Virus (?) doing funny things to my PC

Status
Not open for further replies.
A

alex95070

New member
See: http://forums.spybot.info/showthread.php?p=71105#post71105

Thanks for your assistance and here is my latest HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 8:02:42 AM, on 2/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Positive Networks\Drivers\e4mserv.exe
C:\WINDOWS\system32\HDDSvc.exe
C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Positive Networks\Drivers\pospcserv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Hard Drive Inspector\HDInspector.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ZoneTick\zonetick.exe
C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe
C:\Program Files\WinTools\RAM Saver Pro\ramsaverpro.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Program Files\TitleBarClock Pro\Tbcpro.exe
C:\Program Files\Scorpio Software\Handy Animated Emoticons\HAE.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\program files\deskcalc pro\deskcalc.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Positive Networks\PosLoader.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn1\YTBSDK.exe
C:\Documents and Settings\Alex.HOME-ALEX\Desktop\HJThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [DVD43] "C:\Program Files\DVD Region+CSS Free\DVDRegionFree.exe" /hidden
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [PSDrvCheck] "C:\Program Files\Pinnacle\Instant PhotoAlbum\programs\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [HDInspector.exe] C:\Program Files\Hard Drive Inspector\HDInspector.exe
O4 - HKLM\..\Run: [muBlinder] C:\Documents and Settings\Alex.HOME-ALEX\Desktop\muBlinder.exe -startup
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ZoneTick] C:\Program Files\ZoneTick\zonetick.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe" /auto:TivoTransfer /registry /service
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /auto:TivoServer /registry /service
O4 - HKCU\..\Run: [RAMSaverPro] C:\Program Files\WinTools\RAM Saver Pro\ramsaverpro.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [TBC Pro] "C:\Program Files\TitleBarClock Pro\Tbcpro.exe"
O4 - HKCU\..\Run: [Handy Animated Emoticons] "C:\Program Files\Scorpio Software\Handy Animated Emoticons\HAE.exe" /minimized
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [DeskCalc] "c:\program files\deskcalc pro\deskcalc.exe" /hide
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Check For Updates.lnk = C:\Program Files\eDonkey2000Lite\WiseUpdt.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Positive Networks.lnk = C:\Program Files\Positive Networks\PosLoader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www.costcophotocenter.com/CostcoOutlookImport.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (GTDownloaderCtrl Class) - http://inst.c-wss.com/59/EN/html/gtdownlr.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161684026496
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161770650280
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.costcophotocenter.com/CostcoUpload.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: COM+ Alerter Service - Unknown owner - C:\WINDOWS\system32\altsvc.exe (file missing)
O23 - Service: e4mservice - Unknown owner - C:\Program Files\Positive Networks\Drivers\e4mserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Positive Networks VPN Client Manager (pospcserv) - Positive Networks - C:\Program Files\Positive Networks\Drivers\pospcserv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
 
Hi alex95070

Let's take a look this first:

Please download the following program and save it to your desktop:

http://noahdfear.geekstogo.com/FindAWF.exe

Once downloaded, double-click on the file to run it. When it is done there will be a file called awf.txt on your desktop. Please post the contents of that file as a reply to this topic.
 
Hi Shaba --

Thanks for yuor help in trying to fix this nasty .:spider: . . . :laugh:

Ran the FindAWF scan and here is the log:


Find AWF report by noahdfear ©2006

21504 byte files found
~~~~~~~~~~~~~



21504 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~



25600 byte files found
~~~~~~~~~~~~~

25600 "C:\Documents and Settings\Alex.HOME-ALEX\Desktop\budget.xls"


