Is there any point in trying to clean my computer? - Malware removal help

Rank: Newbie
Groups: Member

Joined: 6/22/2009
Posts: 3

I could tell I had some kind of virus because my computer started acting strangely. I ran at least a half dozen virus and malware detection programs including a specific removal tool for the Virut virus. Then downloaded and ran Kaspersky which found and removed 35 viruses. Then I saw A-Squared suggested and ran that as a kind of final check.

I found your forum, started the process to generate logs to ask for help. So far I have run the ATF Cleaner and the A2 Deep Scan. I am looking at the report, showing 406 objects found, most of them shown as a virus, trojan, backdoor. (Over 60 showing as a form of Virut.)

I am quite willing to continue with the remaining scans and logs and submit them for your help, but the total is so overwhelming that I have to ask if there's really any point? I don't want to waste your time so thought I'd ask before going any further.

Thank you,
Donna

Rank: Newbie
Groups: Member

Joined: 6/22/2009
Posts: 3

Thank you.
Here we go...

Code:

a-squared Free - Version 4.5
Last update: 6/21/2009 9:41:59 PM

Scan settings:

Scan type: Deep Scan
Objects: Memory, Traces, Cookies, C:\, D:\
Scan archives: On
Heuristics: Off
ADS Scan: On

Scan start:   6/22/2009 6:03:40 AM

[1756] C:\WINDOWS\system32\spoolsv.exe   detected: Virus.Win32.SdBot!IK
[2216] C:\WINDOWS\System32\alg.exe   detected: Virus.Win32.Virut!IK
[2576] C:\WINDOWS\explorer.exe   detected: Trojan.Win32.Patched!IK
[2832] C:\Program Files\Internet Explorer\IEXPLORE.EXE   detected: Virus.Win32.Virut!IK
Value: HKEY_CLASSES_ROOT\CLSID\{33337170-F789-11CE-86F8-0020AFD8C6DB}\InprocServer32 --> ThreadingModel   detected: Trace.Registry.SGOOPE!A2
Value: HKEY_USERS\S-1-5-21-2607570431-1703736281-1984320-1007\Software\Viewpoint\Content Debugger --> Viewpoint Manager   detected: Trace.Registry.Viewpoint Media Toolbar!A2
Value: HKEY_USERS\S-1-5-21-2607570431-1703736281-1984320-1007\Software\Viewpoint\Content Debugger --> Viewpoint Manager Installer   detected: Trace.Registry.Viewpoint Media Toolbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Sony Pictures Games\JEOPARDY! --> PID   detected: Trace.Registry.JEOPARDY!!A2
Value: HKEY_USERS\S-1-5-21-2607570431-1703736281-1984320-1007\Software\GameHouse\Jigsaw --> ShowLink   detected: Trace.Registry.Jigsaw Great Art!A2
C:\WINDOWS\system32\config\systemprofile\Cookies\system@atdmt[1].txt   detected: Trace.TrackingCookie.atdmt!A2
C:\WINDOWS\system32\config\systemprofile\Cookies\system@doubleclick[2].txt   detected: Trace.TrackingCookie.doubleclick!A2
C:\aholding file\sd_cc32d477en.exe   detected: Trojan.Crypt!IK
C:\aholding file\WinRar 3.61 final\WinRAR Patch.exe   detected: Trojan.Win32.Alureon!IK
C:\aholding file\WinRar 3.61 final\winrar3.6x.multilanguage-patch.exe   detected: Trojan.Keygen.Q!IK
C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE   detected: Virus.Win32.Horse!IK
C:\hp\bin\KillWind.exe   detected: Riskware.RiskTool.Win32.PsKill.p!A2
C:\hp\bin\SetRes.exe   detected: Virus.Win32.Virut!IK
C:\hp\drivers\Realtek_HD_Audio\Alcmtr.exe   detected: Win32.Warezov!IK
C:\hp\drivers\Realtek_HD_Audio\SkyTel.exe   detected: Virus.Win32.Virut!IK
C:\hp\drivers\video_Intel\igfxcfg.exe   detected: Virus.Win32.Sality!IK
C:\hp\drivers\video_Intel\igfxzoom.exe   detected: Virus.Win32.Sality!IK
C:\Program Files\Accessories\WORDPAD.EXE   detected: Virus.Win32.Kriz!IK
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe   detected: Virus.Win32.Virut!IK
