2006 11:00:00 AM | Attr = ]
{23170F69-40C1-278A-1000-000100020000} [HKLM] -> %ProgramFiles%\7-Zip\7-zip.dll [7-Zip] -> [Ver = | Size = 138752 bytes | Modified Date = 5/13/2006 8:23:40 PM | Attr = ]
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 10/6/2006 3:40:48 AM | Attr = ]
{2AA59FC0-31E8-42DA-9D3C-E9A52953853B} [HKLM] -> %ProgramFiles%\vso\CopyToDVD\CtcdShell.dll [CopyToCD] -> VSO Software [Ver = 1.2.0.43 | Size = 222208 bytes | Modified Date = 6/2/2003 6:33:00 AM | Attr = ]
{E8CF73E1-2D2B-465D-9740-8E85349FD65A} [HKLM] -> %ProgramFiles%\DxO Labs\DxO Optics Pro v4\DOPMenu.dll [DOPMenu] -> [Ver = 1, 0, 0, 1 | Size = 1249280 bytes | Modified Date = 10/26/2006 9:34:44 PM | Attr = ]
{1ED0F018-76B9-4DB9-9C06-CA0F3088F04F} [HKLM] -> %ProgramFiles%\Mythicsoft\FileLocator Pro\FLProShellExt.dll [FileLocatorPro] -> Mythicsoft [Ver = 1.0.0.1 | Size = 114688 bytes | Modified Date = 12/8/2004 1:30:06 AM | Attr = ]
{CF74B903-3389-469c-B3B6-0204D204FCBD} [HKLM] -> %ProgramFiles%\TechSmith\SnagIt 8\SnagItShellExt.dll [SnagItMainShellExt] -> TechSmith Corporation [Ver = 1.0.0.1 | Size = 110592 bytes | Modified Date = 3/14/2006 7:01:00 AM | Attr = ]
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} [HKLM] -> %ProgramFiles%\Unlocker\UnlockerCOM.dll [UnlockerShellExtension] -> [Ver = | Size = 9216 bytes | Modified Date = 2/1/2006 3:14:26 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Modified Date = 8/5/2006 10:34:34 AM | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 20552 bytes | Modified Date = 2/11/2003 8:10:00 AM | Attr = ]
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} [HKLM] -> %ProgramFiles%\WinAce\arcext.dll [ZFAdd] -> e-merge GmbH [Ver = 2.5.1.0 | Size = 166912 bytes | Modified Date = 8/9/2005 1:06:00 AM | Attr = ]