25600 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~



26450 byte files found
~~~~~~~~~~~~~



26450 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~



bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\321STU~1\PLATINUM\BAK

02/06/2004 08:29 AM 0 makedir
1 File(s) 0 bytes

Directory of C:\PROGRA~1\SUPPORT.COM\BACKUP\HO\HOSTS.BAK

11/22/2003 06:01 AM 12,771 61455_581c9a50f_
1 File(s) 12,771 bytes

Directory of C:\PROGRA~1\SUPPORT.COM\BACKUP\MP\MPLAYER2.BAK

07/02/2003 05:20 AM 3,752 18755_5281fd59a_
1 File(s) 3,752 bytes

Directory of C:\PROGRA~1\ULEADS~1\ULEADV~1.0\PLAYER\UVS8~1.0_O\RUNTIM~1.BAK

0 File(s) 0 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

0 Feb 6 2004 "C:\Program Files\321Studios\Platinum\bak\makedir"
0 Feb 6 2004 "C:\Program Files\321Studios\Platinum\tdf\makedir.dir"
12767 Nov 19 2003 "C:\Program Files\Support.com\backup\HO\HOSTS\61455_581c9a50f_"
12771 Nov 22 2003 "C:\Program Files\Support.com\backup\HO\hosts.bak\61455_581c9a50f_"
3752 Jul 2 2003 "C:\Program Files\Support.com\backup\MP\MPLAYER2.BAK\18755_5281fd59a_"
3752 Jul 2 2003 "C:\Program Files\Support.com\backup\MP\MPLAYER2.INF\18755_5281fd59a_"
47 Aug 25 2006 "C:\My-3D-Album\Album2\autorun.inf"
52 Sep 10 2006 "C:\My-3D-Album\Litwin\autorun.inf"
50 Sep 10 2006 "C:\My-3D-Album\LitwinMix\autorun.inf"
67 Jul 4 2004 "C:\My Intranet\nicole4u\autorun.inf"
67 Jul 4 2004 "C:\My Intranet\spidersoft_webzip\autorun.inf"
77 Jul 15 2004 "C:\My Intranet\technicallead\autorun.inf"
51 Sep 10 2006 "C:\My-3D-Album\Litwin\RecepTitle\autorun.inf"
46 Sep 10 2006 "C:\My-3D-Album\Litwin\Title\autorun.inf"
4824 Aug 30 2005 "C:\Program Files\Corel\Corel Painter Essentials 3 Setup Files\Autorun.inf"
53 May 26 2004 "C:\Program Files\InAlbum\CDTools\Autorun.inf"
53 May 26 2004 "C:\Program Files\InAlbum 2 Deluxe\CDTools\Autorun.inf"
29 Apr 18 2002 "C:\Program Files\MICROMEDEX\WinPDR32\autorun.inf"
0 Apr 29 2000 "C:\Program Files\Multimedia Builder496\Player\autorun.inf"
39 Jul 18 2002 "C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\autorun.inf"
51 Jun 18 1998 "C:\Program Files\Pinnacle\Instant DVD Recorder\AUTORUN.INF"
65 Aug 9 2006 "C:\Program Files\Roxio\Retrieve 9\Autorun.inf"
47 Aug 28 2001 "C:\Program Files\Ulead Systems\Ulead MediaStudio Pro 7.0\AUTORUN.INF"
57 May 12 2006 "C:\Program Files\VideoReDoPlus\HTMLPages\autorun.inf"
51 Sep 10 2006 "C:\My-3D-Album\Litwin\RecepTitle\RecepTitle\autorun.inf"
46 Sep 10 2006 "C:\My-3D-Album\Litwin\RecepTitle\Title\autorun.inf"
56 May 22 2004 "C:\Program Files\CyberLink\PowerProducer\DVDPlayer\AUTORUN.INF"
51 Aug 20 2006 "C:\Program Files\Photodex\CompuPicPro\cdmaster\autorun.inf"
45 Jan 29 2007 "C:\Program Files\Photodex\ProShowGold\english\autorun.inf"
45 Feb 1 2007 "C:\Program Files\Photodex\ProShowProducer\english\autorun.inf"
65 Nov 21 2003 "C:\Program Files\Roxio\Easy Media Creator 7\Creator Classic\Autorun.inf"
43 Aug 5 2003 "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\Autorun.inf"
49 Aug 23 2001 "C:\Program Files\Sonic Solutions\DVDit! LE\Player\Autorun.inf"
31 Mar 15 2004 "C:\Program Files\Ulead Systems\Ulead VideoStudio 8.0\Player\AUTORUN.INF"
41 Aug 31 2003 "C:\Program Files\vso\CopyToDVD\vmp\autorun.inf"
27 Jul 23 2003 "C:\Program Files\vso\CopyToDVD\vsoshow\autorun.inf"
51 Oct 16 1997 "C:\Documents and Settings\Alex\Desktop\Xara Webstyle 3.0 FULL\Xara Webstyle 3.0\AUTORUN.INF"
47 Nov 16 2006 "C:\Documents and Settings\Alex.HOME-ALEX\Local Settings\Temp\WGA Validation v1.5.716.0\AUTORUN.INF"
51 Sep 10 2006 "C:\My-3D-Album\Litwin\RecepTitle\RecepTitle\RecepTitle\autorun.inf"
46 Sep 10 2006 "C:\My-3D-Album\Litwin\RecepTitle\RecepTitle\Title\autorun.inf"
27 Jul 16 2004 "C:\Program Files\Sonic\MyDVD Studio Deluxe Suite\Backup MyPC Deluxe\DR\autorun.inf"
31 Mar 15 2004 "C:\Program Files\Ulead Systems\Ulead VideoStudio 8.0\Player\RunTimePlayer2.0\AUTORUN.INF"
53 Sep 28 2006 "C:\Documents and Settings\Alex.HOME-ALEX\Local Settings\Temp\bye144.tmp\Disk1\AUTORUN.INF"
51 Sep 10 2006 "C:\My-3D-Album\Litwin\RecepTitle\RecepTitle\RecepTitle\RecepTitle\autorun.inf"
49 Sep 18 2003 "C:\Program Files\Ulead Systems\Ulead VideoStudio 8.0\Player\UVS8.0_Other_BakUp\RunTimePlayer2.0.20040309\AUTORUN.INF"
51 Sep 10 2006 "C:\My-3D-Album\Litwin\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\autorun.inf"
49 Sep 18 2003 "C:\Program Files\Ulead Systems\Ulead VideoStudio 8.0\Player\UVS8.0_Other_BakUp\RunTimePlayer2.0.bak\ALL\AUTORUN.INF"
51 Sep 10 2006 "C:\My-3D-Album\Litwin\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\autorun.inf"
51 Sep 10 2006 "C:\My-3D-Album\Litwin\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\autorun.inf"
51 Sep 10 2006 "C:\My-3D-Album\Litwin\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\autorun.inf"
51 Sep 10 2006 "C:\My-3D-Album\Litwin\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\autorun.inf"
51 Sep 10 2006 "C:\My-3D-Album\Litwin\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\autorun.inf"
51 Sep 10 2006 "C:\My-3D-Album\Litwin\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\RecepTitle\autorun.inf"
29 Aug 6 2003 "D:\NEW\3d-album_3.2.8\autorun.inf"
25 Mar 28 2006 "D:\NEW\The Physicians Desk Reference Electronic Library\autorun.inf"
31 Aug 22 2003 "D:\FFFFF\Yahoonew\coronadofantasy\ScanSoft PDF Converter\Autorun.inf"
29 Mar 9 2004 "L:\Restoration Training\Autorun.inf"
46 Jun 13 2004 "M:\BitLord Downloads\Lynda.com - Microsoft PowerPoint 2003\Lynda.com - Microsoft PowerPoint 2003\autorun.inf"


end of report
 
Hi

Ok, awf isn't there

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
    • In the Files Created Within group click 30 days
    • In the Files Modified Within group select 30 days
    • In the File String Search group select Non-Microsoft
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.
 
Shaba --

Here is the log file from WinPFind3. It is too long for a single post, so it will take several:

Part 1:

WinPFind3 logfile created on: 2/25/2007 1:18:53 PM
WinPFind3U by OldTimer - Version 1.0.19 Folder = C:\Documents and Settings\Alex.HOME-ALEX\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

654340 Kb Total Physical Memory | 225500 Kb Available Physical Memory | 34.46% Memory free
2582648 Kb Paging File | 2149652 Kb Available in Paging File | 83.23% Paging File free
Paging file location(s): c:\pagefile.sys 1920 1920;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 122897248 Kb Total Space | 9285412 Kb Free Space | 7.56% Space Free
Drive D: | 58613120 Kb Total Space | 29417579 Kb Free Space | 50.19% Space Free
E: Drive not present or media not loaded
Drive F: | 72429020 Kb Total Space | 37787968 Kb Free Space | 52.17% Space Free


[Processes - Non-Microsoft Only]
acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Distillr\acrotray.exe -> Adobe Systems Inc. [Ver = 7.0.7.2006011200 | Size = 483328 bytes | Modified Date = 1/12/2006 8:52:32 PM | Attr = ]
agent.exe -> %CommonProgramFiles%\InstallShield\UpdateService\agent.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 618496 bytes | Modified Date = 6/10/2005 9:44:02 AM | Attr = ]
anydvd.exe -> %ProgramFiles%\SlySoft\AnyDVD\AnyDVD.exe -> SlySoft, Inc. [Ver = 6.0.5.0 | Size = 471040 bytes | Modified Date = 8/18/2006 2:15:36 AM | Attr = ]
apdproxy.exe -> %ProgramFiles%\Adobe\Photoshop Elements 5.0\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.66984 | Size = 61440 bytes | Modified Date = 9/14/2006 6:55:52 AM | Attr = ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 4:20:00 AM | Attr = ]
cpshelprunner.exe -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe -> Sonic Solutions [Ver = 9.0.1.31 | Size = 10752 bytes | Modified Date = 8/10/2006 10:38:54 AM | Attr = ]
deskcalc.exe -> %ProgramFiles%\deskcalc pro\deskcalc.exe -> DeskCalc GbR [Ver = 4, 0, 11, 0 | Size = 3080192 bytes | Modified Date = 1/29/2007 1:38:22 PM | Attr = ]
drgtodsc.exe -> %ProgramFiles%\Roxio\Drag-to-Disc\DrgToDsc.exe -> Sonic Solutions [Ver = 9.0.0.50 | Size = 1116920 bytes | Modified Date = 7/31/2006 8:00:00 AM | Attr = ]
e4mserv.exe -> %ProgramFiles%\Positive Networks\Drivers\e4mserv.exe -> [Ver = | Size = 80792 bytes | Modified Date = 4/28/2003 1:28:32 PM | Attr = ]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 2, 1128, 5462 | Size = 171448 bytes | Modified Date = 1/24/2007 2:14:26 AM | Attr = ]
hae.exe -> %ProgramFiles%\Scorpio Software\Handy Animated Emoticons\HAE.exe -> Scorpio Software [Ver = 3.00.0045 | Size = 679936 bytes | Modified Date = 5/4/2005 4:12:58 PM | Attr = ]
hddsvc.exe -> %System32%\HDDSvc.exe -> AltrixSoft (http://www.altrixsoft.com/) [Ver = 2, 5, 184, 0 | Size = 192512 bytes | Modified Date = 2/12/2007 10:26:34 PM | Attr = ]
hdinspector.exe -> %ProgramFiles%\Hard Drive Inspector\HDInspector.exe -> Altrixsoft [Ver = 2, 0, 317, 0 | Size = 991744 bytes | Modified Date = 2/14/2007 11:25:08 AM | Attr = ]
idman.exe -> %ProgramFiles%\Internet Download Manager\IDMan.exe -> Tonec Inc. [Ver = 5.08.4 | Size = 892672 bytes | Modified Date = 2/7/2007 12:04:56 AM | Attr = ]
iemonitor.exe -> %ProgramFiles%\Internet Download Manager\IEMonitor.exe -> Tonec Inc. [Ver = 2, 0, 0, 1 | Size = 251576 bytes | Modified Date = 1/25/2007 7:09:06 AM | Attr = ]
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 6/10/2005 9:44:02 AM | Attr = ]
mediadetect.exe -> %ProgramFiles%\Corel\Corel Photo Album 6\MediaDetect.exe -> Corel, Inc. [Ver = 6.3.3 (20060209.16) | Size = 106496 bytes | Modified Date = 2/9/2006 2:34:54 PM | Attr = ]
mssysmgr.exe -> %ProgramFiles%\Comcast\Comcast PhotoShow 4\data\Xtras\mssysmgr.exe -> Simple Star, Inc. [Ver = 4.0.0.0 | Size = 192512 bytes | Modified Date = 5/9/2005 3:16:16 PM | Attr = ]
nmsaccess.exe -> %ProgramFiles%\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe -> [Ver = | Size = 45056 bytes | Modified Date = 12/7/2005 9:44:20 AM | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 81920 bytes | Modified Date = 10/6/2003 1:16:00 PM | Attr = ]
oodag.exe -> %System32%\oodag.exe -> O&O Software GmbH [Ver = 8.0.1398 | Size = 225280 bytes | Modified Date = 5/11/2005 2:09:54 AM | Attr = ]
pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0910 | Size = 30208 bytes | Modified Date = 12/7/2005 10:57:00 PM | Attr = ]
photoshopelementsfileagent.exe -> %ProgramFiles%\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -> [Ver = | Size = 102400 bytes | Modified Date = 9/14/2006 6:56:06 AM | Attr = ]
posloader.exe -> %ProgramFiles%\Positive Networks\PosLoader.exe -> Positive Networks [Ver = 2, 1, 45, 1 | Size = 712192 bytes | Modified Date = 9/5/2006 12:53:02 PM | Attr = ]
pospcserv.exe -> %ProgramFiles%\Positive Networks\Drivers\pospcserv.exe -> Positive Networks [Ver = 2, 1, 9, 2 | Size = 295424 bytes | Modified Date = 9/5/2006 12:53:02 PM | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.0.3 | Size = 155648 bytes | Modified Date = 12/12/2005 12:06:38 AM | Attr = ]
ramsaverpro.exe -> %ProgramFiles%\WinTools\RAM Saver Pro\ramsaverpro.exe -> [Ver = | Size = 77824 bytes | Modified Date = 4/14/2005 1:37:14 AM | Attr = ]
richvideo.exe -> %ProgramFiles%\CyberLink\Shared Files\RichVideo.exe -> [Ver = 1.1.1006 | Size = 167936 bytes | Modified Date = 10/6/2005 12:15:32 AM | Attr = ]
roxwatchtray9.exe -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe -> Sonic Solutions [Ver = 9.0.1.31 | Size = 221184 bytes | Modified Date = 8/10/2006 11:10:14 AM | Attr = ]
schedhlp.exe -> %CommonProgramFiles%\Acronis\Schedule2\schedhlp.exe -> Acronis [Ver = 1,0,0,237 | Size = 87584 bytes | Modified Date = 10/16/2006 9:13:32 PM | Attr = ]
schedul2.exe -> %CommonProgramFiles%\Acronis\Schedule2\schedul2.exe -> Acronis [Ver = 1,0,0,237 | Size = 230944 bytes | Modified Date = 10/16/2006 9:13:28 PM | Attr = ]
scsiaccess.exe -> %ProgramFiles%\Photodex\ProShowProducer\ScsiAccess.exe -> [Ver = | Size = 181312 bytes | Modified Date = 2/1/2007 11:05:10 PM | Attr = ]
sm1bg.exe -> %SystemRoot%\SM1bg.exe -> Cypress Semiconductor [Ver = 6.01.1000.0 | Size = 94208 bytes | Modified Date = 8/27/2003 1:20:00 PM | Attr = R ]
smsystemanalyzer.exe -> %ProgramFiles%\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe -> [Ver = | Size = 557056 bytes | Modified Date = 12/20/2006 5:47:56 PM | Attr = ]
tbcpro.exe -> %ProgramFiles%\TitleBarClock Pro\Tbcpro.exe -> [Ver = | Size = 36352 bytes | Modified Date = 3/4/2006 7:19:46 AM | Attr = ]
timountermonitor.exe -> %ProgramFiles%\Acronis\TrueImageHome\TimounterMonitor.exe -> Acronis [Ver = 3.3 build 443 | Size = 1941784 bytes | Modified Date = 10/16/2006 9:17:16 PM | Attr = ]
tivobeacon.exe -> %CommonProgramFiles%\TiVo Shared\Beacon\TiVoBeacon.exe -> TiVo Inc. [Ver = 1.2 | Size = 844288 bytes | Modified Date = 4/29/2005 11:28:28 AM | Attr = ]
tivotransfer.exe -> %CommonProgramFiles%\TiVo Shared\Transfer\TivoTransfer.exe -> TiVo Inc. [Ver = 1.0 | Size = 1009664 bytes | Modified Date = 4/29/2005 11:29:16 AM | Attr = ]
trueimagemonitor.exe -> %ProgramFiles%\Acronis\TrueImageHome\TrueImageMonitor.exe -> Acronis [Ver = 10,0,0,4871 | Size = 1164912 bytes | Modified Date = 10/16/2006 9:12:20 PM | Attr = ]
ulcdrsvr.exe -> %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe -> Ulead Systems, Inc. [Ver = 1, 0, 0, 4 | Size = 49152 bytes | Modified Date = 1/31/2005 9:45:20 AM | Attr = ]
usisrv.exe -> %CommonProgramFiles%\Ulead Systems\DVD\USISrv.exe -> Ulead Systems [Ver = 1, 0, 1, 16 | Size = 81920 bytes | Modified Date = 12/23/2004 4:27:50 PM | Attr = ]
vcddaemon.exe -> %ProgramFiles%\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe -> Elaborate Bytes AG [Ver = 5, 0, 0, 0 | Size = 45056 bytes | Modified Date = 4/12/2005 7:27:20 AM | Attr = ]
winampa.exe -> %ProgramFiles%\Winamp\winampa.exe -> [Ver = | Size = 35328 bytes | Modified Date = 6/21/2006 9:14:50 AM | Attr = ]
wincinemamgr.exe -> %ProgramFiles%\InterVideo\Common\Bin\WinCinemaMgr.exe -> InterVideo Inc. [Ver = IVI_MAJOR_VERSION.IVI_MINOR_VERSION | Size = 278528 bytes | Modified Date = 4/17/2006 1:28:42 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.19.0 | Size = 311296 bytes | Modified Date = 2/23/2007 9:00:08 PM | Attr = ]
wzqkpick.exe -> %ProgramFiles%\WinZip\WZQKPICK.EXE -> WinZip Computing LP [Ver = 1.0 (32-bit) | Size = 122880 bytes | Modified Date = 4/7/2006 9:00:00 AM | Attr = ]
ytbsdk.exe -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\YTBSDK.exe -> Symantec Corporation [Ver = 2006.0.0.13 | Size = 214704 bytes | Modified Date = 6/28/2006 11:34:34 AM | Attr = ]
zonetick.exe -> %ProgramFiles%\ZoneTick\zonetick.exe -> WR Consulting [Ver = 2, 6, 6, 0 | Size = 126976 bytes | Modified Date = 8/29/2005 9:34:52 AM | Attr = ]
 