C:\Program Files\Adobe\Acrobat 6.0\Reader\AdobeUpdateManager.exe   detected: Backdoor.Win32.Netsnake!IK
C:\Program Files\Adobe\Adobe Help Center\ahc.exe   detected: Virus.Win32.Virut!IK
C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe   detected: Virus.Win32.Virut!IK
C:\Program Files\Common Files\Intuit\Internet Client\assist.exe   detected: Virus.Win32.Alman!IK
C:\Program Files\Common Files\Microsoft Shared\Artgalry\ARTGALRY.EXE   detected: Virus.Win32.Virut!IK
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bin\tcptest.exe   detected: Win32.Cadoiac.A!IK
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\_vti_bin\shtml.exe   detected: Virus.Win32.Virut.q!IK
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\_vti_bin\_vti_adm\admin.exe   detected: Win32.Cadoiac.A!IK
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\_vti_bin\_vti_aut\author.exe   detected: Win32.Cadoiac.A!IK
C:\Program Files\Common Files\Motive\BJInstaller.dll   detected: Trojan-Dropper.Agent!IK
C:\Program Files\DVD Decrypter\DVDDecrypter.exe   detected: Virus.Win32.Virut!IK
C:\Program Files\DVD Shrink\DVD Shrink 3.2.exe   detected: Virus.Win32.Virut!IK
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzswp01.exe   detected: Virus.Win32.Virut!IK
C:\Program Files\HP\Digital Imaging\uninstall\hpzmsi01.exe   detected: Virus.Win32.Virut!IK
C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe   detected: Virus.Win32.Virut!IK
C:\Program Files\HP\Temp\{6A545A82-ADDA-48eb-B6D9-EB1325F1813A}\setup\hpzmsi01.exe   detected: Virus.Win32.Virut!IK
C:\Program Files\HP\Temp\{6A545A82-ADDA-48eb-B6D9-EB1325F1813A}\setup\hpzrcv01.exe   detected: Virus.Win32.Virut!IK
C:\Program Files\HP\Temp\{6A545A82-ADDA-48eb-B6D9-EB1325F1813A}\setup\hpzscr01.exe   detected: Virus.Win32.Virut!IK
C:\Program Files\Intel\Intel Matrix Storage Manager\Shell.exe   detected: Virus.Win32.Virut!IK
C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe   detected: Win32.Virtob!IK
C:\Program Files\Internet Explorer\Connection Wizard\ICWOOBE.EXE   detected: Virus.Win32.Bolzano!IK
C:\Program Files\Internet Explorer\iexplore.exe   detected: Virus.Win32.Virut!IK
C:\Program Files\J River\Media Jukebox\Media Jukebox.exe   detected: Virus.Win32.Virut!IK
C:\Program Files\Java\jre1.6.0_03\bin\java.exe   detected: Virus.Win32.Bancos!IK
C:\Program Files\Java\jre1.6.0_03\bin\javacpl.exe   detected: Virus.Win32.Bancos!IK
C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe   detected: Virus.Win32.Bancos!IK
C:\Program Files\Java\jre1.6.0_03\bin\javaws.exe   detected: Virus.Win32.Bancos!IK
C:\Program Files\Messenger\msmsgs.exe   detected: Virus.Win32.Virut!IK
C:\Program Files\Microsoft Office\Office\VTIFORM.EXE   detected: Virus.Win32.Rbot!IK
C:\Program Files\Microsoft Works\wksdb.exe   detected: Virus.Win32.Virut!IK
C:\Program Files\Microsoft Works\wksss.exe   detected: Virus.Win32.Virut!IK
C:\Program Files\Microsoft Works\WksWP.exe   detected: Virus.Win32.Virut!IK
C:\Program Files\Movie Maker\moviemk.exe   detected: Trojan-Downloader.Win32.Banload!IK
C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe   detected: Trojan-Downloader.Win32.Dadobra!IK
C:\Program Files\MSN Gaming Zone\Windows\Rvsezm.exe   detected: Virus.Win32.Virut!IK
C:\Program Files\MusicMatch\MusicMatch Jukebox 4\mmjb.exe   detected: Virus.Win32.Virut!IK
C:\Program Files\NetMeeting\conf.exe   detected: Virus.Win32.Virut!IK
C:\Program Files\Netscape\Users50\default\Mail\pop3.pe.net\Inbox.sbd\03   detected: Trojan-Spy.HTML.Paylap!IK