Part 7

< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{C539A15A-3AF9-4c92-B771-50CB78F5C751} [HKLM] -> %ProgramFiles%\Acronis\TrueImageHome\tishell.dll [Acronis True Image Shell Context Menu Extension] -> Acronis [Ver = 10,0,0,4871 | Size = 499872 bytes | Modified Date = 10/16/2006 9:17:08 PM | Attr = ]
{2AA59FC0-31E8-42DA-9D3C-E9A52953853B} [HKLM] -> %ProgramFiles%\vso\CopyToDVD\CtcdShell.dll [CopyToCD] -> VSO Software [Ver = 1.2.0.43 | Size = 222208 bytes | Modified Date = 6/2/2003 6:33:00 AM | Attr = ]
{BDA77241-42F6-11d0-85E2-00AA001FE28C} [HKLM] -> %CommonProgramFiles%\Symantec Shared\SSC\vpshell2.dll [LDVPMenu] -> Symantec Corporation [Ver = 10.0.2.2000 | Size = 46320 bytes | Modified Date = 11/15/2005 1:28:42 PM | Attr = ]
{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e} [HKLM] -> %ProgramFiles%\PowerArchiver\PASHLEXT.DLL [PowerArchiver] -> ConeXware, Inc. [Ver = 9.1.0.0 | Size = 80384 bytes | Modified Date = 3/6/2005 3:16:00 PM | Attr = ]
{0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C} [HKLM] -> %ProgramFiles%\Roxio\Virtual Drive 9\DC_ShellExt.dll [RXDCExtSvr] -> Sonic Solutions [Ver = 9.0.1.16 | Size = 81920 bytes | Modified Date = 8/9/2006 1:49:14 AM | Attr = ]
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} [HKLM] -> %ProgramFiles%\Unlocker\UnlockerCOM.dll [UnlockerShellExtension] -> [Ver = | Size = 9216 bytes | Modified Date = 2/1/2006 3:14:26 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Modified Date = 8/5/2006 10:34:34 AM | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 20552 bytes | Modified Date = 2/11/2003 8:10:00 AM | Attr = ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{99BCFECE-CB38-4983-BFCA-0390EDE66384} [HKLM] -> %ProgramFiles%\Exif Farm\ExifFarm.dll [Exif Pilot] -> Two Pilots [Ver = 1.6.0.0 | Size = 781824 bytes | Modified Date = 7/18/2005 7:02:00 AM | Attr = ]
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Modified Date = 12/14/2004 2:20:02 AM | Attr = ]
{FED7043D-346A-414D-ACD7-550D052499A7} [HKLM] -> %ProgramFiles%\Illustrate\dBpowerAMP\dBShell.dll [dBpShell Class] -> [Ver = 6, 0, 0, 1 | Size = 110592 bytes | Modified Date = 1/29/2005 12:05:12 AM | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{292ACB4B-2534-4F6C-B250-DD96F3DCB22A} -> () ->
{2E831D9B-7610-4CE6-90D1-EBE1E32DA252} -> () ->
{53C9FBB5-3DAC-44E7-A82A-DFAF8BF411D7} -> () ->
{B1349DC0-EE7F-477B-9ED8-B250250C156D} -> () ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{01012101-5E80-11D8-9E86-0007E96C65AE} -> SupportSoft Script Runner Class - CodeBase = http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab ->
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> Office Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=58813 ->
{10E0E75E-6701-4134-9D95-C0942ED1F1C8} -> Snapfish Outlook Import ActiveX Control - CodeBase = http://www.costcophotocenter.com/CostcoOutlookImport.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204 ->
{25365FF3-2746-4230-9DA7-163CCA318309} -> GTDownloaderCtrl Class - CodeBase = http://inst.c-wss.com/59/EN/html/gtdownlr.cab ->
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> Symantec AntiVirus scanner - CodeBase = http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab ->
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeupdate/content/opuc3.cab ->
{406B5949-7190-4245-91A9-30A17DE16AD0} -> Snapfish Activia - CodeBase = http://www.costcophotocenter.com/CostcoActivia.cab ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161684026496 ->
{644E432F-49D3-41A1-8DD5-E099162EEEC5} -> Symantec RuFSI Utility Class - CodeBase = http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161770650280 ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab ->
{90051A81-3018-4826-8B38-DD60B6B53F9C} -> Snapfish File Upload ActiveX Control - CodeBase = http://www.costcophotocenter.com/CostcoUpload.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab ->
{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} -> Java Plug-in 1.3.1 - CodeBase = http://java.sun.com/products/plugin/1.3.1/jinstall-131-win.cab ->
{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} -> Java Plug-in 1.4.2_05 - CodeBase = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab ->
{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} -> Java Plug-in 1.4.2_06 - CodeBase = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab ->
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_02 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab ->
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_04 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab ->
{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -> ActiveDataInfo Class - CodeBase = https://www-secure.symantec.com/techsupp/activedata/SymAData.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab ->
{E77C0D62-882A-456F-AD8F-7C6C9569B8C7} -> ActiveDataObj Class - CodeBase = https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab ->
[Files - Created Within 30 days]
I2E_Test.XXX -> %SystemDrive%\I2E_Test.XXX -> [Ver = | Size = 21 bytes | Created Date = 2/10/2007 1:45:02 PM | Attr = ]
KLStreamRemover.exe -> %SystemDrive%\KLStreamRemover.exe -> [Ver = | Size = 16448 bytes | Created Date = 2/18/2007 3:56:58 PM | Attr = ]
I2ePlugin.ini -> %UserAppData%\I2ePlugin.ini -> [Ver = | Size = 197 bytes | Created Date = 2/11/2007 2:52:45 AM | Attr = ]
eurofxref-hist.xml -> %UserDocuments%\eurofxref-hist.xml -> [Ver = | Size = 78186 bytes | Created Date = 2/7/2007 12:20:55 AM | Attr = ]
Intuit.pdf -> %UserDocuments%\Intuit.pdf -> [Ver = | Size = 65395 bytes | Created Date = 2/12/2007 9:42:51 AM | Attr = ]
AVG Anti-Spyware.lnk -> %AllUsersDesktop%\AVG Anti-Spyware.lnk -> [Ver = | Size = 859 bytes | Created Date = 2/17/2007 1:36:43 AM | Attr = ]
i2e image enhancer.lnk -> %AllUsersDesktop%\i2e image enhancer.lnk -> [Ver = | Size = 853 bytes | Created Date = 2/10/2007 1:44:08 PM | Attr = ]
Lightroom.lnk -> %AllUsersDesktop%\Lightroom.lnk -> [Ver = | Size = 1816 bytes | Created Date = 2/22/2007 2:16:56 AM | Attr = ]
Spyware Doctor.lnk -> %AllUsersDesktop%\Spyware Doctor.lnk -> [Ver = | Size = 591 bytes | Created Date = 2/13/2007 8:34:01 AM | Attr = ]
Activescan.doc -> %UserDesktop%\Activescan.doc -> [Ver = | Size = 95744 bytes | Created Date = 2/15/2007 11:37:28 PM | Attr = ]
Adobe Lightroom.v1.0 and Serial.zip -> %UserDesktop%\Adobe Lightroom.v1.0 and Serial.zip -> [Ver = | Size = 22609850 bytes | Created Date = 2/22/2007 9:08:20 AM | Attr = ]
Auto Image Optimization Tests.pdf -> %UserDesktop%\Auto Image Optimization Tests.pdf -> [Ver = | Size = 1712100 bytes | Created Date = 2/11/2007 4:01:58 PM | Attr = ]
Azureus.exe.lnk -> %UserDesktop%\Azureus.exe.lnk -> [Ver = | Size = 1544 bytes | Created Date = 2/13/2007 7:58:15 AM | Attr = ]
Betterphoto Adventures in Photography.avi -> %UserDesktop%\Betterphoto Adventures in Photography.avi -> [Ver = | Size = 733668370 bytes | Created Date = 2/24/2007 11:47:41 PM | Attr = ]