Part 2

[Win32 Services - Non-Microsoft Only]
(AcrSch2Svc) Acronis Scheduler2 Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Acronis\Schedule2\schedul2.exe -> Acronis [Ver = 1,0,0,237 | Size = 230944 bytes | Modified Date = 10/16/2006 9:13:28 PM | Attr = ]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 4/28/2005 8:08:30 PM | Attr = ]
(AdobeActiveFileMonitor5.0) Adobe Active File Monitor V5 [Win32_Own | Auto | Running] -> %ProgramFiles%\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -> [Ver = | Size = 102400 bytes | Modified Date = 9/14/2006 6:56:06 AM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Disabled | Stopped] -> -> File not found
(ccPwdSvc) Symantec Password Validation [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccPwdSvc.exe -> Symantec Corporation [Ver = 103.5.6.3 | Size = 83568 bytes | Modified Date = 10/4/2005 12:42:48 PM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Disabled | Stopped] -> -> File not found
(COM+ Alerter Service) COM+ Alerter Service [Win32_Own | Auto | Stopped] -> %System32%\altsvc.exe -> File not found
(DefWatch) Symantec AntiVirus Definition Watcher [Win32_Own | Disabled | Stopped] -> -> File not found
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
(e4mservice) e4mservice [Win32_Own | Auto | Running] -> %ProgramFiles%\Positive Networks\Drivers\e4mserv.exe -> [Ver = | Size = 80792 bytes | Modified Date = 4/28/2003 1:28:32 PM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 1/24/2007 2:14:22 AM | Attr = ]
(HDDSvc) HDD Information Service [Win32_Own | Auto | Running] -> %System32%\HDDSvc.exe -> AltrixSoft (http://www.altrixsoft.com/) [Ver = 2, 5, 184, 0 | Size = 192512 bytes | Modified Date = 2/12/2007 10:26:34 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 2:24:18 AM | Attr = ]
(iPodService) iPodService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.1.3 | Size = 323584 bytes | Modified Date = 10/18/2005 11:58:40 AM | Attr = ]
(Macromedia Licensing Service) Macromedia Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macromedia Shared\Service\Macromedia Licensing.exe -> Macromedia [Ver = 2.65.000 | Size = 69632 bytes | Modified Date = 11/3/2004 3:14:48 AM | Attr = ]
(NMSAccess) NMSAccess [Win32_Own | Auto | Running] -> %ProgramFiles%\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe -> [Ver = | Size = 45056 bytes | Modified Date = 12/7/2005 9:44:20 AM | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 81920 bytes | Modified Date = 10/6/2003 1:16:00 PM | Attr = ]
(O&O Defrag) O&O Defrag [Win32_Own | Auto | Running] -> %System32%\oodag.exe -> O&O Software GmbH [Ver = 8.0.1398 | Size = 225280 bytes | Modified Date = 5/11/2005 2:09:54 AM | Attr = ]
(pospcserv) Positive Networks VPN Client Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\Positive Networks\Drivers\pospcserv.exe -> Positive Networks [Ver = 2, 1, 9, 2 | Size = 295424 bytes | Modified Date = 9/5/2006 12:53:02 PM | Attr = ]
(RichVideo) Cyberlink RichVideo Service(CRVS) [Win32_Own | Auto | Running] -> %ProgramFiles%\CyberLink\Shared Files\RichVideo.exe -> [Ver = 1.1.1006 | Size = 167936 bytes | Modified Date = 10/6/2005 12:15:32 AM | Attr = ]
(Roxio UPnP Renderer 9) Roxio UPnP Renderer 9 [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -> Sonic Solutions [Ver = 8.0.0.47 | Size = 57344 bytes | Modified Date = 8/9/2006 3:30:32 AM | Attr = ]
(Roxio Upnp Server 9) Roxio Upnp Server 9 [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Roxio\Digital Home 9\RoxioUpnpService9.exe -> Sonic Solutions [Ver = 9.0.0.94 | Size = 294912 bytes | Modified Date = 8/9/2006 3:30:06 AM | Attr = ]
(RoxLiveShare9) LiveShare P2P Server 9 [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -> Sonic Solutions [Ver = 9.0.1.31 | Size = 303104 bytes | Modified Date = 8/10/2006 11:04:22 AM | Attr = ]
(RoxMediaDB9) RoxMediaDB9 [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -> Sonic Solutions [Ver = 9.0.1.31 | Size = 880640 bytes | Modified Date = 8/10/2006 11:02:44 AM | Attr = ]
(RoxWatch9) Roxio Hard Drive Watcher 9 [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -> Sonic Solutions [Ver = 9.0.1.31 | Size = 159744 bytes | Modified Date = 8/10/2006 10:59:26 AM | Attr = ]
(SavRoam) SavRoam [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec AntiVirus\SavRoam.exe -> symantec [Ver = 10.0.2.2000 | Size = 169200 bytes | Modified Date = 11/15/2005 1:27:56 PM | Attr = ]
(ScsiAccess) ScsiAccess [Win32_Own | Auto | Running] -> %ProgramFiles%\Photodex\ProShowProducer\ScsiAccess.exe -> [Ver = | Size = 181312 bytes | Modified Date = 2/1/2007 11:05:10 PM | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | Disabled | Stopped] -> -> File not found
(SPBBCSvc) Symantec SPBBCSvc [Win32_Own | Disabled | Stopped] -> -> File not found
(stllssvr) stllssvr [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\SureThing Shared\stllssvr.exe -> MicroVision Development, Inc. [Ver = 1.2.447 | Size = 73728 bytes | Modified Date = 7/20/2006 6:25:04 PM | Attr = ]
(Symantec AntiVirus) Symantec AntiVirus [Win32_Own | Auto | Stopped] -> -> File not found
(TivoBeacon2) TiVo Beacon [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\TiVo Shared\Beacon\TiVoBeacon.exe -> TiVo Inc. [Ver = 1.2 | Size = 844288 bytes | Modified Date = 4/29/2005 11:28:28 AM | Attr = ]
(TUWinStylerThemeSvc) TuneUp WinStyler Theme Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\TuneUp Utilities 2004\WinStylerThemeSvc.exe -> TuneUp Software GmbH [Ver = 1.0.0.78 | Size = 117760 bytes | Modified Date = 8/5/2004 4:02:44 PM | Attr = ]
(UleadBurningHelper) Ulead Burning Helper [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe -> Ulead Systems, Inc. [Ver = 1, 0, 0, 4 | Size = 49152 bytes | Modified Date = 1/31/2005 9:45:20 AM | Attr = ]
 
Part 3

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
-> -> File not found
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 4:20:00 AM | Attr = ]
Acrobat Assistant 7.0 -> %ProgramFiles%\Adobe\Acrobat 7.0\Distillr\acrotray.exe -> Adobe Systems Inc. [Ver = 7.0.7.2006011200 | Size = 483328 bytes | Modified Date = 1/12/2006 8:52:32 PM | Attr = ]
Acronis Scheduler2 Service -> %CommonProgramFiles%\Acronis\Schedule2\schedhlp.exe -> Acronis [Ver = 1,0,0,237 | Size = 87584 bytes | Modified Date = 10/16/2006 9:13:32 PM | Attr = ]
AcronisTimounterMonitor -> %ProgramFiles%\Acronis\TrueImageHome\TimounterMonitor.exe -> Acronis [Ver = 3.3 build 443 | Size = 1941784 bytes | Modified Date = 10/16/2006 9:17:16 PM | Attr = ]
Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Elements 5.0\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.66984 | Size = 61440 bytes | Modified Date = 9/14/2006 6:55:52 AM | Attr = ]
CloneCDTray -> %ProgramFiles%\SlySoft\CloneCD\CloneCDTray.exe -> SlySoft, Inc. [Ver = 5, 0, 1, 1 | Size = 57344 bytes | Modified Date = 12/9/2004 5:56:52 AM | Attr = ]
Corel Photo Downloader -> %ProgramFiles%\Corel\Corel Photo Album 6\MediaDetect.exe -> Corel, Inc. [Ver = 6.3.3 (20060209.16) | Size = 106496 bytes | Modified Date = 2/9/2006 2:34:54 PM | Attr = ]
DVD43 -> %ProgramFiles%\DVD Region+CSS Free\DVDRegionFree.exe -> Fengtao Software Inc. [Ver = 5, 6, 0, 8 | Size = 503808 bytes | Modified Date = 12/1/2004 10:48:38 PM | Attr = ]
HDInspector.exe -> %ProgramFiles%\Hard Drive Inspector\HDInspector.exe -> Altrixsoft [Ver = 2, 0, 317, 0 | Size = 991744 bytes | Modified Date = 2/14/2007 11:25:08 AM | Attr = ]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 249856 bytes | Modified Date = 6/10/2005 9:44:02 AM | Attr = ]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 6/10/2005 9:44:02 AM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.1.3 | Size = 278528 bytes | Modified Date = 10/18/2005 11:58:54 AM | Attr = ]
LanguageShortcut -> %ProgramFiles%\CyberLink\PowerDVD\Language\Language.exe -> [Ver = 1, 0, 1718, 0 | Size = 49152 bytes | Modified Date = 5/18/2006 11:29:00 AM | Attr = ]
muBlinder -> %UserDesktop%\muBlinder.exe -> KRX [Ver = 3.2.0.0 | Size = 425984 bytes | Modified Date = 10/19/2006 6:21:40 AM | Attr = ]
NeroFilterCheck -> %CommonProgramFiles%\Ahead\Lib\NeroCheck.exe -> Nero AG [Ver = 1, 0, 0, 5 | Size = 155648 bytes | Modified Date = 1/12/2006 3:40:44 PM | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 5058560 bytes | Modified Date = 10/6/2003 1:16:00 PM | Attr = ]
PinnacleDriverCheck -> %System32%\PSDrvCheck.exe -> [Ver = 1.0.0.63 | Size = 406016 bytes | Modified Date = 3/10/2004 4:26:10 PM | Attr = ]
PSDrvCheck -> %ProgramFiles%\Pinnacle\Instant PhotoAlbum\Programs\PSDrvCheck.exe -> [Ver = 1.0.0.59 | Size = 406016 bytes | Modified Date = 9/12/2003 3:08:58 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.0.3 | Size = 155648 bytes | Modified Date = 12/12/2005 12:06:38 AM | Attr = ]
RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0910 | Size = 30208 bytes | Modified Date = 12/7/2005 10:57:00 PM | Attr = ]
RoxioDragToDisc -> %ProgramFiles%\Roxio\Drag-to-Disc\DrgToDsc.exe -> Sonic Solutions [Ver = 9.0.0.50 | Size = 1116920 bytes | Modified Date = 7/31/2006 8:00:00 AM | Attr = ]
RoxWatchTray -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe -> Sonic Solutions [Ver = 9.0.1.31 | Size = 221184 bytes | Modified Date = 8/10/2006 11:10:14 AM | Attr = ]
SM1BG -> %SystemRoot%\SM1bg.exe -> Cypress Semiconductor [Ver = 6.01.1000.0 | Size = 94208 bytes | Modified Date = 8/27/2003 1:20:00 PM | Attr = R ]
TrueImageMonitor.exe -> %ProgramFiles%\Acronis\TrueImageHome\TrueImageMonitor.exe -> Acronis [Ver = 10,0,0,4871 | Size = 1164912 bytes | Modified Date = 10/16/2006 9:12:20 PM | Attr = ]
USIUDF_Eject_Monitor -> %CommonProgramFiles%\Ulead Systems\DVD\USISrv.exe -> Ulead Systems [Ver = 1, 0, 1, 16 | Size = 81920 bytes | Modified Date = 12/23/2004 4:27:50 PM | Attr = ]
VirtualCloneDrive -> %ProgramFiles%\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe -> Elaborate Bytes AG [Ver = 5, 0, 0, 0 | Size = 45056 bytes | Modified Date = 4/12/2005 7:27:20 AM | Attr = ]
WinampAgent -> %ProgramFiles%\Winamp\winampa.exe -> [Ver = | Size = 35328 bytes | Modified Date = 6/21/2006 9:14:50 AM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AnyDVD -> %ProgramFiles%\SlySoft\AnyDVD\AnyDVD.exe -> SlySoft, Inc. [Ver = 6.0.5.0 | Size = 471040 bytes | Modified Date = 8/18/2006 2:15:36 AM | Attr = ]
DeskCalc -> %ProgramFiles%\deskcalc pro\deskcalc.exe -> DeskCalc GbR [Ver = 4, 0, 11, 0 | Size = 3080192 bytes | Modified Date = 1/29/2007 1:38:22 PM | Attr = ]
Handy Animated Emoticons -> %ProgramFiles%\Scorpio Software\Handy Animated Emoticons\HAE.exe -> Scorpio Software [Ver = 3.00.0045 | Size = 679936 bytes | Modified Date = 5/4/2005 4:12:58 PM | Attr = ]
IDMan -> %ProgramFiles%\Internet Download Manager\IDMan.exe -> Tonec Inc. [Ver = 5.08.4 | Size = 892672 bytes | Modified Date = 2/7/2007 12:04:56 AM | Attr = ]
NvMediaCenter -> %System32%\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 49152 bytes | Modified Date = 10/6/2003 1:16:00 PM | Attr = ]
PhotoShow Deluxe Media Manager -> %ProgramFiles%\Comcast\Comcast PhotoShow 4\data\Xtras\mssysmgr.exe -> Simple Star, Inc. [Ver = 4.0.0.0 | Size = 192512 bytes | Modified Date = 5/9/2005 3:16:16 PM | Attr = ]
RAMSaverPro -> %ProgramFiles%\WinTools\RAM Saver Pro\ramsaverpro.exe -> [Ver = | Size = 77824 bytes | Modified Date = 4/14/2005 1:37:14 AM | Attr = ]
SMSystemAnalyzer -> %ProgramFiles%\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe -> [Ver = | Size = 557056 bytes | Modified Date = 12/20/2006 5:47:56 PM | Attr = ]
Spyware Doctor -> %ProgramFiles%\Spyware Doctor\swdoctor.exe -> File not found
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 2, 1128, 5462 | Size = 171448 bytes | Modified Date = 1/24/2007 2:14:26 AM | Attr = ]
TBC Pro -> %ProgramFiles%\TitleBarClock Pro\Tbcpro.exe -> [Ver = | Size = 36352 bytes | Modified Date = 3/4/2006 7:19:46 AM | Attr = ]
TivoServer -> %ProgramFiles%\TiVo\Desktop\TiVoServer.exe -> TiVo Inc. [Ver = 1.1 | Size = 1819648 bytes | Modified Date = 4/29/2005 11:30:44 AM | Attr = ]
TivoTransfer -> %CommonProgramFiles%\TiVo Shared\Transfer\TivoTransfer.exe -> TiVo Inc. [Ver = 1.0 | Size = 1009664 bytes | Modified Date = 4/29/2005 11:29:16 AM | Attr = ]
ZoneTick -> %ProgramFiles%\ZoneTick\zonetick.exe -> WR Consulting [Ver = 2, 6, 6, 0 | Size = 126976 bytes | Modified Date = 8/29/2005 9:34:52 AM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Acrobat Speed Launcher.lnk -> -> File not found
%AllUsersStartup%\InterVideo WinCinema Manager.lnk -> %ProgramFiles%\InterVideo\Common\Bin\WinCinemaMgr.exe -> InterVideo Inc. [Ver = IVI_MAJOR_VERSION.IVI_MINOR_VERSION | Size = 278528 bytes | Modified Date = 4/17/2006 1:28:42 PM | Attr = ]
%AllUsersStartup%\Positive Networks.lnk -> %ProgramFiles%\Positive Networks\PosLoader.exe -> Positive Networks [Ver = 2, 1, 45, 1 | Size = 712192 bytes | Modified Date = 9/5/2006 12:53:02 PM | Attr = ]
%AllUsersStartup%\WinZip Quick Pick.lnk -> %ProgramFiles%\WinZip\WZQKPICK.EXE -> WinZip Computing LP [Ver = 1.0 (32-bit) | Size = 122880 bytes | Modified Date = 4/7/2006 9:00:00 AM | Attr = ]
< User Startup > -> C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\ST\Startup
%UserStartup%\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 3/16/2005 6:16:50 PM | Attr = ]
%UserStartup%\Check For Updates.lnk -> %ProgramFiles%\eDonkey2000Lite\WiseUpdt.exe -> [Ver = | Size = 162834 bytes | Modified Date = 7/26/2002 5:04:24 PM | Attr = ]
< File Associations > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\
.bat [@ = batfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.cmd [@ = cmdfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.com [@ = comfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.cpl [@ = cplfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.exe [@ = exefile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.hta [@ = htafile] -> PersistentHandler = Reg Data - Key not found ->
.html [@ = htmlfile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} ->
.inf [@ = inffile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.ini [@ = inifile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.url [@ = InternetShortcut] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.js [@ = JSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.jse [@ = JSEFile] -> PersistentHandler = Reg Data - Key not found ->
.pif [@ = piffile] -> PersistentHandler = Reg Data - Key not found ->
.reg [@ = regfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.scr [@ = scrfile] -> PersistentHandler = Reg Data - Key not found ->
.txt [@ = txtfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.vbe [@ = VBEFile] -> PersistentHandler = Reg Data - Key not found ->