C:\Program Files\Proficient\mirc32.exe   detected: Riskware.Client-IRC.Win32.mIRC!IK
C:\Program Files\Quicken\START.exe   detected: Trojan-Downloader.Win32.Banload!IK
C:\Program Files\Real\RealPlayer\realplay.exe   detected: Virus.Win32.Virut!IK
C:\Program Files\RealArcade\Installer\bin\UnRar.exe   detected: Trojan-PWS.Win32.FakeAIM.a!IK
C:\Program Files\SBC Self Support Tool\vendors\SBC\wwwcache\wt\default\private\content\driven_dev\bin\BJInstaller.dll   detected: Trojan-Dropper.Agent!IK
C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe   detected: Virus.Win32.Virut!IK
C:\Program Files\SBC Yahoo!\UninstallManager.exe   detected: Virus.Win32.Horse!IK
C:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exe   detected: Trojan.Zlob!IK
C:\Program Files\Sweet Home 3D\jre1.6.0_03\bin\javaw.exe   detected: Virus.Win32.Bancos!IK
C:\Program Files\Sweet Home 3D\jre1.6.0_03\launch4j-tmp\SweetHome3D.exe   detected: Virus.Win32.Bancos!IK
C:\Program Files\UP\Comps\Filter\blur.upc   detected: Trojan.Crypt.XPACK!IK
C:\Program Files\Winamp\winamp.exe   detected: Virus.Win32.Virut!IK
C:\Program Files\Windows Media Player\mplayer2.exe   detected: Virus.Win32.Virut.n!IK
C:\Program Files\Windows Media Player\wmdbexport.exe   detected: Virus.Win32.Virut!IK
C:\Program Files\Windows Media Player\wmpnetwk.exe   detected: Virus.Win32.Virut!IK
C:\Program Files\Windows NT\Accessories\wordpad.exe   detected: Virus.Win32.Virut!IK
C:\Program Files\Windows NT\dialer.exe   detected: Virus.Win32.Radja!IK
C:\Program Files\Windows NT\hypertrm.exe   detected: Hoax.Win32.RolCardGen!IK
C:\Program Files\Windows NT\Pinball\PINBALL.EXE   detected: Virus.Win32.Virut.n!IK
C:\Program Files\WinRAR\Rar.exe   detected: Trojan-PWS.Win32.FakeAIM.a!IK
C:\Program Files\WinRAR\UnRAR.exe   detected: Trojan-PWS.Win32.FakeAIM.a!IK
C:\Program Files\Yahoo!\Common\unwise.exe   detected: W32.Virut!IK
C:\Qoobox\Quarantine\C\WINDOWS\SNDREC32.EXE.vir   detected: Virus.Win32.Fosforo.a!IK
C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe   detected: Trojan.Win32.Patched!IK
C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ie4uinit.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\iexplore.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ie4uinit.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\$NtUninstallKB938828$\explorer.exe   detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\ACCSTAT.EXE   detected: Virus.Win9x.Priest.1478!IK
C:\WINDOWS\ALCMTR.EXE   detected: Win32.Warezov!IK
C:\WINDOWS\ARP.EXE   detected: Email-Worm.Win32.Wast!IK
C:\WINDOWS\ASD.EXE   detected: Virus.Win32.Ramdile!IK
C:\WINDOWS\CALC.EXE   detected: Virus.Win32.Seppuku!IK
C:\WINDOWS\CDPLAYER.EXE   detected: Virus.Win32.Ramdile!IK
C:\WINDOWS\CVT1.EXE   detected: Virus.Win32.Doser!IK
C:\WINDOWS\CVTAPLOG.EXE   detected: Virus.Win32.Levi!IK
C:\WINDOWS\explorer.exe   detected: Trojan.Win32.Patched!IK
C:\WINDOWS\EXTRAC32.EXE   detected: Virus.Win9x.Priest!IK
C:\WINDOWS\FONTVIEW.EXE   detected: Virus.Win32.Doser.4542!IK
C:\WINDOWS\FTP.EXE   detected: Virus.Win32.Jethro.5657!IK
C:\WINDOWS\HWINFO.EXE   detected: Virus.Win32.RainSong.3925.a!IK
C:\WINDOWS\ie7\ie4uinit.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\ie7\iexplore.exe   detected: Trojan-Spy.Win32.Banker.RM!IK
C:\WINDOWS\ie7updates\KB944533-IE7\iexplore.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\ieuninst.exe   detected: Trojan.Crypt!IK
C:\WINDOWS\inf\unregmp2.exe   detected: Virus.Win32.Virut.ai!IK
C:\WINDOWS\ld09.exe.vir   detected: Net-Worm.Win32.Koobface!IK