blbeta.exe -> %UserDesktop%\blbeta.exe -> F-Secure Corporation [Ver = 2, 2, 1055, 0 | Size = 899960 bytes | Created Date = 2/18/2007 10:04:49 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\blbeta.exe:Zone.Identifier ->
budget.xls -> %UserDesktop%\budget.xls -> [Ver = | Size = 25600 bytes | Created Date = 2/8/2007 8:41:35 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\budget.xls:Zone.Identifier ->
divx v65_nigmae.rar -> %UserDesktop%\divx v65_nigmae.rar -> [Ver = | Size = 14876157 bytes | Created Date = 1/29/2007 12:06:05 AM | Attr = ]
Downloads Folder.lnk -> %UserDesktop%\Downloads Folder.lnk -> [Ver = | Size = 1250 bytes | Created Date = 2/2/2007 12:18:53 AM | Attr = ]
drweb-cureit.exe -> %UserDesktop%\drweb-cureit.exe -> [Ver = | Size = 5751200 bytes | Created Date = 2/16/2007 12:02:17 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\drweb-cureit.exe:Zone.Identifier ->
FSResizerSetup24.exe -> %UserDesktop%\FSResizerSetup24.exe -> [Ver = | Size = 1309847 bytes | Created Date = 1/29/2007 8:20:30 AM | Attr = ]
gmer.exe -> %UserDesktop%\gmer.exe -> [Ver = 1, 0, 12, 12027 | Size = 573440 bytes | Created Date = 2/24/2007 11:13:40 PM | Attr = ]
Image.zip -> %UserDesktop%\Image.zip -> [Ver = | Size = 47535285 bytes | Created Date = 2/11/2007 4:43:21 PM | Attr = ]
Internet Download Manager.lnk -> %UserDesktop%\Internet Download Manager.lnk -> [Ver = | Size = 718 bytes | Created Date = 2/2/2007 12:05:44 AM | Attr = ]
MO[1].VidaOne.MyPersonalDiet.v1.19.rar -> %UserDesktop%\MO[1].VidaOne.MyPersonalDiet.v1.19.rar -> [Ver = | Size = 2819144 bytes | Created Date = 1/30/2007 1:49:41 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\MO[1].VidaOne.MyPersonalDiet.v1.19.rar:Zone.Identifier ->
Rootkit Unhooker.lnk -> %UserDesktop%\Rootkit Unhooker.lnk -> [Ver = | Size = 570 bytes | Created Date = 2/17/2007 11:17:23 PM | Attr = ]
s-ptst2.rar -> %UserDesktop%\s-ptst2.rar -> [Ver = | Size = 16817448 bytes | Created Date = 2/21/2007 10:46:02 PM | Attr = ]
SDFull.rar -> %UserDesktop%\SDFull.rar -> [Ver = | Size = 9713668 bytes | Created Date = 2/13/2007 8:13:44 AM | Attr = ]
setup.exe -> %UserDesktop%\setup.exe -> [Ver = | Size = 33113648 bytes | Created Date = 2/15/2007 1:16:24 AM | Attr = ]
Spybot Thread.url -> %UserDesktop%\Spybot Thread.url -> [Ver = | Size = 154 bytes | Created Date = 2/23/2007 11:15:04 PM | Attr = ]
spybotsd14.exe -> %UserDesktop%\spybotsd14.exe -> Safer Networking Limited [Ver = | Size = 5037072 bytes | Created Date = 2/14/2007 12:41:49 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\spybotsd14.exe:Zone.Identifier ->
Spyware Board Link.url -> %UserDesktop%\Spyware Board Link.url -> [Ver = | Size = 161 bytes | Created Date = 2/18/2007 11:42:40 PM | Attr = ]
Spyware.Doctor.4.0.0.2621.full.fixed.upped.by.magic.rar -> %UserDesktop%\Spyware.Doctor.4.0.0.2621.full.fixed.upped.by.magic.rar -> [Ver = | Size = 10829276 bytes | Created Date = 2/13/2007 8:07:10 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 344908 bytes | Created Date = 2/25/2007 12:59:26 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
XP[1].G.M.rar -> %UserDesktop%\XP[1].G.M.rar -> [Ver = | Size = 1231630 bytes | Created Date = 2/6/2007 1:04:36 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\XP[1].G.M.rar:Zone.Identifier ->
chgkey.vbs -> %SystemRoot%\chgkey.vbs -> [Ver = | Size = 592 bytes | Created Date = 2/16/2007 9:44:49 PM | Attr = ]
corr.ico -> %SystemRoot%\corr.ico -> [Ver = | Size = 766 bytes | Created Date = 2/10/2007 1:44:10 PM | Attr = ]
deskcalc.ini -> %SystemRoot%\deskcalc.ini -> [Ver = | Size = 459 bytes | Created Date = 2/7/2007 12:24:59 AM | Attr = ]
E2I56BAD499BB01FEAF85AA84C8.e2i -> %SystemRoot%\E2I56BAD499BB01FEAF85AA84C8.e2i -> [Ver = | Size = 105 bytes | Created Date = 2/10/2007 1:45:02 PM | Attr = ]
gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 12, 12027 | Size = 565311 bytes | Created Date = 2/24/2007 11:13:46 PM | Attr = ]
gmer.exe -> %SystemRoot%\gmer.exe -> [Ver = 1, 0, 12, 12027 | Size = 573440 bytes | Created Date = 2/24/2007 11:13:46 PM | Attr = ]
gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 250 bytes | Created Date = 2/24/2007 11:13:47 PM | Attr = ]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Created Date = 2/24/2007 11:13:47 PM | Attr = ]
I2E.ini -> %SystemRoot%\I2E.ini -> [Ver = | Size = 955203 bytes | Created Date = 2/10/2007 1:44:14 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 2/17/2007 9:20:03 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 2/17/2007 9:20:03 PM | Attr = H ]
aeafec_s.dll -> %System32%\aeafec_s.dll -> [Ver = | Size = 5 bytes | Created Date = 2/13/2007 12:51:25 AM | Attr = HS]
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 2/15/2007 12:36:40 AM | Attr = ]
eadacfbf_s.ocx -> %System32%\eadacfbf_s.ocx -> [Ver = | Size = 5 bytes | Created Date = 2/13/2007 12:51:25 AM | Attr = ]
FreeImage.dll -> %System32%\FreeImage.dll -> FreeImage [Ver = 3, 9, 1, 0 | Size = 999424 bytes | Created Date = 2/3/2007 6:52:53 PM | Attr = R ]
HDDSvc.exe -> %System32%\HDDSvc.exe -> AltrixSoft (http://www.altrixsoft.com/) [Ver = 2, 5, 184, 0 | Size = 192512 bytes | Created Date = 2/12/2007 10:26:34 PM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 2/15/2007 12:35:54 AM | Attr = ]
I2E_CINT.dll -> %System32%\I2E_CINT.dll -> [Ver = | Size = 1376256 bytes | Created Date = 2/11/2007 2:00:05 AM | Attr = ]
iiet.dll -> %System32%\iiet.dll -> [Ver = | Size = 39 bytes | Created Date = 2/10/2007 1:44:49 PM | Attr = ]
ImgX61.dll -> %System32%\ImgX61.dll -> Atalasoft, Inc. [Ver = 6.04.0007 | Size = 1204271 bytes | Created Date = 2/10/2007 1:44:15 PM | Attr = ]
ImgX61.ocx -> %System32%\ImgX61.ocx -> Atalasoft, Inc. [Ver = 6.04.0007 | Size = 413743 bytes | Created Date = 2/10/2007 1:44:15 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 2/15/2007 12:35:53 AM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 2/15/2007 12:35:54 AM | Attr = ]
ZPORT4AS.dll -> %System32%\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 2/15/2007 12:36:40 AM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 2/17/2007 1:37:01 AM | Attr = ]
CO_Mon.sys -> %System32%\drivers\CO_Mon.sys -> [Ver = | Size = 28672 bytes | Created Date = 2/19/2007 12:08:06 AM | Attr = ]
gmer.sys -> %System32%\drivers\gmer.sys -> GMER [Ver = 1, 0, 12, 3729 | Size = 68961 bytes | Created Date = 2/24/2007 11:13:47 PM | Attr = ]
ikhfile.sys -> %System32%\drivers\ikhfile.sys -> PCTools Research Pty Ltd. [Ver = 3, 6, 1, 2014 | Size = 30592 bytes | Created Date = 2/13/2007 8:22:22 AM | Attr = ]
ikhlayer.sys -> %System32%\drivers\ikhlayer.sys -> PCTools Research Pty Ltd. [Ver = 3, 6, 1, 2011 | Size = 51072 bytes | Created Date = 2/13/2007 8:22:21 AM | Attr = ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Created Date = 2/17/2007 3:58:58 PM | Attr = ]
hosts.bak -> %System32%\drivers\ETC\hosts.bak -> [Ver = | Size = 813 bytes | Created Date = 2/13/2007 8:54:19 PM | Attr = ]