.vbs [@ = VBSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.wsf [@ = WSFFile] -> PersistentHandler = Reg Data - Key not found ->
.wsh [@ = WSHFile] -> PersistentHandler = Reg Data - Key not found ->
< Registry Shell Spawning > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command
batfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
batfile [open] -> "%1" %* ->
batfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
cmdfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
cmdfile [open] -> "%1" %* ->
cmdfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
comfile [open] -> "%1" %* ->
cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL "%1",%* -> Microsoft Corporation [Ver = 6.00.2900.2951 (xpsp_sp2_gdr.060713-0009) | Size = 8453632 bytes | Modified Date = 7/13/2006 5:33:28 AM | Attr = ]
exefile [open] -> "%1" %* ->
htafile [open] -> %System32%\mshta.exe "%1" %* -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 29184 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
htmlfile [edit] -> "%ProgramFiles%\Microsoft Office\OFFICE11\msohtmed.exe" %1 -> Microsoft Corporation [Ver = 11.0.5510 | Size = 55360 bytes | Modified Date = 7/14/2003 9:52:56 PM | Attr = ]
htmlfile [open] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" -nohome -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
htmlfile [opennew] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" %1 -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
htmlfile [print] -> "%ProgramFiles%\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 -> Microsoft Corporation [Ver = 11.0.5510 | Size = 55360 bytes | Modified Date = 7/14/2003 9:52:56 PM | Attr = ]
http [open] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" -nohome -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
https [open] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" -nohome -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33280 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
inffile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
inffile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
inifile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
inifile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
InternetShortcut [open] -> rundll32.exe shdocvw.dll,OpenURL %l -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp_sp2_gdr.061023-0214) | Size = 1494528 bytes | Modified Date = 10/23/2006 7:17:54 AM | Attr = ]
InternetShortcut [print] -> rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp_sp2_gdr.061023-0214) | Size = 3055104 bytes | Modified Date = 10/23/2006 7:17:52 AM | Attr = ]
jsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
jsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
jsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
jsefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
jsefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
jsefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
piffile [open] -> "%1" %* ->
regfile [edit] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
regfile [open] -> regedit.exe "%1" -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 146432 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
regfile [merge] -> Reg Data - Key not found ->
 
Part 4

regfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
scrfile [config] -> "%1" ->
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 135168 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
scrfile [open] -> "%1" %* ->
txtfile [edit] -> Reg Data - Key not found ->
txtfile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
txtfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
txtfile [printto] -> %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
vbefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
vbefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
vbefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
vbsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
vbsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
vbsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
wsffile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
wsffile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
wsffile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
wshfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> Microsoft Corporation [Ver = 6.00.2900.2951 (xpsp_sp2_gdr.060713-0009) | Size = 8453632 bytes | Modified Date = 7/13/2006 5:33:28 AM | Attr = ]
Directory [!ezcddaxa] -> "%ProgramFiles%\Easy CD-DA Extractor 10\\convert.exe" "%1" -> [Ver = | Size = 6656 bytes | Modified Date = 7/27/2006 1:35:02 AM | Attr = ]
Directory [!ezcddaxb] -> "%ProgramFiles%\Easy CD-DA Extractor 10\\burn.exe" "%1" -> [Ver = | Size = 6656 bytes | Modified Date = 7/27/2006 1:35:02 AM | Attr = ]
Directory [!ezcddaxc] -> "%ProgramFiles%\Easy CD-DA Extractor 10\\burn2.exe" "%1" -> [Ver = | Size = 6656 bytes | Modified Date = 7/27/2006 1:35:02 AM | Attr = ]
Directory [ACDBrowse] -> "%ProgramFiles%\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" -> ACD Systems Ltd. [Ver = 1,0,68,1 | Size = 512000 bytes | Modified Date = 9/7/2006 11:03:20 AM | Attr = ]
Directory [Browse in Ember] -> %ProgramFiles%\Firehand Technologies\Ember\Ember.exe %1 -> Firehand Technologies Corporation [Ver = 7.0.10 | Size = 733184 bytes | Modified Date = 1/15/2005 4:20:44 PM | Attr = ]
Directory [find] -> %SystemRoot%\Explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
Directory [UsePrintFolders] -> "%ProgramFiles%\PrintFolders\PrintFolders.exe" "%1" -> Stratopoint Software [Ver = 2, 2, 1, 0 | Size = 249856 bytes | Modified Date = 7/22/2005 3:07:44 AM | Attr = ]
Directory [Winamp.Bookmark] -> "%ProgramFiles%\Winamp\Winamp.exe" /BOOKMARK "%1" -> Nullsoft [Ver = 5,2,4,703 | Size = 1075200 bytes | Modified Date = 6/21/2006 9:16:10 AM | Attr = ]
Directory [Winamp.Enqueue] -> "%ProgramFiles%\Winamp\Winamp.exe" /ADD "%1" -> Nullsoft [Ver = 5,2,4,703 | Size = 1075200 bytes | Modified Date = 6/21/2006 9:16:10 AM | Attr = ]
Directory [Winamp.Play] -> "%ProgramFiles%\Winamp\Winamp.exe" "%1" -> Nullsoft [Ver = 5,2,4,703 | Size = 1075200 bytes | Modified Date = 6/21/2006 9:16:10 AM | Attr = ]
Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
Drive [find] -> %SystemRoot%\Explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
Applications\iexplore.exe [open] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" %1 -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
< ActiveX StubPath [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -> ->
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> ->
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ->
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ->
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ->
{4b218e3e-bc98-4770-93d3-2731b9329278} -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf ->
{5945c046-1e7d-11d1-bc44-00c04fd912be} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ->
{6BF52A52-394A-11d3-B153-00C04F79FAA6} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub ->
{73FA19D0-2D75-11D2-995D-00C04F98BBC9} -> ->
{7790769C-0471-11d2-AF11-00C04FA35D02} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ->
{89820200-ECBD-11cf-8B85-00AA005B4340} -> regsvr32.exe /s /n /i:U shell32.dll ->
{89820200-ECBD-11cf-8B85-00AA005B4383} -> %SystemRoot%\system32\ie4uinit.exe ->
{89B4C1CD-B018-4511-B0A1-5476DBF70820} -> C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ->
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> C:\WINDOWS\inf\unregmp2.exe /ShowWMP ->
>{26923b43-4d38-484f-9b9e-de460746276c} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ->
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ->
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ->
< WOW Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW
cmdline -> %SystemRoot%\system32\ntvdm.exe ->
wowcmdline -> %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386 ->
< Session Manager Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
BootExecute -> sprestrt; ->
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 9/28/2006 6:13:28 AM | Attr = ]
{93994DE8-8239-4655-B1D1-5F4E91300429} [HKLM] -> %ProgramFiles%\DVD Region+CSS Free\DVDShell.dll [] -> Fengtao Software Inc. [Ver = 5, 5, 0, 8 | Size = 49152 bytes | Modified Date = 10/9/2004 3:18:02 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
NavLogon -> %System32%\NavLogon.dll -> Symantec Corporation [Ver = 10.0.2.2000 | Size = 43760 bytes | Modified Date = 11/15/2005 1:28:12 PM | Attr = ]
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveSearch -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\\NoResolveTrack -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 144 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer not found. -> ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> ->
0 -> FriendlyName = ->
0 -> Source = file:///C:/DOCUME~1/ALEX~1.HOM/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg ->
0 -> SubscribedURL = file:///C:/DOCUME~1/ALEX~1.HOM/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg ->
1 -> ->
1 -> FriendlyName = My Current Home Page ->
1 -> Source = About:Home ->
1 -> SubscribedURL = About:Home ->
< HOSTS File > (813 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://www.excite.com/ ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 5, 1 | Size = 439872 bytes | Modified Date = 9/6/2006 9:09:00 AM | Attr = ]
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
*.update_microsoft.com [http] -> ->
*.update_microsoft.com [https] -> ->
turbotax.com [http] -> ->
turbotax.com [https] -> ->
download_windowsupdate.com [http] -> ->
 
Part 5

< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{0055C089-8582-441B-A0BF-17B458C2A3A8} [HKLM] -> %ProgramFiles%\Internet Download Manager\IDMIECC.dll [IDMIEHlprObj Class] -> Tonec Inc. [Ver = 3, 0, 2, 1 | Size = 79544 bytes | Modified Date = 1/25/2007 7:15:28 AM | Attr = ]
{00C6482D-C502-44C8-8409-FCE54AD9C208} [HKLM] -> %ProgramFiles%\TechSmith\SnagIt 8\SnagItBHO.dll [HelperObject Class] -> TechSmith Corporation [Ver = 1.0.1 | Size = 49152 bytes | Modified Date = 3/14/2006 7:01:00 AM | Attr = ]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 9, 5, 1 | Size = 439872 bytes | Modified Date = 9/6/2006 9:09:00 AM | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 4:16:42 AM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> d:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Reg Data - Value does not exist] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} [HKLM] -> %ProgramFiles%\Spyware Doctor\tools\iesdsg.dll [PCTools Site Guard] -> PC Tools [Ver = 3.6.0.2071 | Size = 825528 bytes | Modified Date = 8/1/2006 3:27:06 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 11/10/2005 1:22:10 PM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
{AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 12/18/2006 4:18:14 AM | Attr = ]
{B56A7D7D-6927-48C8-A975-17DF180C71AC} [HKLM] -> %ProgramFiles%\Spyware Doctor\tools\iesdpb.dll [PCTools Browser Monitor] -> PC Tools [Ver = 3.6.0.2283 | Size = 850104 bytes | Modified Date = 8/1/2006 3:23:12 PM | Attr = ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 12/18/2006 4:18:14 AM | Attr = ]
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\yhexbmes0521.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2004, 5, 21, 2 | Size = 320656 bytes | Modified Date = 10/27/2004 1:20:42 AM | Attr = ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\yhexbmes0521.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2004, 5, 21, 2 | Size = 320656 bytes | Modified Date = 10/27/2004 1:20:42 AM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 12/18/2006 4:18:14 AM | Attr = ]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} [HKLM] -> %ProgramFiles%\TechSmith\SnagIt 8\SnagItIEAddin.dll [SnagIt] -> TechSmith Corporation [Ver = 1.0.6 | Size = 131072 bytes | Modified Date = 3/14/2006 7:01:00 AM | Attr = ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 5, 1 | Size = 439872 bytes | Modified Date = 9/6/2006 9:09:00 AM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
ShellBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 12/18/2006 4:18:14 AM | Attr = ]
ShellBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 12/18/2006 4:18:14 AM | Attr = ]
WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 5, 1 | Size = 439872 bytes | Modified Date = 9/6/2006 9:09:00 AM | Attr = ]
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8192 - Sun Java Console ->
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -> 8196 - Reg Data - Value does not exist ->
{4528BBE0-4E08-11D5-AD55-00010333D0AD} -> 8193 - Yahoo! Messenger ->
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> 8194 - Reg Data - Value does not exist ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8195 - Windows Messenger ->
NextId -> 8197 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\npjpi150_06.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 11/10/2005 1:22:10 PM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 11/10/2005 1:22:10 PM | Attr = ]
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -> Reg Data - Value does not exist [ButtonText: Spyware Doctor] -> File not found
{4528BBE0-4E08-11D5-AD55-00010333D0AD} -> Reg Data - Value does not exist [ButtonText: Messenger] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&Yahoo! Search -> %ProgramFiles%\Yahoo!\Common\YCSRCH.HTM -> [Ver = | Size = 605 bytes | Modified Date = 5/18/2004 4:57:16 PM | Attr = ]
Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECaptureSelLinks.htm -> File not found
Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppendSelLinks.htm -> File not found
Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
Convert to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
Download All Links with IDM -> %ProgramFiles%\Internet Download Manager\IEGetAll.htm -> [Ver = | Size = 283 bytes | Modified Date = 10/20/2003 2:13:14 AM | Attr = ]
Download with IDM -> %ProgramFiles%\Internet Download Manager\IEExt.htm -> [Ver = | Size = 277 bytes | Modified Date = 12/2/2004 8:31:10 AM | Attr = ]
E&xport to Microsoft Excel -> -> File not found
 
Part 6

Open using &Advanced JPEG Compressor -> %ProgramFiles%\Advanced JPEG Compressor\ajcieex.htm -> [Ver = | Size = 415 bytes | Modified Date = 11/21/2001 7:10:28 PM | Attr = ]
Yahoo! &Dictionary -> %ProgramFiles%\Yahoo!\Common\YCDICT.HTM -> [Ver = | Size = 616 bytes | Modified Date = 5/18/2004 4:56:58 PM | Attr = ]