C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ilasm.exe   detected: Win32.Cadoiac.A!IK
C:\WINDOWS\MM2ENT.EXE   detected: Virus.Win32.Levi!IK
C:\WINDOWS\MPLAYER.EXE   detected: Virus.Win32.Mental!IK
C:\WINDOWS\msagent\agentsvr.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\MSNMGSR1.EXE   detected: Virus.Win32.RainSong.3925.a!IK
C:\WINDOWS\NOTEPAD.EXE   detected: Trojan-Dropper.Win32.Microjoin!IK
C:\WINDOWS\OPTIONS\CABS\AU10CPl.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\PACKAGER.EXE   detected: Virus.Win32.Hezhi!IK
C:\WINDOWS\PBRUSH.EXE   detected: Virus.Win32.Matrix!IK
C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc(2).exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe   detected: Virus.Win32.Horse!IK
C:\WINDOWS\pchealth\helpctr\binaries\notiflag.exe   detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\pchealth\UploadLB\Binaries\UploadM.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\ROUTE.EXE   detected: Virus.Win32.Jethro.5657!IK
C:\WINDOWS\RtlUpd.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\SCANREGW.EXE   detected: Virus.Win32.Kriz!IK
C:\WINDOWS\SNDVOL32.EXE   detected: Virus.Win32.Bolzano!IK
C:\WINDOWS\SOUNDMAN.EXE   detected: Win32.Virtob!IK
C:\WINDOWS\SYSBCKUP\MPLAYER.EXE   detected: Virus.Win32.Mental!IK
C:\WINDOWS\SYSMON.EXE   detected: Virus.Win32.Dream.4916!IK
C:\WINDOWS\system32\ADDREG.EXE   detected: Virus.Win32.Thorin!IK
C:\WINDOWS\system32\alg.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\arp.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\asr_ldm.exe   detected: Virus.Win32.Henky!IK
C:\WINDOWS\system32\AWFXEX32.EXE   detected: Virus.Win9x.ZMorph!IK
C:\WINDOWS\system32\calc.exe   detected: Virus.Win32.Henky!IK
C:\WINDOWS\system32\CFGWIZ32.EXE   detected: Virus.Win32.Gobi.a!IK
C:\WINDOWS\system32\chkntfs.exe   detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\cidaemon.exe   detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\cleanmgr.exe   detected: Win32.Cadoiac.A!IK
C:\WINDOWS\system32\clipsrv.exe   detected: Virus.Win32.SdBot!IK
C:\WINDOWS\system32\cmd.exe   detected: Trojan-Spy.Win32.Banker.ciy!IK
C:\WINDOWS\system32\cmmon32.exe   detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\compact.exe   detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\control.exe   detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\convert.exe   detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\diantz.exe   detected: BehavesLikeWin32.FileInfector!IK
C:\WINDOWS\system32\dllcache\admin.exe   detected: Win32.Cadoiac.A!IK
C:\WINDOWS\system32\dllcache\agentsvr.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\dllcache\alg.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\dllcache\arp.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\dllcache\asr_ldm.exe   detected: Virus.Win32.Henky!IK
C:\WINDOWS\system32\dllcache\author.exe   detected: Win32.Cadoiac.A!IK
C:\WINDOWS\system32\dllcache\calc.exe   detected: Virus.Win32.Henky!IK
C:\WINDOWS\system32\dllcache\chkntfs.exe   detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\cidaemon.exe   detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\cleanmgr.exe   detected: Win32.Cadoiac.A!IK
C:\WINDOWS\system32\dllcache\clipsrv.exe   detected: Virus.Win32.SdBot!IK
C:\WINDOWS\system32\dllcache\cmd.exe   detected: Trojan-Spy.Win32.Banker.ciy!IK
C:\WINDOWS\system32\dllcache\cmmon32.exe   detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\compact.exe   detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\conf.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\dllcache\control.exe   detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\convert.exe   detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\dialer.exe   detected: Virus.Win32.Radja!IK