Part 8

[Files - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 212 bytes | Modified Date = 2/25/2007 11:33:54 AM | Attr = HS]
I2E_Test.XXX -> %SystemDrive%\I2E_Test.XXX -> [Ver = | Size = 21 bytes | Modified Date = 2/24/2007 3:16:20 AM | Attr = ]
I2ePlugin.ini -> %UserAppData%\I2ePlugin.ini -> [Ver = | Size = 197 bytes | Modified Date = 2/19/2007 8:31:22 PM | Attr = ]
loader.lck -> %UserAppData%\loader.lck -> [Ver = | Size = 0 bytes | Modified Date = 2/25/2007 1:06:48 PM | Attr = ]
GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 155696 bytes | Modified Date = 2/4/2007 12:14:38 AM | Attr = ]
Carmel House Expenses 2005b.xls -> %UserDocuments%\Carmel House Expenses 2005b.xls -> [Ver = | Size = 28672 bytes | Modified Date = 2/11/2007 6:09:48 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\Carmel House Expenses 2005b.xls:Zone.Identifier ->
eurofxref-hist.xml -> %UserDocuments%\eurofxref-hist.xml -> [Ver = | Size = 78186 bytes | Modified Date = 2/7/2007 12:21:08 AM | Attr = ]
Intuit.pdf -> %UserDocuments%\Intuit.pdf -> [Ver = | Size = 65395 bytes | Modified Date = 2/12/2007 9:42:52 AM | Attr = ]
NA Sked.doc -> %UserDocuments%\NA Sked.doc -> [Ver = | Size = 248320 bytes | Modified Date = 2/25/2007 2:16:26 AM | Attr = ]
AVG Anti-Spyware.lnk -> %AllUsersDesktop%\AVG Anti-Spyware.lnk -> [Ver = | Size = 859 bytes | Modified Date = 2/17/2007 1:36:44 AM | Attr = ]
i2e image enhancer.lnk -> %AllUsersDesktop%\i2e image enhancer.lnk -> [Ver = | Size = 853 bytes | Modified Date = 2/10/2007 1:49:44 PM | Attr = ]
Lightroom.lnk -> %AllUsersDesktop%\Lightroom.lnk -> [Ver = | Size = 1816 bytes | Modified Date = 2/22/2007 2:16:58 AM | Attr = ]
Spyware Doctor.lnk -> %AllUsersDesktop%\Spyware Doctor.lnk -> [Ver = | Size = 591 bytes | Modified Date = 2/14/2007 10:17:08 PM | Attr = ]
Activescan.doc -> %UserDesktop%\Activescan.doc -> [Ver = | Size = 95744 bytes | Modified Date = 2/15/2007 11:37:30 PM | Attr = ]
Adobe Lightroom.v1.0 and Serial.zip -> %UserDesktop%\Adobe Lightroom.v1.0 and Serial.zip -> [Ver = | Size = 22609850 bytes | Modified Date = 2/22/2007 9:08:24 AM | Attr = ]
Auto Image Optimization Tests.pdf -> %UserDesktop%\Auto Image Optimization Tests.pdf -> [Ver = | Size = 1712100 bytes | Modified Date = 2/11/2007 4:11:50 PM | Attr = ]
Azureus.exe.lnk -> %UserDesktop%\Azureus.exe.lnk -> [Ver = | Size = 1544 bytes | Modified Date = 2/13/2007 7:58:16 AM | Attr = ]
Betterphoto Adventures in Photography.avi -> %UserDesktop%\Betterphoto Adventures in Photography.avi -> [Ver = | Size = 733668370 bytes | Modified Date = 2/19/2007 12:53:20 PM | Attr = ]
blbeta.exe -> %UserDesktop%\blbeta.exe -> F-Secure Corporation [Ver = 2, 2, 1055, 0 | Size = 899960 bytes | Modified Date = 2/18/2007 10:04:56 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\blbeta.exe:Zone.Identifier ->
budget.xls -> %UserDesktop%\budget.xls -> [Ver = | Size = 25600 bytes | Modified Date = 2/12/2007 7:32:52 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\budget.xls:Zone.Identifier ->
divx v65_nigmae.rar -> %UserDesktop%\divx v65_nigmae.rar -> [Ver = | Size = 14876157 bytes | Modified Date = 1/29/2007 12:33:42 AM | Attr = ]
Downloads Folder.lnk -> %UserDesktop%\Downloads Folder.lnk -> [Ver = | Size = 1250 bytes | Modified Date = 2/2/2007 12:21:24 AM | Attr = ]
drweb-cureit.exe -> %UserDesktop%\drweb-cureit.exe -> [Ver = | Size = 5751200 bytes | Modified Date = 2/16/2007 12:02:36 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\drweb-cureit.exe:Zone.Identifier ->
FSResizerSetup24.exe -> %UserDesktop%\FSResizerSetup24.exe -> [Ver = | Size = 1309847 bytes | Modified Date = 1/29/2007 8:21:04 AM | Attr = ]
gmer.exe -> %UserDesktop%\gmer.exe -> [Ver = 1, 0, 12, 12027 | Size = 573440 bytes | Modified Date = 2/4/2007 9:23:26 PM | Attr = ]
ICSharpCode.SharpZipLib.dll -> %UserDesktop%\ICSharpCode.SharpZipLib.dll -> [Ver = 0.84.0.0 | Size = 143360 bytes | Modified Date = 2/25/2007 1:08:04 PM | Attr = ]
Image.zip -> %UserDesktop%\Image.zip -> [Ver = | Size = 47535285 bytes | Modified Date = 2/11/2007 4:54:28 PM | Attr = ]
Internet Download Manager.lnk -> %UserDesktop%\Internet Download Manager.lnk -> [Ver = | Size = 718 bytes | Modified Date = 2/2/2007 12:05:46 AM | Attr = ]
MO[1].VidaOne.MyPersonalDiet.v1.19.rar -> %UserDesktop%\MO[1].VidaOne.MyPersonalDiet.v1.19.rar -> [Ver = | Size = 2819144 bytes | Modified Date = 1/30/2007 1:49:44 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\MO[1].VidaOne.MyPersonalDiet.v1.19.rar:Zone.Identifier ->
Rootkit Unhooker.lnk -> %UserDesktop%\Rootkit Unhooker.lnk -> [Ver = | Size = 570 bytes | Modified Date = 2/17/2007 11:17:06 PM | Attr = ]
s-ptst2.rar -> %UserDesktop%\s-ptst2.rar -> [Ver = | Size = 16817448 bytes | Modified Date = 2/21/2007 10:48:00 PM | Attr = ]
SDFull.rar -> %UserDesktop%\SDFull.rar -> [Ver = | Size = 9713668 bytes | Modified Date = 2/13/2007 8:14:06 AM | Attr = ]
setup.exe -> %UserDesktop%\setup.exe -> [Ver = | Size = 33113648 bytes | Modified Date = 2/3/2007 4:17:34 PM | Attr = ]
Spybot Thread.url -> %UserDesktop%\Spybot Thread.url -> [Ver = | Size = 154 bytes | Modified Date = 2/23/2007 11:16:02 PM | Attr = ]
spybotsd14.exe -> %UserDesktop%\spybotsd14.exe -> Safer Networking Limited [Ver = | Size = 5037072 bytes | Modified Date = 2/14/2007 12:41:50 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\spybotsd14.exe:Zone.Identifier ->