Yahoo! &Maps -> %ProgramFiles%\Yahoo!\Common\YCDICT.HTM -> [Ver = | Size = 616 bytes | Modified Date = 5/18/2004 4:56:58 PM | Attr = ]
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} [HKLM] -> %ProgramFiles%\TuneUp Utilities 2004\SDShelEx.dll [TuneUp Shredder Shell Context Menu Extension] -> TuneUp Software GmbH [Ver = 1.0.0.145 | Size = 45568 bytes | Modified Date = 8/5/2004 4:02:42 PM | Attr = ]
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} [HKLM] -> Reg Data - Key not found [Autoplay for SlideShow] -> File not found
{0873D142-79EF-49fa-81B5-211AAC0B0A7F} [HKLM] -> %ProgramFiles%\Roxio\Easy Media Creator 7\Creator Classic\TargetFinder.dll [Target Finder Shell Extension] -> [Ver = 1, 0, 0, 1 | Size = 172032 bytes | Modified Date = 4/13/2004 3:29:52 PM | Attr = ]
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C} [HKLM] -> %ProgramFiles%\Roxio\Virtual Drive 9\DC_ShellExt.dll [RXDCExtShlExt extension] -> Sonic Solutions [Ver = 9.0.1.16 | Size = 81920 bytes | Modified Date = 8/9/2006 1:49:14 AM | Attr = ]
{1CDB2949-8F65-4355-8456-263E7C208A5D} [HKLM] -> %System32%\nvshell.dll [Desktop Explorer] -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 430152 bytes | Modified Date = 10/6/2003 1:16:00 PM | Attr = ]
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} [HKLM] -> %System32%\nvshell.dll [Desktop Explorer Menu] -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 430152 bytes | Modified Date = 10/6/2003 1:16:00 PM | Attr = ]
{23170F69-40C1-278A-1000-000100020000} [HKLM] -> %ProgramFiles%\7-Zip\7-zip.dll [7-Zip Shell Extension] -> [Ver = | Size = 138752 bytes | Modified Date = 5/13/2006 8:23:40 PM | Attr = ]
{2AA59FC0-31E8-42DA-9D3C-E9A52953853B} [HKLM] -> %ProgramFiles%\vso\CopyToDVD\CtcdShell.dll [CopyToCD shell extension] -> VSO Software [Ver = 1.2.0.43 | Size = 222208 bytes | Modified Date = 6/2/2003 6:33:00 AM | Attr = ]
{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} [HKLM] -> %ProgramFiles%\Illustrate\dBpowerAMP\dMCShell.dll [dBpowerAMP Music Converter] -> [Ver = 6, 0, 0, 1 | Size = 118784 bytes | Modified Date = 1/29/2005 12:05:12 AM | Attr = ]
{32020A01-506E-484D-A2A8-BE3CF17601C3} [HKLM] -> %ProgramFiles%\Alcohol Soft\Alcohol 120\AXShlEx.dll [AlcoholShellEx] -> Alcohol Soft Development Team [Ver = 1.9.5.3718 | Size = 343424 bytes | Modified Date = 7/29/2006 10:36:42 AM | Attr = ]
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> [Display Panning CPL Extension] -> File not found
{46E22146-59C0-4136-9233-FB7720E777B2} [HKLM] -> %ProgramFiles%\Easy CD-DA Extractor 10\ezcddax10.dll [EzCddax extension] -> [Ver = | Size = 48128 bytes | Modified Date = 8/22/2006 9:28:38 PM | Attr = ]
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} [HKLM] -> %ProgramFiles%\Microsoft Office\Visio11\VISSHE.DLL [{506F4668-F13E-4AA1-BB04-B43203AB3CC0}] -> [Ver = | Size = 785464 bytes | Modified Date = 8/16/2003 5:29:34 AM | Attr = ]
{5071CDA5-D3E1-11D5-BFC0-005004A71005} [HKLM] -> %ProgramFiles%\Advanced JPEG Compressor\ContextMenuExt.dll [Advanced JPEG Compressor Context Menu Shell Extension] -> [Ver = | Size = 48640 bytes | Modified Date = 11/22/2001 2:43:48 PM | Attr = ]
{51A64D28-F937-4045-A420-065CEFBD8A76} [HKLM] -> %ProgramFiles%\ARAR\ARARSHL.dll [ARAR Context Menu Shell Extension] -> [Ver = 1, 0, 0, 0 | Size = 64000 bytes | Modified Date = 6/22/2005 7:17:26 PM | Attr = ]
{5464D816-CF16-4784-B9F3-75C0DB52B499} [HKLM] -> %ProgramFiles%\Yahoo!\Common\ymmapi.dll [Yahoo! Mail] -> Yahoo! Inc. [Ver = 2004, 6, 13, 1 | Size = 180296 bytes | Modified Date = 6/14/2004 5:13:24 PM | Attr = ]
{5E44E225-A408-11CF-B581-008029601108} [HKLM] -> %ProgramFiles%\Roxio\Drag-to-Disc\Shellex.dll [Roxio DragToDisc Shell Extension] -> Sonic Solutions [Ver = 9.0.0.50 | Size = 367352 bytes | Modified Date = 7/31/2006 8:00:00 AM | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{79BC0345-1015-11D2-A299-006008312725} [HKLM] -> %ProgramFiles%\Pinnacle\Studio 10\programs\BlueShellExt.dll [blue.shell] -> [Ver = | Size = 188416 bytes | Modified Date = 10/13/2005 5:01:34 PM | Attr = ]
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} [HKLM] -> %ProgramFiles%\TechSmith\SnagIt 8\SnagItIEAddin.dll [SnagIt] -> TechSmith Corporation [Ver = 1.0.6 | Size = 131072 bytes | Modified Date = 3/14/2006 7:01:00 AM | Attr = ]
{8FF88D21-7BD0-11D1-BFB7-00AA00262A11} [HKLM] -> %ProgramFiles%\WinAce\arcext.dll [WinAce Archiver 2.6 Context Menu Shell Extension] -> e-merge GmbH [Ver = 2.5.1.0 | Size = 166912 bytes | Modified Date = 8/9/2005 1:06:00 AM | Attr = ]
{8FF88D23-7BD0-11D1-BFB7-00AA00262A11} [HKLM] -> %ProgramFiles%\WinAce\arcext.dll [WinAce Archiver 2.6 Property Sheet Shell Extension] -> e-merge GmbH [Ver = 2.5.1.0 | Size = 166912 bytes | Modified Date = 8/9/2005 1:06:00 AM | Attr = ]
{8FF88D25-7BD0-11D1-BFB7-00AA00262A11} [HKLM] -> %ProgramFiles%\WinAce\arcext.dll [WinAce Archiver 2.6 DragDrop Shell Extension] -> e-merge GmbH [Ver = 2.5.1.0 | Size = 166912 bytes | Modified Date = 8/9/2005 1:06:00 AM | Attr = ]
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} [HKLM] -> %ProgramFiles%\WinAce\arcext.dll [WinAce Archiver 2.6 Context Menu Shell Extension] -> e-merge GmbH [Ver = 2.5.1.0 | Size = 166912 bytes | Modified Date = 8/9/2005 1:06:00 AM | Attr = ]
{99BCFECE-CB38-4983-BFCA-0390EDE66384} [HKLM] -> %ProgramFiles%\Exif Farm\ExifFarm.dll [Exif Farm Context Menu Shell Extension] -> Two Pilots [Ver = 1.6.0.0 | Size = 781824 bytes | Modified Date = 7/18/2005 7:02:00 AM | Attr = ]
{A965C8E0-54A7-11D6-BF08-00079500BB23} [HKLM] -> Reg Data - Key not found [ZipZag Shell extension] -> File not found
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR shell extension] -> [Ver = | Size = 126464 bytes | Modified Date = 8/5/2006 10:34:34 AM | Attr = ]
{B7056B8E-4F99-44f8-8CBD-282390FE5428} [HKLM] -> %ProgramFiles%\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [VirtualCloneDrive] -> Elaborate Bytes AG [Ver = 5, 0, 0, 2 | Size = 69632 bytes | Modified Date = 8/20/2004 11:14:30 AM | Attr = ]
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} [HKLM] -> %ProgramFiles%\iTunes\iTunesMiniPlayer.dll [iTunes] -> Apple Computer, Inc. [Ver = 6.0.1.3 | Size = 102400 bytes | Modified Date = 10/18/2005 12:10:06 PM | Attr = ]
{BAB66DEA-6E13-473b-AA5A-B4172418F54B} [HKLM] -> %ProgramFiles%\Firehand Technologies\Ember\fhndicon.dll [Firehand Ember Thumbnail Icon Generator] -> Firehand Technologies Corporation [Ver = 7.0.10 | Size = 53248 bytes | Modified Date = 1/15/2005 4:21:18 PM | Attr = ]
{BDA77241-42F6-11d0-85E2-00AA001FE28C} [HKLM] -> %CommonProgramFiles%\Symantec Shared\SSC\vpshell2.dll [LDVP Shell Extensions] -> Symantec Corporation [Ver = 10.0.2.2000 | Size = 46320 bytes | Modified Date = 11/15/2005 1:28:42 PM | Attr = ]
{C539A15A-3AF9-4c92-B771-50CB78F5C751} [HKLM] -> %ProgramFiles%\Acronis\TrueImageHome\tishell.dll [Acronis True Image Shell Context Menu Extension] -> Acronis [Ver = 10,0,0,4871 | Size = 499872 bytes | Modified Date = 10/16/2006 9:17:08 PM | Attr = ]
{C539A15B-3AF9-4c92-B771-50CB78F5C751} [HKLM] -> %ProgramFiles%\Acronis\TrueImageHome\tishell.dll [Acronis True Image Shell Extension] -> Acronis [Ver = 10,0,0,4871 | Size = 499872 bytes | Modified Date = 10/16/2006 9:17:08 PM | Attr = ]
{CF74B903-3389-469c-B3B6-0204D204FCBD} [HKLM] -> %ProgramFiles%\TechSmith\SnagIt 8\SnagItShellExt.dll [SnagIt Shell Extension] -> TechSmith Corporation [Ver = 1.0.0.1 | Size = 110592 bytes | Modified Date = 3/14/2006 7:01:00 AM | Attr = ]
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll [Adobe.Acrobat.ContextMenu] -> Adobe Systems Inc. [Ver = 7.0.7.2006011200\0 | Size = 581632 bytes | Modified Date = 1/12/2006 8:49:02 PM | Attr = ]
{D66DC78C-4F61-447F-942B-3FB6980118CF} [HKLM] -> %ProgramFiles%\Microsoft Office\Visio11\VISSHE.DLL [{D66DC78C-4F61-447F-942B-3FB6980118CF}] -> [Ver = | Size = 785464 bytes | Modified Date = 8/16/2003 5:29:34 AM | Attr = ]
{DBD8E168-244D-448C-9922-25508950D1DC} [HKLM] -> %CommonProgramFiles%\Ulead Systems\DVD\USIShex.dll [Ulead UDF Driver] -> Ulead Systems, Inc. [Ver = 1, 1, 1, 21 | Size = 49152 bytes | Modified Date = 3/2/2005 2:52:46 AM | Attr = ]
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} [HKLM] -> %ProgramFiles%\Unlocker\UnlockerCOM.dll [UnlockerShellExtension] -> [Ver = | Size = 9216 bytes | Modified Date = 2/1/2006 3:14:26 PM | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 20552 bytes | Modified Date = 2/11/2003 8:10:00 AM | Attr = ]
{E0D79305-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 20552 bytes | Modified Date = 2/11/2003 8:10:00 AM | Attr = ]
{E0D79306-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 20552 bytes | Modified Date = 2/11/2003 8:10:00 AM | Attr = ]
{E0D79307-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 20552 bytes | Modified Date = 2/11/2003 8:10:00 AM | Attr = ]
{e57ce731-33e8-4c51-8354-bb4de9d215d1} [HKLM] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\UPnPUI.dll [Universal Plug and Play Devices] -> Sonic Solutions [Ver = 9.0.1.31 | Size = 655360 bytes | Modified Date = 8/10/2006 11:00:38 AM | Attr = ]
{E8CF73E1-2D2B-465D-9740-8E85349FD65A} [HKLM] -> %ProgramFiles%\DxO Labs\DxO Optics Pro v4\DOPMenu.dll [DOPMenu] -> [Ver = 1, 0, 0, 1 | Size = 1249280 bytes | Modified Date = 10/26/2006 9:34:44 PM | Attr = ]
{EC34FF98-16DB-4EBA-A91E-2596C03C35F6} [HKLM] -> %ProgramFiles%\AOEV\AOEVSHL.dll [AOEV Context Menu Shell Extension] -> [Ver = 1, 1, 0, 1 | Size = 64000 bytes | Modified Date = 6/7/2005 10:12:46 AM | Attr = ]
{F5D92341-0A64-11D0-9956-0000E8096023} [HKLM] -> %System32%\ShellExt\CDWshext.dll [CD Copy Shell Extension] -> Pinnacle Systems, Inc. [Ver = 6.0.0.0 | Size = 100352 bytes | Modified Date = 2/24/2003 10:48:50 AM | Attr = ]
{F5D92342-0A64-11D0-9956-0000E8096023} [HKLM] -> %System32%\ShellExt\CDWshext.dll [CD Wizard Shell Extension] -> Pinnacle Systems, Inc. [Ver = 6.0.0.0 | Size = 100352 bytes | Modified Date = 2/24/2003 10:48:50 AM | Attr = ]
{F5D92344-0A64-11D0-9956-0000E8096023} [HKLM] -> Reg Data - Key not found [InstantWrite Shellextension] -> File not found
{FED7043D-346A-414D-ACD7-550D052499A7} [HKLM] -> %ProgramFiles%\Illustrate\dBpowerAMP\dBShell.dll [dBpowerAMP Music Converter 1] -> [Ver = 6, 0, 0, 1 | Size = 110592 bytes | Modified Date = 1/29/2005 12:05:12 AM | Attr = ]
DxRecord Shell Extension [HKLM] -> Reg Data - Key not found [{8BF95282-F6F3-41a5-9423-1EB926E6624F}] -> File not found
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{0BD4AC2F-20DA-43e6-A2BB-CCA4A39B930D} [HKLM] -> %ProgramFiles%\Droppix\Droppix Recorder\ShImgFile.dll [DWShellContextMenu Class] -> Droppix [Ver = 1,7,5 Build 60 | Size = 241664 bytes | Modified Date = 6/10/2006 11:00:00 AM | Attr = ]
{C539A15A-3AF9-4c92-B771-50CB78F5C751} [HKLM] -> %ProgramFiles%\Acronis\TrueImageHome\tishell.dll [Acronis True Image Shell Context Menu Extension] -> Acronis [Ver = 10,0,0,4871 | Size = 499872 bytes | Modified Date = 10/16/2006 9:17:08 PM | Attr = ]
{23170F69-40C1-278A-1000-000100020000} [HKLM] -> %ProgramFiles%\7-Zip\7-zip.dll [7-Zip] -> [Ver = | Size = 138752 bytes | Modified Date = 5/13/2006 8:23:40 PM | Attr = ]
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll [Adobe.Acrobat.ContextMenu] -> Adobe Systems Inc. [Ver = 7.0.7.2006011200\0 | Size = 581632 bytes | Modified Date = 1/12/2006 8:49:02 PM | Attr = ]
{5071CDA5-D3E1-11D5-BFC0-005004A71005} [HKLM] -> %ProgramFiles%\Advanced JPEG Compressor\ContextMenuExt.dll [AJC] -> [Ver = | Size = 48640 bytes | Modified Date = 11/22/2001 2:43:48 PM | Attr = ]
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 10/6/2006 3:40:48 AM | Attr = ]
{2AA59FC0-31E8-42DA-9D3C-E9A52953853B} [HKLM] -> %ProgramFiles%\vso\CopyToDVD\CtcdShell.dll [CopyToCD] -> VSO Software [Ver = 1.2.0.43 | Size = 222208 bytes | Modified Date = 6/2/2003 6:33:00 AM | Attr = ]
{E8CF73E1-2D2B-465D-9740-8E85349FD65A} [HKLM] -> %ProgramFiles%\DxO Labs\DxO Optics Pro v4\DOPMenu.dll [DOPMenu] -> [Ver = 1, 0, 0, 1 | Size = 1249280 bytes | Modified Date = 10/26/2006 9:34:44 PM | Attr = ]
{99BCFECE-CB38-4983-BFCA-0390EDE66384} [HKLM] -> %ProgramFiles%\Exif Farm\ExifFarm.dll [exifinfofarm] -> Two Pilots [Ver = 1.6.0.0 | Size = 781824 bytes | Modified Date = 7/18/2005 7:02:00 AM | Attr = ]
{46E22146-59C0-4136-9233-FB7720E777B2} [HKLM] -> %ProgramFiles%\Easy CD-DA Extractor 10\ezcddax10.dll [EzCddax] -> [Ver = | Size = 48128 bytes | Modified Date = 8/22/2006 9:28:38 PM | Attr = ]
{75FACB91-6630-4481-908C-3A69DDC2F1E7} [HKLM] -> %ProgramFiles%\LumaPix\FotoFusion\FFSheller.dll [FFSheller] -> LumaPix [Ver = 1.0.0.1 | Size = 91744 bytes | Modified Date = 3/10/2006 7:59:42 PM | Attr = ]
{BDA77241-42F6-11d0-85E2-00AA001FE28C} [HKLM] -> %CommonProgramFiles%\Symantec Shared\SSC\vpshell2.dll [LDVPMenu] -> Symantec Corporation [Ver = 10.0.2.2000 | Size = 46320 bytes | Modified Date = 11/15/2005 1:28:42 PM | Attr = ]
{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e} [HKLM] -> %ProgramFiles%\PowerArchiver\PASHLEXT.DLL [PowerArchiver] -> ConeXware, Inc. [Ver = 9.1.0.0 | Size = 80384 bytes | Modified Date = 3/6/2005 3:16:00 PM | Attr = ]
{0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C} [HKLM] -> %ProgramFiles%\Roxio\Virtual Drive 9\DC_ShellExt.dll [RXDCExtSvr] -> Sonic Solutions [Ver = 9.0.1.16 | Size = 81920 bytes | Modified Date = 8/9/2006 1:49:14 AM | Attr = ]
{CF74B903-3389-469c-B3B6-0204D204FCBD} [HKLM] -> %ProgramFiles%\TechSmith\SnagIt 8\SnagItShellExt.dll [SnagItMainShellExt] -> TechSmith Corporation [Ver = 1.0.0.1 | Size = 110592 bytes | Modified Date = 3/14/2006 7:01:00 AM | Attr = ]
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} [HKLM] -> %ProgramFiles%\Unlocker\UnlockerCOM.dll [UnlockerShellExtension] -> [Ver = | Size = 9216 bytes | Modified Date = 2/1/2006 3:14:26 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Modified Date = 8/5/2006 10:34:34 AM | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 20552 bytes | Modified Date = 2/11/2003 8:10:00 AM | Attr = ]
{5464D816-CF16-4784-B9F3-75C0DB52B499} [HKLM] -> %ProgramFiles%\Yahoo!\Common\ymmapi.dll [Yahoo! Mail] -> Yahoo! Inc. [Ver = 2004, 6, 13, 1 | Size = 180296 bytes | Modified Date = 6/14/2004 5:13:24 PM | Attr = ]
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} [HKLM] -> %ProgramFiles%\WinAce\arcext.dll [ZFAdd] -> e-merge GmbH [Ver = 2.5.1.0 | Size = 166912 bytes | Modified Date = 8/9/2005 1:06:00 AM | Attr = ]