C:\WINDOWS\system32\dllcache\diantz.exe   detected: BehavesLikeWin32.FileInfector!IK
C:\WINDOWS\system32\dllcache\dmadmin.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\dllcache\drwtsn32.exe   detected: Virus.Win32.Virut.bo!IK
C:\WINDOWS\system32\dllcache\dxdiag.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\dllcache\eudcedit.exe   detected: Virus.Win32.Small!IK
C:\WINDOWS\system32\dllcache\eventvwr.exe   detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\explorer.exe   detected: Trojan.Win32.Patched!IK
C:\WINDOWS\system32\dllcache\helpctr.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\dllcache\helpsvc.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\dllcache\hrtzzm.exe   detected: Trojan-Downloader.Win32.Dadobra!IK
C:\WINDOWS\system32\dllcache\icwconn1.exe   detected: Win32.Virtob!IK
C:\WINDOWS\system32\dllcache\ie4uinit.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\dllcache\iexplore.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\dllcache\imapi.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\dllcache\locator.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\dllcache\logon.scr   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\dllcache\logonui.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\dllcache\lpq.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\dllcache\lpr.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\dllcache\magnify.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\dllcache\makecab.exe   detected: BehavesLikeWin32.FileInfector!IK
C:\WINDOWS\system32\dllcache\migwiz.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\dllcache\migwiz_a.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\dllcache\mmc.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\dllcache\mnmsrvc.exe   detected: Virus.Win32.Virut.n!IK
C:\WINDOWS\system32\dllcache\moviemk.exe   detected: Trojan-Downloader.Win32.Banload!IK
C:\WINDOWS\system32\dllcache\mplayer2.exe   detected: Virus.Win32.Virut.n!IK
C:\WINDOWS\system32\dllcache\mqsvc.exe   detected: Backdoor.Win32.Frauder!IK
C:\WINDOWS\system32\dllcache\mqtgsvc.exe   detected: Win32.Virtob!IK
C:\WINDOWS\system32\dllcache\msconfig.exe   detected: Virus.Win32.Horse!IK
C:\WINDOWS\system32\dllcache\mshearts.exe   detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\msiexec.exe   detected: Virus.Win32.Virtob!IK
C:\WINDOWS\system32\dllcache\msoobe.exe   detected: W32.Virut!IK
C:\WINDOWS\system32\dllcache\mspaint.exe   detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\mstsc.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\dllcache\net.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\dllcache\notepad.exe   detected: Trojan-Dropper.Win32.Microjoin!IK
C:\WINDOWS\system32\dllcache\notiflag.exe   detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\nwscript.exe   detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\osk.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\dllcache\pinball.exe   detected: Virus.Win32.Virut.n!IK
C:\WINDOWS\system32\dllcache\powercfg.exe   detected: Virus.Win32.Socks.BA!IK
C:\WINDOWS\system32\dllcache\rcimlby.exe   detected: BehavesLikeWin32.FileInfector!IK
C:\WINDOWS\system32\dllcache\rdshost.exe   detected: Virus.Win32.SdBot!IK
C:\WINDOWS\system32\dllcache\reg.exe   detected: Win32.Virtob.8!IK
C:\WINDOWS\system32\dllcache\rsm.exe   detected: Win32.Virtob.8!IK