Spyware Board Link.url -> %UserDesktop%\Spyware Board Link.url -> [Ver = | Size = 161 bytes | Modified Date = 2/23/2007 11:16:16 PM | Attr = ]
Spyware.Doctor.4.0.0.2621.full.fixed.upped.by.magic.rar -> %UserDesktop%\Spyware.Doctor.4.0.0.2621.full.fixed.upped.by.magic.rar -> [Ver = | Size = 10829276 bytes | Modified Date = 2/13/2007 8:07:38 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 344908 bytes | Modified Date = 2/25/2007 12:59:40 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
XP[1].G.M.rar -> %UserDesktop%\XP[1].G.M.rar -> [Ver = | Size = 1231630 bytes | Modified Date = 2/6/2007 1:04:48 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\XP[1].G.M.rar:Zone.Identifier ->
Adobe Acrobat Speed Launcher.lnk -> %AllUsersStartup%\Adobe Acrobat Speed Launcher.lnk -> [Ver = | Size = 2335 bytes | Modified Date = 2/22/2007 12:08:22 AM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2/25/2007 1:05:34 PM | Attr = S]
chgkey.vbs -> %SystemRoot%\chgkey.vbs -> [Ver = | Size = 592 bytes | Modified Date = 2/16/2007 9:45:38 PM | Attr = ]
deskcalc.ini -> %SystemRoot%\deskcalc.ini -> [Ver = | Size = 459 bytes | Modified Date = 2/21/2007 8:50:18 PM | Attr = ]
DVDRegionFree.INI -> %SystemRoot%\DVDRegionFree.INI -> [Ver = | Size = 67 bytes | Modified Date = 2/20/2007 9:19:08 PM | Attr = ]
E2I56BAD499BB01FEAF85AA84C8.e2i -> %SystemRoot%\E2I56BAD499BB01FEAF85AA84C8.e2i -> [Ver = | Size = 105 bytes | Modified Date = 2/24/2007 3:16:20 AM | Attr = ]
gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 12, 12027 | Size = 565311 bytes | Modified Date = 2/24/2007 11:13:48 PM | Attr = ]
gmer.exe -> %SystemRoot%\gmer.exe -> [Ver = 1, 0, 12, 12027 | Size = 573440 bytes | Modified Date = 2/4/2007 9:23:26 PM | Attr = ]
gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 250 bytes | Modified Date = 2/25/2007 2:32:20 AM | Attr = ]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Modified Date = 2/24/2007 11:13:48 PM | Attr = ]
Instlog.lyt -> %SystemRoot%\Instlog.lyt -> [Ver = | Size = 5669 bytes | Modified Date = 1/30/2007 10:17:28 PM | Attr = ]
maketorrent.ini -> %SystemRoot%\maketorrent.ini -> [Ver = | Size = 258 bytes | Modified Date = 2/8/2007 1:54:42 AM | Attr = ]
MEMORY.DMP -> %SystemRoot%\MEMORY.DMP -> [Ver = | Size = 670150656 bytes | Modified Date = 2/14/2007 10:42:22 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 2/17/2007 9:20:04 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 2/20/2007 9:26:42 AM | Attr = H ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 2/25/2007 11:33:52 AM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 1633 bytes | Modified Date = 2/25/2007 1:07:08 PM | Attr = ]
aeafec_s.dll -> %System32%\aeafec_s.dll -> [Ver = | Size = 5 bytes | Modified Date = 2/13/2007 12:51:26 AM | Attr = HS]
BASSMOD.dll -> %System32%\BASSMOD.dll -> [Ver = | Size = 10752 bytes | Modified Date = 2/13/2007 1:10:14 AM | Attr = ]
eadacfbf_s.ocx -> %System32%\eadacfbf_s.ocx -> [Ver = | Size = 5 bytes | Modified Date = 2/13/2007 12:51:26 AM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 479536 bytes | Modified Date = 2/4/2007 8:55:32 AM | Attr = ]
HDDSvc.exe -> %System32%\HDDSvc.exe -> AltrixSoft (http://www.altrixsoft.com/) [Ver = 2, 5, 184, 0 | Size = 192512 bytes | Modified Date = 2/12/2007 10:26:34 PM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 2/15/2007 12:35:56 AM | Attr = ]
iiet.dll -> %System32%\iiet.dll -> [Ver = | Size = 39 bytes | Modified Date = 2/24/2007 3:12:46 AM | Attr = ]
KGyGaAvL.sys -> %System32%\KGyGaAvL.sys -> [Ver = | Size = 1056 bytes | Modified Date = 2/13/2007 2:27:10 AM | Attr = ]
OODBS.lor -> %System32%\OODBS.lor -> [Ver = | Size = 248223 bytes | Modified Date = 2/25/2007 1:05:16 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 2/15/2007 12:35:56 AM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 70988 bytes | Modified Date = 2/25/2007 1:10:16 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 422106 bytes | Modified Date = 2/25/2007 1:10:16 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 502040 bytes | Modified Date = 2/25/2007 1:10:16 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 2/15/2007 12:35:56 AM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2228 bytes | Modified Date = 2/25/2007 11:24:12 AM | Attr = ]
CO_Mon.sys -> %System32%\drivers\CO_Mon.sys -> [Ver = | Size = 28672 bytes | Modified Date = 2/19/2007 12:08:10 AM | Attr = ]
gmer.sys -> %System32%\drivers\gmer.sys -> GMER [Ver = 1, 0, 12, 3729 | Size = 68961 bytes | Modified Date = 2/24/2007 11:13:48 PM | Attr = ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Modified Date = 2/17/2007 3:56:52 PM | Attr = ]
hosts.bak -> %System32%\drivers\ETC\hosts.bak -> [Ver = | Size = 813 bytes | Modified Date = 2/13/2007 8:54:20 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
@Alternate Data Stream - 884 bytes -> %AllUsersAppData%\Microsoft:BdfZFFGL0m10le6Kkj2NBq ->
@Alternate Data Stream - 99 bytes -> %AllUsersAppData%\TEMP:A5B56640 ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\BlueCrossClaimForm.pdf:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\Carmel House Expenses 2005b.xls:Zone.Identifier ->
@Alternate Data Stream - 76 bytes -> %UserDocuments%\Downloaded Program Updates:Roxio EMC Stream ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\Europe 2005 Itinerary.doc:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\FyreStorm Calendar 2007.doc:Zone.Identifier ->