< ContextMenuHandlers - AllFilesystemObjects [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} [HKLM] -> %ProgramFiles%\Unlocker\UnlockerCOM.dll [UnlockerShellExtension] -> [Ver = | Size = 9216 bytes | Modified Date = 2/1/2006 3:14:26 PM | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{0BD4AC2F-20DA-43e6-A2BB-CCA4A39B930D} [HKLM] -> %ProgramFiles%\Droppix\Droppix Recorder\ShImgFile.dll [DWShellContextMenu Class] -> Droppix [Ver = 1,7,5 Build 60 | Size = 241664 bytes | Modified Date = 6/10/2006 11:00:00 AM | Attr = ]
{23170F69-40C1-278A-1000-000100020000} [HKLM] -> %ProgramFiles%\7-Zip\7-zip.dll [7-Zip] -> [Ver = | Size = 138752 bytes | Modified Date = 5/13/2006 8:23:40 PM | Attr = ]
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 10/6/2006 3:40:48 AM | Attr = ]
{2AA59FC0-31E8-42DA-9D3C-E9A52953853B} [HKLM] -> %ProgramFiles%\vso\CopyToDVD\CtcdShell.dll [CopyToCD] -> VSO Software [Ver = 1.2.0.43 | Size = 222208 bytes | Modified Date = 6/2/2003 6:33:00 AM | Attr = ]
{E8CF73E1-2D2B-465D-9740-8E85349FD65A} [HKLM] -> %ProgramFiles%\DxO Labs\DxO Optics Pro v4\DOPMenu.dll [DOPMenu] -> [Ver = 1, 0, 0, 1 | Size = 1249280 bytes | Modified Date = 10/26/2006 9:34:44 PM | Attr = ]
{1ED0F018-76B9-4DB9-9C06-CA0F3088F04F} [HKLM] -> %ProgramFiles%\Mythicsoft\FileLocator Pro\FLProShellExt.dll [FileLocatorPro] -> Mythicsoft [Ver = 1.0.0.1 | Size = 114688 bytes | Modified Date = 12/8/2004 1:30:06 AM | Attr = ]
{CF74B903-3389-469c-B3B6-0204D204FCBD} [HKLM] -> %ProgramFiles%\TechSmith\SnagIt 8\SnagItShellExt.dll [SnagItMainShellExt] -> TechSmith Corporation [Ver = 1.0.0.1 | Size = 110592 bytes | Modified Date = 3/14/2006 7:01:00 AM | Attr = ]
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} [HKLM] -> %ProgramFiles%\Unlocker\UnlockerCOM.dll [UnlockerShellExtension] -> [Ver = | Size = 9216 bytes | Modified Date = 2/1/2006 3:14:26 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Modified Date = 8/5/2006 10:34:34 AM | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 20552 bytes | Modified Date = 2/11/2003 8:10:00 AM | Attr = ]
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} [HKLM] -> %ProgramFiles%\WinAce\arcext.dll [ZFAdd] -> e-merge GmbH [Ver = 2.5.1.0 | Size = 166912 bytes | Modified Date = 8/9/2005 1:06:00 AM | Attr = ]
 
Part 7

< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{C539A15A-3AF9-4c92-B771-50CB78F5C751} [HKLM] -> %ProgramFiles%\Acronis\TrueImageHome\tishell.dll [Acronis True Image Shell Context Menu Extension] -> Acronis [Ver = 10,0,0,4871 | Size = 499872 bytes | Modified Date = 10/16/2006 9:17:08 PM | Attr = ]
{2AA59FC0-31E8-42DA-9D3C-E9A52953853B} [HKLM] -> %ProgramFiles%\vso\CopyToDVD\CtcdShell.dll [CopyToCD] -> VSO Software [Ver = 1.2.0.43 | Size = 222208 bytes | Modified Date = 6/2/2003 6:33:00 AM | Attr = ]
{BDA77241-42F6-11d0-85E2-00AA001FE28C} [HKLM] -> %CommonProgramFiles%\Symantec Shared\SSC\vpshell2.dll [LDVPMenu] -> Symantec Corporation [Ver = 10.0.2.2000 | Size = 46320 bytes | Modified Date = 11/15/2005 1:28:42 PM | Attr = ]
{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e} [HKLM] -> %ProgramFiles%\PowerArchiver\PASHLEXT.DLL [PowerArchiver] -> ConeXware, Inc. [Ver = 9.1.0.0 | Size = 80384 bytes | Modified Date = 3/6/2005 3:16:00 PM | Attr = ]
{0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C} [HKLM] -> %ProgramFiles%\Roxio\Virtual Drive 9\DC_ShellExt.dll [RXDCExtSvr] -> Sonic Solutions [Ver = 9.0.1.16 | Size = 81920 bytes | Modified Date = 8/9/2006 1:49:14 AM | Attr = ]
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} [HKLM] -> %ProgramFiles%\Unlocker\UnlockerCOM.dll [UnlockerShellExtension] -> [Ver = | Size = 9216 bytes | Modified Date = 2/1/2006 3:14:26 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Modified Date = 8/5/2006 10:34:34 AM | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 20552 bytes | Modified Date = 2/11/2003 8:10:00 AM | Attr = ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{99BCFECE-CB38-4983-BFCA-0390EDE66384} [HKLM] -> %ProgramFiles%\Exif Farm\ExifFarm.dll [Exif Pilot] -> Two Pilots [Ver = 1.6.0.0 | Size = 781824 bytes | Modified Date = 7/18/2005 7:02:00 AM | Attr = ]
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Modified Date = 12/14/2004 2:20:02 AM | Attr = ]
{FED7043D-346A-414D-ACD7-550D052499A7} [HKLM] -> %ProgramFiles%\Illustrate\dBpowerAMP\dBShell.dll [dBpShell Class] -> [Ver = 6, 0, 0, 1 | Size = 110592 bytes | Modified Date = 1/29/2005 12:05:12 AM | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{292ACB4B-2534-4F6C-B250-DD96F3DCB22A} -> () ->
{2E831D9B-7610-4CE6-90D1-EBE1E32DA252} -> () ->
{53C9FBB5-3DAC-44E7-A82A-DFAF8BF411D7} -> () ->
{B1349DC0-EE7F-477B-9ED8-B250250C156D} -> () ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{01012101-5E80-11D8-9E86-0007E96C65AE} -> SupportSoft Script Runner Class - CodeBase = http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab ->
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> Office Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=58813 ->
{10E0E75E-6701-4134-9D95-C0942ED1F1C8} -> Snapfish Outlook Import ActiveX Control - CodeBase = http://www.costcophotocenter.com/CostcoOutlookImport.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204 ->
{25365FF3-2746-4230-9DA7-163CCA318309} -> GTDownloaderCtrl Class - CodeBase = http://inst.c-wss.com/59/EN/html/gtdownlr.cab ->
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> Symantec AntiVirus scanner - CodeBase = http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab ->
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeupdate/content/opuc3.cab ->
{406B5949-7190-4245-91A9-30A17DE16AD0} -> Snapfish Activia - CodeBase = http://www.costcophotocenter.com/CostcoActivia.cab ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161684026496 ->
{644E432F-49D3-41A1-8DD5-E099162EEEC5} -> Symantec RuFSI Utility Class - CodeBase = http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161770650280 ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab ->
{90051A81-3018-4826-8B38-DD60B6B53F9C} -> Snapfish File Upload ActiveX Control - CodeBase = http://www.costcophotocenter.com/CostcoUpload.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab ->
{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} -> Java Plug-in 1.3.1 - CodeBase = http://java.sun.com/products/plugin/1.3.1/jinstall-131-win.cab ->
{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} -> Java Plug-in 1.4.2_05 - CodeBase = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab ->
{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} -> Java Plug-in 1.4.2_06 - CodeBase = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab ->
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_02 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab ->
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_04 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab ->
{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -> ActiveDataInfo Class - CodeBase = https://www-secure.symantec.com/techsupp/activedata/SymAData.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab ->
{E77C0D62-882A-456F-AD8F-7C6C9569B8C7} -> ActiveDataObj Class - CodeBase = https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab ->
[Files - Created Within 30 days]
I2E_Test.XXX -> %SystemDrive%\I2E_Test.XXX -> [Ver = | Size = 21 bytes | Created Date = 2/10/2007 1:45:02 PM | Attr = ]
KLStreamRemover.exe -> %SystemDrive%\KLStreamRemover.exe -> [Ver = | Size = 16448 bytes | Created Date = 2/18/2007 3:56:58 PM | Attr = ]
I2ePlugin.ini -> %UserAppData%\I2ePlugin.ini -> [Ver = | Size = 197 bytes | Created Date = 2/11/2007 2:52:45 AM | Attr = ]
eurofxref-hist.xml -> %UserDocuments%\eurofxref-hist.xml -> [Ver = | Size = 78186 bytes | Created Date = 2/7/2007 12:20:55 AM | Attr = ]
Intuit.pdf -> %UserDocuments%\Intuit.pdf -> [Ver = | Size = 65395 bytes | Created Date = 2/12/2007 9:42:51 AM | Attr = ]
AVG Anti-Spyware.lnk -> %AllUsersDesktop%\AVG Anti-Spyware.lnk -> [Ver = | Size = 859 bytes | Created Date = 2/17/2007 1:36:43 AM | Attr = ]
i2e image enhancer.lnk -> %AllUsersDesktop%\i2e image enhancer.lnk -> [Ver = | Size = 853 bytes | Created Date = 2/10/2007 1:44:08 PM | Attr = ]
Lightroom.lnk -> %AllUsersDesktop%\Lightroom.lnk -> [Ver = | Size = 1816 bytes | Created Date = 2/22/2007 2:16:56 AM | Attr = ]
Spyware Doctor.lnk -> %AllUsersDesktop%\Spyware Doctor.lnk -> [Ver = | Size = 591 bytes | Created Date = 2/13/2007 8:34:01 AM | Attr = ]
Activescan.doc -> %UserDesktop%\Activescan.doc -> [Ver = | Size = 95744 bytes | Created Date = 2/15/2007 11:37:28 PM | Attr = ]
Adobe Lightroom.v1.0 and Serial.zip -> %UserDesktop%\Adobe Lightroom.v1.0 and Serial.zip -> [Ver = | Size = 22609850 bytes | Created Date = 2/22/2007 9:08:20 AM | Attr = ]
Auto Image Optimization Tests.pdf -> %UserDesktop%\Auto Image Optimization Tests.pdf -> [Ver = | Size = 1712100 bytes | Created Date = 2/11/2007 4:01:58 PM | Attr = ]
Azureus.exe.lnk -> %UserDesktop%\Azureus.exe.lnk -> [Ver = | Size = 1544 bytes | Created Date = 2/13/2007 7:58:15 AM | Attr = ]
Betterphoto Adventures in Photography.avi -> %UserDesktop%\Betterphoto Adventures in Photography.avi -> [Ver = | Size = 733668370 bytes | Created Date = 2/24/2007 11:47:41 PM | Attr = ]
blbeta.exe -> %UserDesktop%\blbeta.exe -> F-Secure Corporation [Ver = 2, 2, 1055, 0 | Size = 899960 bytes | Created Date = 2/18/2007 10:04:49 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\blbeta.exe:Zone.Identifier ->
budget.xls -> %UserDesktop%\budget.xls -> [Ver = | Size = 25600 bytes | Created Date = 2/8/2007 8:41:35 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\budget.xls:Zone.Identifier ->
divx v65_nigmae.rar -> %UserDesktop%\divx v65_nigmae.rar -> [Ver = | Size = 14876157 bytes | Created Date = 1/29/2007 12:06:05 AM | Attr = ]
Downloads Folder.lnk -> %UserDesktop%\Downloads Folder.lnk -> [Ver = | Size = 1250 bytes | Created Date = 2/2/2007 12:18:53 AM | Attr = ]
drweb-cureit.exe -> %UserDesktop%\drweb-cureit.exe -> [Ver = | Size = 5751200 bytes | Created Date = 2/16/2007 12:02:17 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\drweb-cureit.exe:Zone.Identifier ->
FSResizerSetup24.exe -> %UserDesktop%\FSResizerSetup24.exe -> [Ver = | Size = 1309847 bytes | Created Date = 1/29/2007 8:20:30 AM | Attr = ]
gmer.exe -> %UserDesktop%\gmer.exe -> [Ver = 1, 0, 12, 12027 | Size = 573440 bytes | Created Date = 2/24/2007 11:13:40 PM | Attr = ]
Image.zip -> %UserDesktop%\Image.zip -> [Ver = | Size = 47535285 bytes | Created Date = 2/11/2007 4:43:21 PM | Attr = ]
Internet Download Manager.lnk -> %UserDesktop%\Internet Download Manager.lnk -> [Ver = | Size = 718 bytes | Created Date = 2/2/2007 12:05:44 AM | Attr = ]
MO[1].VidaOne.MyPersonalDiet.v1.19.rar -> %UserDesktop%\MO[1].VidaOne.MyPersonalDiet.v1.19.rar -> [Ver = | Size = 2819144 bytes | Created Date = 1/30/2007 1:49:41 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\MO[1].VidaOne.MyPersonalDiet.v1.19.rar:Zone.Identifier ->
Rootkit Unhooker.lnk -> %UserDesktop%\Rootkit Unhooker.lnk -> [Ver = | Size = 570 bytes | Created Date = 2/17/2007 11:17:23 PM | Attr = ]
s-ptst2.rar -> %UserDesktop%\s-ptst2.rar -> [Ver = | Size = 16817448 bytes | Created Date = 2/21/2007 10:46:02 PM | Attr = ]
SDFull.rar -> %UserDesktop%\SDFull.rar -> [Ver = | Size = 9713668 bytes | Created Date = 2/13/2007 8:13:44 AM | Attr = ]
setup.exe -> %UserDesktop%\setup.exe -> [Ver = | Size = 33113648 bytes | Created Date = 2/15/2007 1:16:24 AM | Attr = ]
Spybot Thread.url -> %UserDesktop%\Spybot Thread.url -> [Ver = | Size = 154 bytes | Created Date = 2/23/2007 11:15:04 PM | Attr = ]
spybotsd14.exe -> %UserDesktop%\spybotsd14.exe -> Safer Networking Limited [Ver = | Size = 5037072 bytes | Created Date = 2/14/2007 12:41:49 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\spybotsd14.exe:Zone.Identifier ->
Spyware Board Link.url -> %UserDesktop%\Spyware Board Link.url -> [Ver = | Size = 161 bytes | Created Date = 2/18/2007 11:42:40 PM | Attr = ]
Spyware.Doctor.4.0.0.2621.full.fixed.upped.by.magic.rar -> %UserDesktop%\Spyware.Doctor.4.0.0.2621.full.fixed.upped.by.magic.rar -> [Ver = | Size = 10829276 bytes | Created Date = 2/13/2007 8:07:10 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 344908 bytes | Created Date = 2/25/2007 12:59:26 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
XP[1].G.M.rar -> %UserDesktop%\XP[1].G.M.rar -> [Ver = | Size = 1231630 bytes | Created Date = 2/6/2007 1:04:36 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\XP[1].G.M.rar:Zone.Identifier ->
chgkey.vbs -> %SystemRoot%\chgkey.vbs -> [Ver = | Size = 592 bytes | Created Date = 2/16/2007 9:44:49 PM | Attr = ]
corr.ico -> %SystemRoot%\corr.ico -> [Ver = | Size = 766 bytes | Created Date = 2/10/2007 1:44:10 PM | Attr = ]
deskcalc.ini -> %SystemRoot%\deskcalc.ini -> [Ver = | Size = 459 bytes | Created Date = 2/7/2007 12:24:59 AM | Attr = ]
E2I56BAD499BB01FEAF85AA84C8.e2i -> %SystemRoot%\E2I56BAD499BB01FEAF85AA84C8.e2i -> [Ver = | Size = 105 bytes | Created Date = 2/10/2007 1:45:02 PM | Attr = ]
gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 12, 12027 | Size = 565311 bytes | Created Date = 2/24/2007 11:13:46 PM | Attr = ]
gmer.exe -> %SystemRoot%\gmer.exe -> [Ver = 1, 0, 12, 12027 | Size = 573440 bytes | Created Date = 2/24/2007 11:13:46 PM | Attr = ]
gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 250 bytes | Created Date = 2/24/2007 11:13:47 PM | Attr = ]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Created Date = 2/24/2007 11:13:47 PM | Attr = ]
I2E.ini -> %SystemRoot%\I2E.ini -> [Ver = | Size = 955203 bytes | Created Date = 2/10/2007 1:44:14 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 2/17/2007 9:20:03 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 2/17/2007 9:20:03 PM | Attr = H ]
aeafec_s.dll -> %System32%\aeafec_s.dll -> [Ver = | Size = 5 bytes | Created Date = 2/13/2007 12:51:25 AM | Attr = HS]
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 2/15/2007 12:36:40 AM | Attr = ]
eadacfbf_s.ocx -> %System32%\eadacfbf_s.ocx -> [Ver = | Size = 5 bytes | Created Date = 2/13/2007 12:51:25 AM | Attr = ]
FreeImage.dll -> %System32%\FreeImage.dll -> FreeImage [Ver = 3, 9, 1, 0 | Size = 999424 bytes | Created Date = 2/3/2007 6:52:53 PM | Attr = R ]
HDDSvc.exe -> %System32%\HDDSvc.exe -> AltrixSoft (http://www.altrixsoft.com/) [Ver = 2, 5, 184, 0 | Size = 192512 bytes | Created Date = 2/12/2007 10:26:34 PM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 2/15/2007 12:35:54 AM | Attr = ]
I2E_CINT.dll -> %System32%\I2E_CINT.dll -> [Ver = | Size = 1376256 bytes | Created Date = 2/11/2007 2:00:05 AM | Attr = ]
iiet.dll -> %System32%\iiet.dll -> [Ver = | Size = 39 bytes | Created Date = 2/10/2007 1:44:49 PM | Attr = ]