@Alternate Data Stream - 76 bytes -> %UserDocuments%\InterVideo:Roxio EMC Stream ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\KE Jobs list.xls:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\Letter of Intent.doc:Zone.Identifier ->
@Alternate Data Stream - 76 bytes -> %UserDocuments%\Manuals, Misc:Roxio EMC Stream ->
@Alternate Data Stream - 76 bytes -> %UserDocuments%\MATZAH5.wav:Roxio EMC Stream ->
@Alternate Data Stream - 76 bytes -> %UserDocuments%\Millenium Eve.jpg:Roxio EMC Stream ->
@Alternate Data Stream - 76 bytes -> %UserDocuments%\Mistake.gif:Roxio EMC Stream ->
@Alternate Data Stream - 76 bytes -> %UserDocuments%\My Collages:Roxio EMC Stream ->
@Alternate Data Stream - 76 bytes -> %UserDocuments%\number2.jpg:Roxio EMC Stream ->
@Alternate Data Stream - 76 bytes -> %UserDocuments%\Passport AG.jpg:Roxio EMC Stream ->
@Alternate Data Stream - 76 bytes -> %UserDocuments%\qc1.jpg:Roxio EMC Stream ->
@Alternate Data Stream - 76 bytes -> %UserDocuments%\ScrapBook Projects:Roxio EMC Stream ->
@Alternate Data Stream - 76 bytes -> %UserDocuments%\Ulead DVD DiscRecorder:Roxio EMC Stream ->
@Alternate Data Stream - 76 bytes -> %UserDocuments%\Unzipped:Roxio EMC Stream ->
@Alternate Data Stream - 76 bytes -> %UserDocuments%\Vuitton1.jpg:Roxio EMC Stream ->
@Alternate Data Stream - 76 bytes -> %UserDocuments%\Web Creator:Roxio EMC Stream ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Acronis_True_Image___Disk_Director__Boot_CD_.rar:Zone.Identifier ->
WSUD , -> %UserDesktop%\Acronis_True_Image___Disk_Director__Boot_CD_.rar -> [Ver = | Size = 80206466 bytes | Modified Date = 11/28/2006 2:00:00 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Adobe_Captivate_2[1].0_-_Build_incl._Patch.exe:Zone.Identifier ->
PEC2 , -> %UserDesktop%\Adobe_Captivate_2[1].0_-_Build_incl._Patch.exe -> [Ver = | Size = 91538417 bytes | Modified Date = 1/11/2007 11:35:20 PM | Attr = ]
File scan skipped for file %UserDesktop%\Betterphoto Adventures in Photography.avi -> File size too big (733668370 bytes) ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\blbeta.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\budget.xls:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Can_Opuluss_Pro_Code__r_2[1].0.rar:Zone.Identifier ->
UPX0 , -> %UserDesktop%\Can_Opuluss_Pro_Code__r_2[1].0.rar -> [Ver = | Size = 45607705 bytes | Modified Date = 1/12/2007 12:13:52 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Digital_Film_Tools_EZ_Mask_v1[1].01.rar:Zone.Identifier ->
UPX! , UPX0 , -> %UserDesktop%\divx v65_nigmae.rar -> [Ver = | Size = 14876157 bytes | Modified Date = 1/29/2007 12:33:42 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\drweb-cureit.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\FontParadise-2800Fonts.zip:Zone.Identifier ->
UPX! , PEC2 , -> %UserDesktop%\FontParadise-2800Fonts.zip -> [Ver = | Size = 78593496 bytes | Modified Date = 11/5/2005 12:41:14 AM | Attr = ]
@Alternate Data Stream - 76 bytes -> %UserDesktop%\fontz:Roxio EMC Stream ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Gertrudis Pro.rar:Zone.Identifier ->
@Alternate Data Stream - 76 bytes -> %UserDesktop%\Guitars:Roxio EMC Stream ->
WSUD , -> %UserDesktop%\Image.zip -> [Ver = | Size = 47535285 bytes | Modified Date = 2/11/2007 4:54:28 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Imagenomic_Noiseware_Pro_4[1].1.0.5.rar:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\ImageSynth_v0[1].31.rar:Zone.Identifier ->
@Alternate Data Stream - 894 bytes -> %UserDesktop%\Jill's Site.url:favicon ->
@Alternate Data Stream - 76 bytes -> %UserDesktop%\Movie Stuff:Roxio EMC Stream ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\MO[1].VidaOne.MyPersonalDiet.v1.19.rar:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Pixarra[1].TwistedBrush.v11.3.WinAll.Cracked-EiTheL.rar:Zone.Identifier ->
WSUD , -> %UserDesktop%\SDFull.rar -> [Ver = | Size = 9713668 bytes | Modified Date = 2/13/2007 8:14:06 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SILKYPIX_Developer_Studio_3[1].0.2.9.rar:Zone.Identifier ->
FSG! , -> %UserDesktop%\slycr26[1].09.rar -> [Ver = | Size = 24524173 bytes | Modified Date = 9/27/2006 12:21:58 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Special_FX Actions.rar:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\spybotsd14.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\ssscs1b.rar:Zone.Identifier ->
File scan skipped for file %UserDesktop%\ssscs1b.rar -> File size too big (111866057 bytes) ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\tbrusha.exe:Zone.Identifier ->
@Alternate Data Stream - 76 bytes -> %UserDesktop%\TM Fonts:Roxio EMC Stream ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\TPh5[1].4.rar:Zone.Identifier ->
WSUD , -> %UserDesktop%\TPh5[1].4.rar -> [Ver = | Size = 7329176 bytes | Modified Date = 1/5/2007 12:48:52 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\TweakNow PowerPack.rar:Zone.Identifier ->
@Alternate Data Stream - 76 bytes -> %UserDesktop%\ULead Tutorials:Roxio EMC Stream ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinXP_Manager_5[1].0.4.rar:Zone.Identifier ->
@Alternate Data Stream - 1386 bytes -> %UserDesktop%\www.2baksa.net.url:favicon ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\XP[1].G.M.rar:Zone.Identifier ->

Part 9

UPX! , UPX0 , -> %SystemRoot%\calculatoor.exe -> [Ver = | Size = 291840 bytes | Modified Date = 10/20/2006 6:34:48 PM | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\lame.exe -> [Ver = | Size = 196608 bytes | Modified Date = 12/3/2002 9:47:32 PM | Attr = ]
File scan skipped for file %SystemRoot%\MEMORY.DMP -> File size too big (670150656 bytes) ->
UPX! , UPX0 , -> %SystemRoot%\muninst.exe -> www.video-soft.com [Ver = 1.0.0.5 | Size = 65024 bytes | Modified Date = 1/30/2005 1:11:14 PM | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\oggenc.exe -> [Ver = | Size = 155136 bytes | Modified Date = 11/14/2003 5:19:42 PM | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\uscscsi.dll -> [Ver = 1.12.0.0 | Size = 47104 bytes | Modified Date = 3/9/2003 6:42:44 PM | Attr = ]
UPX! , UPX0 , -> %System32%\AdjMmsEng.dll -> MultiMedia Soft [Ver = 5, 3, 0, 1 | Size = 659968 bytes | Modified Date = 7/21/2006 12:14:44 PM | Attr = ]
UPX! , -> %System32%\aswBoot.exe -> [Ver = 4, 6, 731, 0 | Size = 473600 bytes | Modified Date = 11/12/2005 6:59:18 AM | Attr = ]
UPX! , UPX0 , -> %System32%\auth.dll -> [Ver = | Size = 23040 bytes | Modified Date = 6/23/2001 9:20:00 PM | Attr = ]
UPX! , UPX0 , -> %System32%\avisynth.dll -> The Public [Ver = 2, 5, 6, 0 | Size = 308224 bytes | Modified Date = 10/28/2005 8:44:12 AM | Attr = ]
PEC2 , PECompact2 , -> %System32%\BluffTitler.scr -> [Ver = | Size = 719872 bytes | Modified Date = 6/16/2006 9:23:00 AM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivXNetworks [Ver = 6,0,0,1571 | Size = 692736 bytes | Modified Date = 7/15/2005 10:36:36 AM | Attr = ]
PEC2 , -> %System32%\Dwapilib.tlb -> [Ver = | Size = 197171 bytes | Modified Date = 2/14/1997 10:24:14 PM | Attr = ]
UPX! , UPX0 , -> %System32%\eSellerateEngine.dll -> eSellerate Inc. [Ver = 3.6.2.8 | Size = 151552 bytes | Modified Date = 10/11/2005 1:40:52 PM | Attr = ]
UPX! , UPX0 , -> %System32%\eWebControl.dll -> eSellerate Inc. [Ver = 1.0.2.0 | Size = 57856 bytes | Modified Date = 10/4/2005 7:11:22 AM | Attr = ]
UPX! , UPX0 , -> %System32%\ffdshow.ax -> [Ver = 1.0.2.1997 | Size = 1018368 bytes | Modified Date = 11/25/2005 4:04:22 PM | Attr = ]
UPX! , UPX0 , -> %System32%\ff_kerneldeint.dll -> [Ver = | Size = 57344 bytes | Modified Date = 11/25/2005 5:30:18 PM | Attr = ]
UPX! , UPX0 , -> %System32%\ff_liba52.dll -> [Ver = | Size = 49664 bytes | Modified Date = 11/25/2005 3:45:34 PM | Attr = ]
UPX! , UPX0 , -> %System32%\ff_libdts.dll -> [Ver = | Size = 122880 bytes | Modified Date = 11/25/2005 3:45:34 PM | Attr = ]
UPX! , UPX0 , -> %System32%\ff_libfaad2.dll -> [Ver = | Size = 186880 bytes | Modified Date = 11/25/2005 3:45:34 PM | Attr = ]
UPX! , UPX0 , -> %System32%\ff_libmad.dll -> [Ver = | Size = 86528 bytes | Modified Date = 11/25/2005 3:45:34 PM | Attr = ]
UPX! , UPX0 , -> %System32%\ff_realaac.dll -> [Ver = | Size = 107008 bytes | Modified Date = 11/25/2005 5:30:18 PM | Attr = ]
UPX! , UPX0 , -> %System32%\ff_samplerate.dll -> [Ver = | Size = 115200 bytes | Modified Date = 11/25/2005 3:45:34 PM | Attr = ]
UPX! , UPX0 , -> %System32%\ff_theora.dll -> [Ver = | Size = 107008 bytes | Modified Date = 11/25/2005 3:45:36 PM | Attr = ]
UPX! , UPX0 , -> %System32%\ff_tremor.dll -> [Ver = | Size = 49664 bytes | Modified Date = 11/25/2005 3:45:36 PM | Attr = ]
UPX! , UPX0 , -> %System32%\ff_unrar.dll -> [Ver = | Size = 37888 bytes | Modified Date = 11/25/2005 3:45:36 PM | Attr = ]
UPX! , UPX0 , -> %System32%\ff_wmv9.dll -> [Ver = | Size = 23552 bytes | Modified Date = 11/25/2005 3:45:36 PM | Attr = ]
UPX! , UPX0 , -> %System32%\ff_x264.dll -> [Ver = | Size = 196608 bytes | Modified Date = 11/25/2005 3:45:36 PM | Attr = ]
Thawte Consulting , -> %System32%\idmmbc.dll -> Tonec Inc. [Ver = 4, 0, 0, 1 | Size = 202424 bytes | Modified Date = 10/23/2006 6:51:46 AM | Attr = ]
aspack , -> %System32%\Incinerator.dll -> [Ver = | Size = 1212416 bytes | Modified Date = 12/20/2006 5:48:02 PM | Attr = ]
UPX! , UPX0 , -> %System32%\Lame.exe -> [Ver = | Size = 145408 bytes | Modified Date = 11/5/2005 3:34:50 PM | Attr = ]
UPX! , UPX0 , -> %System32%\libavcodec.dll -> [Ver = | Size = 1115648 bytes | Modified Date = 11/25/2005 3:45:38 PM | Attr = ]
UPX! , UPX0 , -> %System32%\libmpeg2_ff.dll -> [Ver = | Size = 43520 bytes | Modified Date = 11/25/2005 3:45:38 PM | Attr = ]
UPX! , UPX0 , -> %System32%\libmplayer.dll -> [Ver = | Size = 164352 bytes | Modified Date = 11/25/2005 3:45:38 PM | Attr = ]
UPX! , UPX0 , -> %System32%\libsndfile.dll -> [Ver = 1.0 rc2 | Size = 96768 bytes | Modified Date = 7/8/2005 10:06:02 AM | Attr = ]
UPX! , UPX0 , -> %System32%\macdll.dll -> Matthew T. Ashland [Ver = 3.97 | Size = 71680 bytes | Modified Date = 7/9/2002 11:30:06 PM | Attr = ]
UPX! , UPX0 , -> %System32%\monkeysource.ax -> [Ver = | Size = 179712 bytes | Modified Date = 8/31/2003 12:24:58 AM | Attr = ]
UPX! , UPX0 , -> %System32%\OggEnc.exe -> [Ver = | Size = 157696 bytes | Modified Date = 7/19/2002 8:48:22 AM | Attr = ]
Thawte Consulting , -> %System32%\Px.dll -> Sonic Solutions [Ver = 3.0.88.500 | Size = 452264 bytes | Modified Date = 6/9/2006 10:54:20 AM | Attr = ]
Thawte Consulting , -> %System32%\PxMas.dll -> Sonic Solutions [Ver = 3.0.88.500 | Size = 181928 bytes | Modified Date = 6/9/2006 10:54:26 AM | Attr = ]
Thawte Consulting , -> %System32%\PxSFS.DLL -> Sonic Solutions [Ver = 3.0.88.500 | Size = 1279656 bytes | Modified Date = 6/9/2006 10:54:28 AM | Attr = ]
Thawte Consulting , -> %System32%\PxWave.dll -> Sonic Solutions [Ver = 3.0.88.500 | Size = 345768 bytes | Modified Date = 6/9/2006 10:54:30 AM | Attr = ]
UPX! , UPX0 , -> %System32%\qtalt.ax -> Cyberlink [Ver = 1.00.1016 | Size = 28672 bytes | Modified Date = 4/30/2004 8:46:24 PM | Attr = ]
UPX! , UPX0 , -> %System32%\rmalt.ax -> Gabest [Ver = 1, 0, 0, 4 | Size = 116224 bytes | Modified Date = 3/26/2004 3:32:36 PM | Attr = ]
UPX! , UPX0 , -> %System32%\t3odm.dll -> Cyberlink [Ver = 1.00.1016 | Size = 28672 bytes | Modified Date = 4/30/2004 9:46:24 PM | Attr = ]
UPX! , UPX0 , -> %System32%\TomsMoComp_ff.dll -> [Ver = | Size = 49152 bytes | Modified Date = 11/25/2005 3:45:40 PM | Attr = ]
PEC2 , PECompact2 , -> %System32%\tssProgressBarXP.ocx -> Teebo Software Solutions [Ver = 1.00.0427 | Size = 72704 bytes | Modified Date = 2/9/2006 6:09:30 AM | Attr = ]
Thawte Consulting , -> %System32%\VaeCtrl.ocx -> Visviva Software Inc. [Ver = 3, 2, 8, 0 | Size = 130344 bytes | Modified Date = 11/8/2005 11:33:00 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\vafxu.dll:Zone.Identifier ->
UPX! , UPX0 , -> %System32%\vorbisenc.dll -> [Ver = | Size = 61952 bytes | Modified Date = 12/20/2003 6:45:34 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
USERTRUST , -> %System32%\wodFtpDLX.OCX -> WeOnlyDo! Inc. [Ver = 2, 5, 4, 204 | Size = 938272 bytes | Modified Date = 1/27/2006 1:56:56 AM | Attr = ]
Thawte Consulting , -> %System32%\XceedFtp.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.1.129.0 | Size = 279392 bytes | Modified Date = 8/2/2005 4:32:34 PM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]