ImgX61.dll -> %System32%\ImgX61.dll -> Atalasoft, Inc. [Ver = 6.04.0007 | Size = 1204271 bytes | Created Date = 2/10/2007 1:44:15 PM | Attr = ]
ImgX61.ocx -> %System32%\ImgX61.ocx -> Atalasoft, Inc. [Ver = 6.04.0007 | Size = 413743 bytes | Created Date = 2/10/2007 1:44:15 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 2/15/2007 12:35:53 AM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 2/15/2007 12:35:54 AM | Attr = ]
ZPORT4AS.dll -> %System32%\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 2/15/2007 12:36:40 AM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 2/17/2007 1:37:01 AM | Attr = ]
CO_Mon.sys -> %System32%\drivers\CO_Mon.sys -> [Ver = | Size = 28672 bytes | Created Date = 2/19/2007 12:08:06 AM | Attr = ]
gmer.sys -> %System32%\drivers\gmer.sys -> GMER [Ver = 1, 0, 12, 3729 | Size = 68961 bytes | Created Date = 2/24/2007 11:13:47 PM | Attr = ]
ikhfile.sys -> %System32%\drivers\ikhfile.sys -> PCTools Research Pty Ltd. [Ver = 3, 6, 1, 2014 | Size = 30592 bytes | Created Date = 2/13/2007 8:22:22 AM | Attr = ]
ikhlayer.sys -> %System32%\drivers\ikhlayer.sys -> PCTools Research Pty Ltd. [Ver = 3, 6, 1, 2011 | Size = 51072 bytes | Created Date = 2/13/2007 8:22:21 AM | Attr = ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Created Date = 2/17/2007 3:58:58 PM | Attr = ]
hosts.bak -> %System32%\drivers\ETC\hosts.bak -> [Ver = | Size = 813 bytes | Created Date = 2/13/2007 8:54:19 PM | Attr = ]
 
Part 8

[Files - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 212 bytes | Modified Date = 2/25/2007 11:33:54 AM | Attr = HS]
I2E_Test.XXX -> %SystemDrive%\I2E_Test.XXX -> [Ver = | Size = 21 bytes | Modified Date = 2/24/2007 3:16:20 AM | Attr = ]
I2ePlugin.ini -> %UserAppData%\I2ePlugin.ini -> [Ver = | Size = 197 bytes | Modified Date = 2/19/2007 8:31:22 PM | Attr = ]
loader.lck -> %UserAppData%\loader.lck -> [Ver = | Size = 0 bytes | Modified Date = 2/25/2007 1:06:48 PM | Attr = ]
GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 155696 bytes | Modified Date = 2/4/2007 12:14:38 AM | Attr = ]
Carmel House Expenses 2005b.xls -> %UserDocuments%\Carmel House Expenses 2005b.xls -> [Ver = | Size = 28672 bytes | Modified Date = 2/11/2007 6:09:48 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\Carmel House Expenses 2005b.xls:Zone.Identifier ->
eurofxref-hist.xml -> %UserDocuments%\eurofxref-hist.xml -> [Ver = | Size = 78186 bytes | Modified Date = 2/7/2007 12:21:08 AM | Attr = ]
Intuit.pdf -> %UserDocuments%\Intuit.pdf -> [Ver = | Size = 65395 bytes | Modified Date = 2/12/2007 9:42:52 AM | Attr = ]
NA Sked.doc -> %UserDocuments%\NA Sked.doc -> [Ver = | Size = 248320 bytes | Modified Date = 2/25/2007 2:16:26 AM | Attr = ]
AVG Anti-Spyware.lnk -> %AllUsersDesktop%\AVG Anti-Spyware.lnk -> [Ver = | Size = 859 bytes | Modified Date = 2/17/2007 1:36:44 AM | Attr = ]
i2e image enhancer.lnk -> %AllUsersDesktop%\i2e image enhancer.lnk -> [Ver = | Size = 853 bytes | Modified Date = 2/10/2007 1:49:44 PM | Attr = ]
Lightroom.lnk -> %AllUsersDesktop%\Lightroom.lnk -> [Ver = | Size = 1816 bytes | Modified Date = 2/22/2007 2:16:58 AM | Attr = ]
Spyware Doctor.lnk -> %AllUsersDesktop%\Spyware Doctor.lnk -> [Ver = | Size = 591 bytes | Modified Date = 2/14/2007 10:17:08 PM | Attr = ]
Activescan.doc -> %UserDesktop%\Activescan.doc -> [Ver = | Size = 95744 bytes | Modified Date = 2/15/2007 11:37:30 PM | Attr = ]
Adobe Lightroom.v1.0 and Serial.zip -> %UserDesktop%\Adobe Lightroom.v1.0 and Serial.zip -> [Ver = | Size = 22609850 bytes | Modified Date = 2/22/2007 9:08:24 AM | Attr = ]
Auto Image Optimization Tests.pdf -> %UserDesktop%\Auto Image Optimization Tests.pdf -> [Ver = | Size = 1712100 bytes | Modified Date = 2/11/2007 4:11:50 PM | Attr = ]
Azureus.exe.lnk -> %UserDesktop%\Azureus.exe.lnk -> [Ver = | Size = 1544 bytes | Modified Date = 2/13/2007 7:58:16 AM | Attr = ]
Betterphoto Adventures in Photography.avi -> %UserDesktop%\Betterphoto Adventures in Photography.avi -> [Ver = | Size = 733668370 bytes | Modified Date = 2/19/2007 12:53:20 PM | Attr = ]
blbeta.exe -> %UserDesktop%\blbeta.exe -> F-Secure Corporation [Ver = 2, 2, 1055, 0 | Size = 899960 bytes | Modified Date = 2/18/2007 10:04:56 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\blbeta.exe:Zone.Identifier ->
budget.xls -> %UserDesktop%\budget.xls -> [Ver = | Size = 25600 bytes | Modified Date = 2/12/2007 7:32:52 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\budget.xls:Zone.Identifier ->
divx v65_nigmae.rar -> %UserDesktop%\divx v65_nigmae.rar -> [Ver = | Size = 14876157 bytes | Modified Date = 1/29/2007 12:33:42 AM | Attr = ]
Downloads Folder.lnk -> %UserDesktop%\Downloads Folder.lnk -> [Ver = | Size = 1250 bytes | Modified Date = 2/2/2007 12:21:24 AM | Attr = ]
drweb-cureit.exe -> %UserDesktop%\drweb-cureit.exe -> [Ver = | Size = 5751200 bytes | Modified Date = 2/16/2007 12:02:36 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\drweb-cureit.exe:Zone.Identifier ->
FSResizerSetup24.exe -> %UserDesktop%\FSResizerSetup24.exe -> [Ver = | Size = 1309847 bytes | Modified Date = 1/29/2007 8:21:04 AM | Attr = ]
gmer.exe -> %UserDesktop%\gmer.exe -> [Ver = 1, 0, 12, 12027 | Size = 573440 bytes | Modified Date = 2/4/2007 9:23:26 PM | Attr = ]
ICSharpCode.SharpZipLib.dll -> %UserDesktop%\ICSharpCode.SharpZipLib.dll -> [Ver = 0.84.0.0 | Size = 143360 bytes | Modified Date = 2/25/2007 1:08:04 PM | Attr = ]
Image.zip -> %UserDesktop%\Image.zip -> [Ver = | Size = 47535285 bytes | Modified Date = 2/11/2007 4:54:28 PM | Attr = ]
Internet Download Manager.lnk -> %UserDesktop%\Internet Download Manager.lnk -> [Ver = | Size = 718 bytes | Modified Date = 2/2/2007 12:05:46 AM | Attr = ]
MO[1].VidaOne.MyPersonalDiet.v1.19.rar -> %UserDesktop%\MO[1].VidaOne.MyPersonalDiet.v1.19.rar -> [Ver = | Size = 2819144 bytes | Modified Date = 1/30/2007 1:49:44 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\MO[1].VidaOne.MyPersonalDiet.v1.19.rar:Zone.Identifier ->
Rootkit Unhooker.lnk -> %UserDesktop%\Rootkit Unhooker.lnk -> [Ver = | Size = 570 bytes | Modified Date = 2/17/2007 11:17:06 PM | Attr = ]
s-ptst2.rar -> %UserDesktop%\s-ptst2.rar -> [Ver = | Size = 16817448 bytes | Modified Date = 2/21/2007 10:48:00 PM | Attr = ]
SDFull.rar -> %UserDesktop%\SDFull.rar -> [Ver = | Size = 9713668 bytes | Modified Date = 2/13/2007 8:14:06 AM | Attr = ]
setup.exe -> %UserDesktop%\setup.exe -> [Ver = | Size = 33113648 bytes | Modified Date = 2/3/2007 4:17:34 PM | Attr = ]
Spybot Thread.url -> %UserDesktop%\Spybot Thread.url -> [Ver = | Size = 154 bytes | Modified Date = 2/23/2007 11:16:02 PM | Attr = ]
spybotsd14.exe -> %UserDesktop%\spybotsd14.exe -> Safer Networking Limited [Ver = | Size = 5037072 bytes | Modified Date = 2/14/2007 12:41:50 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\spybotsd14.exe:Zone.Identifier ->
Spyware Board Link.url -> %UserDesktop%\Spyware Board Link.url -> [Ver = | Size = 161 bytes | Modified Date = 2/23/2007 11:16:16 PM | Attr = ]
Spyware.Doctor.4.0.0.2621.full.fixed.upped.by.magic.rar -> %UserDesktop%\Spyware.Doctor.4.0.0.2621.full.fixed.upped.by.magic.rar -> [Ver = | Size = 10829276 bytes | Modified Date = 2/13/2007 8:07:38 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 344908 bytes | Modified Date = 2/25/2007 12:59:40 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
XP[1].G.M.rar -> %UserDesktop%\XP[1].G.M.rar -> [Ver = | Size = 1231630 bytes | Modified Date = 2/6/2007 1:04:48 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\XP[1].G.M.rar:Zone.Identifier ->
Adobe Acrobat Speed Launcher.lnk -> %AllUsersStartup%\Adobe Acrobat Speed Launcher.lnk -> [Ver = | Size = 2335 bytes | Modified Date = 2/22/2007 12:08:22 AM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2/25/2007 1:05:34 PM | Attr = S]
chgkey.vbs -> %SystemRoot%\chgkey.vbs -> [Ver = | Size = 592 bytes | Modified Date = 2/16/2007 9:45:38 PM | Attr = ]
deskcalc.ini -> %SystemRoot%\deskcalc.ini -> [Ver = | Size = 459 bytes | Modified Date = 2/21/2007 8:50:18 PM | Attr = ]
DVDRegionFree.INI -> %SystemRoot%\DVDRegionFree.INI -> [Ver = | Size = 67 bytes | Modified Date = 2/20/2007 9:19:08 PM | Attr = ]
E2I56BAD499BB01FEAF85AA84C8.e2i -> %SystemRoot%\E2I56BAD499BB01FEAF85AA84C8.e2i -> [Ver = | Size = 105 bytes | Modified Date = 2/24/2007 3:16:20 AM | Attr = ]
gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 12, 12027 | Size = 565311 bytes | Modified Date = 2/24/2007 11:13:48 PM | Attr = ]
gmer.exe -> %SystemRoot%\gmer.exe -> [Ver = 1, 0, 12, 12027 | Size = 573440 bytes | Modified Date = 2/4/2007 9:23:26 PM | Attr = ]
gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 250 bytes | Modified Date = 2/25/2007 2:32:20 AM | Attr = ]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Modified Date = 2/24/2007 11:13:48 PM | Attr = ]
Instlog.lyt -> %SystemRoot%\Instlog.lyt -> [Ver = | Size = 5669 bytes | Modified Date = 1/30/2007 10:17:28 PM | Attr = ]
maketorrent.ini -> %SystemRoot%\maketorrent.ini -> [Ver = | Size = 258 bytes | Modified Date = 2/8/2007 1:54:42 AM | Attr = ]
MEMORY.DMP -> %SystemRoot%\MEMORY.DMP -> [Ver = | Size = 670150656 bytes | Modified Date = 2/14/2007 10:42:22 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 2/17/2007 9:20:04 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 2/20/2007 9:26:42 AM | Attr = H ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 2/25/2007 11:33:52 AM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 1633 bytes | Modified Date = 2/25/2007 1:07:08 PM | Attr = ]
aeafec_s.dll -> %System32%\aeafec_s.dll -> [Ver = | Size = 5 bytes | Modified Date = 2/13/2007 12:51:26 AM | Attr = HS]
BASSMOD.dll -> %System32%\BASSMOD.dll -> [Ver = | Size = 10752 bytes | Modified Date = 2/13/2007 1:10:14 AM | Attr = ]
eadacfbf_s.ocx -> %System32%\eadacfbf_s.ocx -> [Ver = | Size = 5 bytes | Modified Date = 2/13/2007 12:51:26 AM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 479536 bytes | Modified Date = 2/4/2007 8:55:32 AM | Attr = ]
HDDSvc.exe -> %System32%\HDDSvc.exe -> AltrixSoft (http://www.altrixsoft.com/) [Ver = 2, 5, 184, 0 | Size = 192512 bytes | Modified Date = 2/12/2007 10:26:34 PM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 2/15/2007 12:35:56 AM | Attr = ]
iiet.dll -> %System32%\iiet.dll -> [Ver = | Size = 39 bytes | Modified Date = 2/24/2007 3:12:46 AM | Attr = ]
KGyGaAvL.sys -> %System32%\KGyGaAvL.sys -> [Ver = | Size = 1056 bytes | Modified Date = 2/13/2007 2:27:10 AM | Attr = ]
OODBS.lor -> %System32%\OODBS.lor -> [Ver = | Size = 248223 bytes | Modified Date = 2/25/2007 1:05:16 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 2/15/2007 12:35:56 AM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 70988 bytes | Modified Date = 2/25/2007 1:10:16 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 422106 bytes | Modified Date = 2/25/2007 1:10:16 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 502040 bytes | Modified Date = 2/25/2007 1:10:16 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 2/15/2007 12:35:56 AM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2228 bytes | Modified Date = 2/25/2007 11:24:12 AM | Attr = ]
CO_Mon.sys -> %System32%\drivers\CO_Mon.sys -> [Ver = | Size = 28672 bytes | Modified Date = 2/19/2007 12:08:10 AM | Attr = ]
gmer.sys -> %System32%\drivers\gmer.sys -> GMER [Ver = 1, 0, 12, 3729 | Size = 68961 bytes | Modified Date = 2/24/2007 11:13:48 PM | Attr = ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Modified Date = 2/17/2007 3:56:52 PM | Attr = ]
hosts.bak -> %System32%\drivers\ETC\hosts.bak -> [Ver = | Size = 813 bytes | Modified Date = 2/13/2007 8:54:20 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
@Alternate Data Stream - 884 bytes -> %AllUsersAppData%\Microsoft:BdfZFFGL0m10le6Kkj2NBq ->
@Alternate Data Stream - 99 bytes -> %AllUsersAppData%\TEMP:A5B56640 ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\BlueCrossClaimForm.pdf:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\Carmel House Expenses 2005b.xls:Zone.Identifier ->
@Alternate Data Stream - 76 bytes -> %UserDocuments%\Downloaded Program Updates:Roxio EMC Stream ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\Europe 2005 Itinerary.doc:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\FyreStorm Calendar 2007.doc:Zone.Identifier ->
@Alternate Data Stream - 76 bytes -> %UserDocuments%\InterVideo:Roxio EMC Stream ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\KE Jobs list.xls:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\Letter of Intent.doc:Zone.Identifier ->
@Alternate Data Stream - 76 bytes -> %UserDocuments%\Manuals, Misc:Roxio EMC Stream ->
@Alternate Data Stream - 76 bytes -> %UserDocuments%\MATZAH5.wav:Roxio EMC Stream ->
@Alternate Data Stream - 76 bytes -> %UserDocuments%\Millenium Eve.jpg:Roxio EMC Stream ->
@Alternate Data Stream - 76 bytes -> %UserDocuments%\Mistake.gif:Roxio EMC Stream ->
@Alternate Data Stream - 76 bytes -> %UserDocuments%\My Collages:Roxio EMC Stream ->
@Alternate Data Stream - 76 bytes -> %UserDocuments%\number2.jpg:Roxio EMC Stream ->
@Alternate Data Stream - 76 bytes -> %UserDocuments%\Passport AG.jpg:Roxio EMC Stream ->
@Alternate Data Stream - 76 bytes -> %UserDocuments%\qc1.jpg:Roxio EMC Stream ->
@Alternate Data Stream - 76 bytes -> %UserDocuments%\ScrapBook Projects:Roxio EMC Stream ->
@Alternate Data Stream - 76 bytes -> %UserDocuments%\Ulead DVD DiscRecorder:Roxio EMC Stream ->
@Alternate Data Stream - 76 bytes -> %UserDocuments%\Unzipped:Roxio EMC Stream ->
@Alternate Data Stream - 76 bytes -> %UserDocuments%\Vuitton1.jpg:Roxio EMC Stream ->
@Alternate Data Stream - 76 bytes -> %UserDocuments%\Web Creator:Roxio EMC Stream ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Acronis_True_Image___Disk_Director__Boot_CD_.rar:Zone.Identifier ->
WSUD , -> %UserDesktop%\Acronis_True_Image___Disk_Director__Boot_CD_.rar -> [Ver = | Size = 80206466 bytes | Modified Date = 11/28/2006 2:00:00 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Adobe_Captivate_2[1].0_-_Build_incl._Patch.exe:Zone.Identifier ->
PEC2 , -> %UserDesktop%\Adobe_Captivate_2[1].0_-_Build_incl._Patch.exe -> [Ver = | Size = 91538417 bytes | Modified Date = 1/11/2007 11:35:20 PM | Attr = ]
File scan skipped for file %UserDesktop%\Betterphoto Adventures in Photography.avi -> File size too big (733668370 bytes) ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\blbeta.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\budget.xls:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Can_Opuluss_Pro_Code__r_2[1].0.rar:Zone.Identifier ->