< End of report >

Hooray!!!! . . . :D: :bigthumb: :laugh:

Hi

Yes, it's long :)

I will take a look at it later today and post back if I see something wrong :)

Hi

You seem to have gmer installed

Please run a scan with it and post back results :)

Hi

You seem to have gmer installed

Please run a scan with it and post back results :)

Yes . . . Started a scan last night, but it seems to take a heck of a long time :D: . . . I left it running this AM and hopefully it will be done when I get home today (which will be late since I'm meeting some friends for dinner after work) . . . will post the results then . . . :)

Thanks!!

Alex

Sorry to say the scan stopped and my PC locked up, so couldn't get a log for the scan . . . :oops:

Will try again tonight. I'll shut down my external drives before starting it, so hopefully it will complete earlier. :bigthumb:

In the meantime, here is a new HJT scan report:

Logfile of HijackThis v1.99.1
Scan saved at 11:24:28 PM, on 2/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Positive Networks\Drivers\e4mserv.exe
C:\WINDOWS\system32\HDDSvc.exe
C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Positive Networks\Drivers\pospcserv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Hard Drive Inspector\HDInspector.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ZoneTick\zonetick.exe
C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Program Files\TitleBarClock Pro\Tbcpro.exe
C:\Program Files\Scorpio Software\Handy Animated Emoticons\HAE.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\program files\deskcalc pro\deskcalc.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Positive Networks\PosLoader.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn1\YTBSDK.exe
C:\Documents and Settings\Alex.HOME-ALEX\Desktop\HJThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [DVD43] "C:\Program Files\DVD Region+CSS Free\DVDRegionFree.exe" /hidden
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [PSDrvCheck] "C:\Program Files\Pinnacle\Instant PhotoAlbum\programs\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [HDInspector.exe] C:\Program Files\Hard Drive Inspector\HDInspector.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [muBlinder] C:\Documents and Settings\Alex.HOME-ALEX\Desktop\muBlinder.exe -startup
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ZoneTick] C:\Program Files\ZoneTick\zonetick.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe" /auto:TivoTransfer /registry /service
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /auto:TivoServer /registry /service
O4 - HKCU\..\Run: [RAMSaverPro] C:\Program Files\WinTools\RAM Saver Pro\ramsaverpro.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [TBC Pro] "C:\Program Files\TitleBarClock Pro\Tbcpro.exe"
O4 - HKCU\..\Run: [Handy Animated Emoticons] "C:\Program Files\Scorpio Software\Handy Animated Emoticons\HAE.exe" /minimized
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [DeskCalc] "c:\program files\deskcalc pro\deskcalc.exe" /hide
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Check For Updates.lnk = C:\Program Files\eDonkey2000Lite\WiseUpdt.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Positive Networks.lnk = C:\Program Files\Positive Networks\PosLoader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.turbotax.com
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www.costcophotocenter.com/CostcoOutlookImport.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (GTDownloaderCtrl Class) - http://inst.c-wss.com/59/EN/html/gtdownlr.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161684026496
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161770650280
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.costcophotocenter.com/CostcoUpload.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: COM+ Alerter Service - Unknown owner - C:\WINDOWS\system32\altsvc.exe (file missing)
O23 - Service: e4mservice - Unknown owner - C:\Program Files\Positive Networks\Drivers\e4mserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Positive Networks VPN Client Manager (pospcserv) - Positive Networks - C:\Program Files\Positive Networks\Drivers\pospcserv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Hi

PC locking and slow scanning isn't really a good sign but let's hope for best :)

At the last minute decide to let it scan all drives, and it failed again . . . this time while scanning the last drive apparently.

Will try one more time tonite, and this time will really not scan the external drives. . . . :eek:

Hi

Ok, let's hope for best :)

Hi Shaba --

Did try running the GMER scan without my external drives checked off and it hung up again!! :oops:

I think I told you I am also working with Spywareinfo to try to resolve this issue. They have suggested running Avenger with some specific files to be deleted. You can take a look at their instructions and my response here Ilast two posts):

http://forums.spywareinfo.com/index.php?showtopic=94527

I'll post the results here also if you want. As per my response there , I will be out of town till Monday and will try the Avenger scan then.

Have a great weekend!!

:bigthumb: :) :laugh:

Hi

If you are receiving help in spywareinfo this will be closed (because you posted earlier in spywareinfo). Posting into multiple forums is just waste of helpers time.

Posting into multiple forums is just waste of helpers time.
Indeed.

"BEFORE you POST" -Preliminary Steps (http://forums.spybot.info/showthread.php?t=288)


Multi forum posters waste valuable volunteer resources, so please don't. It also:

Takes valuable volunteer resources away from other members waiting for assistance.

Puts your PC at risk because you are taking a bit of this and a bit of that from different sources, without the helpers being aware.