UPX0 , -> %UserDesktop%\Can_Opuluss_Pro_Code__r_2[1].0.rar -> [Ver = | Size = 45607705 bytes | Modified Date = 1/12/2007 12:13:52 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Digital_Film_Tools_EZ_Mask_v1[1].01.rar:Zone.Identifier ->
UPX! , UPX0 , -> %UserDesktop%\divx v65_nigmae.rar -> [Ver = | Size = 14876157 bytes | Modified Date = 1/29/2007 12:33:42 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\drweb-cureit.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\FontParadise-2800Fonts.zip:Zone.Identifier ->
UPX! , PEC2 , -> %UserDesktop%\FontParadise-2800Fonts.zip -> [Ver = | Size = 78593496 bytes | Modified Date = 11/5/2005 12:41:14 AM | Attr = ]
@Alternate Data Stream - 76 bytes -> %UserDesktop%\fontz:Roxio EMC Stream ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Gertrudis Pro.rar:Zone.Identifier ->
@Alternate Data Stream - 76 bytes -> %UserDesktop%\Guitars:Roxio EMC Stream ->
WSUD , -> %UserDesktop%\Image.zip -> [Ver = | Size = 47535285 bytes | Modified Date = 2/11/2007 4:54:28 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Imagenomic_Noiseware_Pro_4[1].1.0.5.rar:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\ImageSynth_v0[1].31.rar:Zone.Identifier ->
@Alternate Data Stream - 894 bytes -> %UserDesktop%\Jill's Site.url:favicon ->
@Alternate Data Stream - 76 bytes -> %UserDesktop%\Movie Stuff:Roxio EMC Stream ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\MO[1].VidaOne.MyPersonalDiet.v1.19.rar:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Pixarra[1].TwistedBrush.v11.3.WinAll.Cracked-EiTheL.rar:Zone.Identifier ->
WSUD , -> %UserDesktop%\SDFull.rar -> [Ver = | Size = 9713668 bytes | Modified Date = 2/13/2007 8:14:06 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SILKYPIX_Developer_Studio_3[1].0.2.9.rar:Zone.Identifier ->
FSG! , -> %UserDesktop%\slycr26[1].09.rar -> [Ver = | Size = 24524173 bytes | Modified Date = 9/27/2006 12:21:58 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Special_FX Actions.rar:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\spybotsd14.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\ssscs1b.rar:Zone.Identifier ->
File scan skipped for file %UserDesktop%\ssscs1b.rar -> File size too big (111866057 bytes) ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\tbrusha.exe:Zone.Identifier ->
@Alternate Data Stream - 76 bytes -> %UserDesktop%\TM Fonts:Roxio EMC Stream ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\TPh5[1].4.rar:Zone.Identifier ->
WSUD , -> %UserDesktop%\TPh5[1].4.rar -> [Ver = | Size = 7329176 bytes | Modified Date = 1/5/2007 12:48:52 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\TweakNow PowerPack.rar:Zone.Identifier ->
@Alternate Data Stream - 76 bytes -> %UserDesktop%\ULead Tutorials:Roxio EMC Stream ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinXP_Manager_5[1].0.4.rar:Zone.Identifier ->
@Alternate Data Stream - 1386 bytes -> %UserDesktop%\www.2baksa.net.url:favicon ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\XP[1].G.M.rar:Zone.Identifier ->
 
Part 9

UPX! , UPX0 , -> %SystemRoot%\calculatoor.exe -> [Ver = | Size = 291840 bytes | Modified Date = 10/20/2006 6:34:48 PM | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\lame.exe -> [Ver = | Size = 196608 bytes | Modified Date = 12/3/2002 9:47:32 PM | Attr = ]
File scan skipped for file %SystemRoot%\MEMORY.DMP -> File size too big (670150656 bytes) ->
UPX! , UPX0 , -> %SystemRoot%\muninst.exe -> www.video-soft.com [Ver = 1.0.0.5 | Size = 65024 bytes | Modified Date = 1/30/2005 1:11:14 PM | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\oggenc.exe -> [Ver = | Size = 155136 bytes | Modified Date = 11/14/2003 5:19:42 PM | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\uscscsi.dll -> [Ver = 1.12.0.0 | Size = 47104 bytes | Modified Date = 3/9/2003 6:42:44 PM | Attr = ]
UPX! , UPX0 , -> %System32%\AdjMmsEng.dll -> MultiMedia Soft [Ver = 5, 3, 0, 1 | Size = 659968 bytes | Modified Date = 7/21/2006 12:14:44 PM | Attr = ]
UPX! , -> %System32%\aswBoot.exe -> [Ver = 4, 6, 731, 0 | Size = 473600 bytes | Modified Date = 11/12/2005 6:59:18 AM | Attr = ]
UPX! , UPX0 , -> %System32%\auth.dll -> [Ver = | Size = 23040 bytes | Modified Date = 6/23/2001 9:20:00 PM | Attr = ]
UPX! , UPX0 , -> %System32%\avisynth.dll -> The Public [Ver = 2, 5, 6, 0 | Size = 308224 bytes | Modified Date = 10/28/2005 8:44:12 AM | Attr = ]
PEC2 , PECompact2 , -> %System32%\BluffTitler.scr -> [Ver = | Size = 719872 bytes | Modified Date = 6/16/2006 9:23:00 AM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivXNetworks [Ver = 6,0,0,1571 | Size = 692736 bytes | Modified Date = 7/15/2005 10:36:36 AM | Attr = ]
PEC2 , -> %System32%\Dwapilib.tlb -> [Ver = | Size = 197171 bytes | Modified Date = 2/14/1997 10:24:14 PM | Attr = ]
UPX! , UPX0 , -> %System32%\eSellerateEngine.dll -> eSellerate Inc. [Ver = 3.6.2.8 | Size = 151552 bytes | Modified Date = 10/11/2005 1:40:52 PM | Attr = ]
UPX! , UPX0 , -> %System32%\eWebControl.dll -> eSellerate Inc. [Ver = 1.0.2.0 | Size = 57856 bytes | Modified Date = 10/4/2005 7:11:22 AM | Attr = ]
UPX! , UPX0 , -> %System32%\ffdshow.ax -> [Ver = 1.0.2.1997 | Size = 1018368 bytes | Modified Date = 11/25/2005 4:04:22 PM | Attr = ]
UPX! , UPX0 , -> %System32%\ff_kerneldeint.dll -> [Ver = | Size = 57344 bytes | Modified Date = 11/25/2005 5:30:18 PM | Attr = ]
UPX! , UPX0 , -> %System32%\ff_liba52.dll -> [Ver = | Size = 49664 bytes | Modified Date = 11/25/2005 3:45:34 PM | Attr = ]
UPX! , UPX0 , -> %System32%\ff_libdts.dll -> [Ver = | Size = 122880 bytes | Modified Date = 11/25/2005 3:45:34 PM | Attr = ]
UPX! , UPX0 , -> %System32%\ff_libfaad2.dll -> [Ver = | Size = 186880 bytes | Modified Date = 11/25/2005 3:45:34 PM | Attr = ]
UPX! , UPX0 , -> %System32%\ff_libmad.dll -> [Ver = | Size = 86528 bytes | Modified Date = 11/25/2005 3:45:34 PM | Attr = ]
UPX! , UPX0 , -> %System32%\ff_realaac.dll -> [Ver = | Size = 107008 bytes | Modified Date = 11/25/2005 5:30:18 PM | Attr = ]
UPX! , UPX0 , -> %System32%\ff_samplerate.dll -> [Ver = | Size = 115200 bytes | Modified Date = 11/25/2005 3:45:34 PM | Attr = ]
UPX! , UPX0 , -> %System32%\ff_theora.dll -> [Ver = | Size = 107008 bytes | Modified Date = 11/25/2005 3:45:36 PM | Attr = ]
UPX! , UPX0 , -> %System32%\ff_tremor.dll -> [Ver = | Size = 49664 bytes | Modified Date = 11/25/2005 3:45:36 PM | Attr = ]
UPX! , UPX0 , -> %System32%\ff_unrar.dll -> [Ver = | Size = 37888 bytes | Modified Date = 11/25/2005 3:45:36 PM | Attr = ]
UPX! , UPX0 , -> %System32%\ff_wmv9.dll -> [Ver = | Size = 23552 bytes | Modified Date = 11/25/2005 3:45:36 PM | Attr = ]
UPX! , UPX0 , -> %System32%\ff_x264.dll -> [Ver = | Size = 196608 bytes | Modified Date = 11/25/2005 3:45:36 PM | Attr = ]
Thawte Consulting , -> %System32%\idmmbc.dll -> Tonec Inc. [Ver = 4, 0, 0, 1 | Size = 202424 bytes | Modified Date = 10/23/2006 6:51:46 AM | Attr = ]
aspack , -> %System32%\Incinerator.dll -> [Ver = | Size = 1212416 bytes | Modified Date = 12/20/2006 5:48:02 PM | Attr = ]
UPX! , UPX0 , -> %System32%\Lame.exe -> [Ver = | Size = 145408 bytes | Modified Date = 11/5/2005 3:34:50 PM | Attr = ]
UPX! , UPX0 , -> %System32%\libavcodec.dll -> [Ver = | Size = 1115648 bytes | Modified Date = 11/25/2005 3:45:38 PM | Attr = ]
UPX! , UPX0 , -> %System32%\libmpeg2_ff.dll -> [Ver = | Size = 43520 bytes | Modified Date = 11/25/2005 3:45:38 PM | Attr = ]
UPX! , UPX0 , -> %System32%\libmplayer.dll -> [Ver = | Size = 164352 bytes | Modified Date = 11/25/2005 3:45:38 PM | Attr = ]
UPX! , UPX0 , -> %System32%\libsndfile.dll -> [Ver = 1.0 rc2 | Size = 96768 bytes | Modified Date = 7/8/2005 10:06:02 AM | Attr = ]
UPX! , UPX0 , -> %System32%\macdll.dll -> Matthew T. Ashland [Ver = 3.97 | Size = 71680 bytes | Modified Date = 7/9/2002 11:30:06 PM | Attr = ]
UPX! , UPX0 , -> %System32%\monkeysource.ax -> [Ver = | Size = 179712 bytes | Modified Date = 8/31/2003 12:24:58 AM | Attr = ]
UPX! , UPX0 , -> %System32%\OggEnc.exe -> [Ver = | Size = 157696 bytes | Modified Date = 7/19/2002 8:48:22 AM | Attr = ]
Thawte Consulting , -> %System32%\Px.dll -> Sonic Solutions [Ver = 3.0.88.500 | Size = 452264 bytes | Modified Date = 6/9/2006 10:54:20 AM | Attr = ]
Thawte Consulting , -> %System32%\PxMas.dll -> Sonic Solutions [Ver = 3.0.88.500 | Size = 181928 bytes | Modified Date = 6/9/2006 10:54:26 AM | Attr = ]
Thawte Consulting , -> %System32%\PxSFS.DLL -> Sonic Solutions [Ver = 3.0.88.500 | Size = 1279656 bytes | Modified Date = 6/9/2006 10:54:28 AM | Attr = ]
Thawte Consulting , -> %System32%\PxWave.dll -> Sonic Solutions [Ver = 3.0.88.500 | Size = 345768 bytes | Modified Date = 6/9/2006 10:54:30 AM | Attr = ]
UPX! , UPX0 , -> %System32%\qtalt.ax -> Cyberlink [Ver = 1.00.1016 | Size = 28672 bytes | Modified Date = 4/30/2004 8:46:24 PM | Attr = ]
UPX! , UPX0 , -> %System32%\rmalt.ax -> Gabest [Ver = 1, 0, 0, 4 | Size = 116224 bytes | Modified Date = 3/26/2004 3:32:36 PM | Attr = ]
UPX! , UPX0 , -> %System32%\t3odm.dll -> Cyberlink [Ver = 1.00.1016 | Size = 28672 bytes | Modified Date = 4/30/2004 9:46:24 PM | Attr = ]
UPX! , UPX0 , -> %System32%\TomsMoComp_ff.dll -> [Ver = | Size = 49152 bytes | Modified Date = 11/25/2005 3:45:40 PM | Attr = ]
PEC2 , PECompact2 , -> %System32%\tssProgressBarXP.ocx -> Teebo Software Solutions [Ver = 1.00.0427 | Size = 72704 bytes | Modified Date = 2/9/2006 6:09:30 AM | Attr = ]
Thawte Consulting , -> %System32%\VaeCtrl.ocx -> Visviva Software Inc. [Ver = 3, 2, 8, 0 | Size = 130344 bytes | Modified Date = 11/8/2005 11:33:00 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\vafxu.dll:Zone.Identifier ->
UPX! , UPX0 , -> %System32%\vorbisenc.dll -> [Ver = | Size = 61952 bytes | Modified Date = 12/20/2003 6:45:34 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]
USERTRUST , -> %System32%\wodFtpDLX.OCX -> WeOnlyDo! Inc. [Ver = 2, 5, 4, 204 | Size = 938272 bytes | Modified Date = 1/27/2006 1:56:56 AM | Attr = ]
Thawte Consulting , -> %System32%\XceedFtp.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.1.129.0 | Size = 279392 bytes | Modified Date = 8/2/2005 4:32:34 PM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/3/2004 5:07:00 PM | Attr = ]

< End of report >

Hooray!!!! . . . :D: :bigthumb: :laugh:
 
Hi

Yes, it's long :)

I will take a look at it later today and post back if I see something wrong :)
 
Hi

You seem to have gmer installed

Please run a scan with it and post back results :)
 
Shaba said:
Hi

You seem to have gmer installed

Please run a scan with it and post back results :)
Click to expand...

Yes . . . Started a scan last night, but it seems to take a heck of a long time :D: . . . I left it running this AM and hopefully it will be done when I get home today (which will be late since I'm meeting some friends for dinner after work) . . . will post the results then . . . :)

Thanks!!

Alex
 
Sorry to say the scan stopped and my PC locked up, so couldn't get a log for the scan . . . :oops:

Will try again tonight. I'll shut down my external drives before starting it, so hopefully it will complete earlier. :bigthumb:
 
In the meantime, here is a new HJT scan report:

Logfile of HijackThis v1.99.1
Scan saved at 11:24:28 PM, on 2/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Positive Networks\Drivers\e4mserv.exe
C:\WINDOWS\system32\HDDSvc.exe
C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Positive Networks\Drivers\pospcserv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Hard Drive Inspector\HDInspector.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ZoneTick\zonetick.exe
C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Program Files\TitleBarClock Pro\Tbcpro.exe
C:\Program Files\Scorpio Software\Handy Animated Emoticons\HAE.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\program files\deskcalc pro\deskcalc.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Positive Networks\PosLoader.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn1\YTBSDK.exe
C:\Documents and Settings\Alex.HOME-ALEX\Desktop\HJThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [DVD43] "C:\Program Files\DVD Region+CSS Free\DVDRegionFree.exe" /hidden
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [PSDrvCheck] "C:\Program Files\Pinnacle\Instant PhotoAlbum\programs\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [HDInspector.exe] C:\Program Files\Hard Drive Inspector\HDInspector.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [muBlinder] C:\Documents and Settings\Alex.HOME-ALEX\Desktop\muBlinder.exe -startup
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ZoneTick] C:\Program Files\ZoneTick\zonetick.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe" /auto:TivoTransfer /registry /service
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /auto:TivoServer /registry /service
O4 - HKCU\..\Run: [RAMSaverPro] C:\Program Files\WinTools\RAM Saver Pro\ramsaverpro.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [TBC Pro] "C:\Program Files\TitleBarClock Pro\Tbcpro.exe"
O4 - HKCU\..\Run: [Handy Animated Emoticons] "C:\Program Files\Scorpio Software\Handy Animated Emoticons\HAE.exe" /minimized
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [DeskCalc] "c:\program files\deskcalc pro\deskcalc.exe" /hide
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Check For Updates.lnk = C:\Program Files\eDonkey2000Lite\WiseUpdt.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Positive Networks.lnk = C:\Program Files\Positive Networks\PosLoader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.turbotax.com
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www.costcophotocenter.com/CostcoOutlookImport.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (GTDownloaderCtrl Class) - http://inst.c-wss.com/59/EN/html/gtdownlr.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161684026496
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161770650280
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.costcophotocenter.com/CostcoUpload.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: COM+ Alerter Service - Unknown owner - C:\WINDOWS\system32\altsvc.exe (file missing)
O23 - Service: e4mservice - Unknown owner - C:\Program Files\Positive Networks\Drivers\e4mserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Positive Networks VPN Client Manager (pospcserv) - Positive Networks - C:\Program Files\Positive Networks\Drivers\pospcserv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
 
At the last minute decide to let it scan all drives, and it failed again . . . this time while scanning the last drive apparently.

Will try one more time tonite, and this time will really not scan the external drives. . . . :eek:
 
Status
Not open for further replies.
Back
Top