C:\WINDOWS\system32\dllcache\rsnotify.exe   detected: W32.Virut!IK
C:\WINDOWS\system32\dllcache\rstrui.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\dllcache\rsvp.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\dllcache\rundll32.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\dllcache\rvsezm.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\dllcache\sessmgr.exe   detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\shmgrate.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\dllcache\shtml.exe   detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\sndrec32.exe   detected: Virus.Win32.DeadCode!IK
C:\WINDOWS\system32\dllcache\spider.exe   detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\spoolsv.exe   detected: Virus.Win32.SdBot!IK
C:\WINDOWS\system32\dllcache\ss3dfo.scr   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\dllcache\ssbezier.scr   detected: Win32.Virtob!IK
C:\WINDOWS\system32\dllcache\ssflwbox.scr   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\dllcache\ssmarque.scr   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\dllcache\ssmypics.scr   detected: Win32.Virtob!IK
C:\WINDOWS\system32\dllcache\ssmyst.scr   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\dllcache\sspipes.scr   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\dllcache\ssstars.scr   detected: Win32.Virtob!IK
C:\WINDOWS\system32\dllcache\sstext3d.scr   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\dllcache\sysinfo.exe   detected: Virus.Win32.Socks.BA!IK
C:\WINDOWS\system32\dllcache\sysocmgr.exe   detected: Win32.Cadoiac.A!IK
C:\WINDOWS\system32\dllcache\taskmgr.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\dllcache\tcptest.exe   detected: Win32.Cadoiac.A!IK
C:\WINDOWS\system32\dllcache\tourstrt.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\dllcache\tsdiscon.exe   detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\twunk_32.exe   detected: Trojan-Clicker.Win32.NetBuie!IK
C:\WINDOWS\system32\dllcache\unregmp2.exe   detected: Virus.Win32.Virut.ai!IK
C:\WINDOWS\system32\dllcache\uploadm.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\dllcache\ups.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\dllcache\utilman.exe   detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\vssvc.exe   detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\dllcache\wextract.exe   detected: Backdoor.Win32.Hupigon!IK
C:\WINDOWS\system32\dllcache\wiaacmgr.exe   detected: Trojan-Downloader.Win32.Banload!IK
C:\WINDOWS\system32\dllcache\winlogon.exe   detected: Trojan.Win32.Patched!IK
C:\WINDOWS\system32\dllcache\wmic.exe   detected: Win32.Virtob!IK
C:\WINDOWS\system32\dllcache\wordpad.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\dllcache\wpabaln.exe   detected: W32.Virut!IK
C:\WINDOWS\system32\dllcache\wscript.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\dmadmin.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\drivers\ethfklug.sys   detected: Trojan.Rlsloupa!IK
C:\WINDOWS\system32\DRVSTORE\igxp32_5CCD0E15194FE7D21889B9A256F4982F1C9E92C8\igfxcfg.exe   detected: Virus.Win32.Sality!IK
C:\WINDOWS\system32\DRVSTORE\igxp32_5CCD0E15194FE7D21889B9A256F4982F1C9E92C8\igfxzoom.exe   detected: Virus.Win32.Sality!IK
C:\WINDOWS\system32\drwtsn32.exe   detected: Virus.Win32.Virut.bo!IK
C:\WINDOWS\system32\DSSSIG.EXE   detected: Virus.Win32.Gobi.a!IK
C:\WINDOWS\system32\dxdiag.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\eudcedit.exe   detected: Virus.Win32.Small!IK
C:\WINDOWS\system32\eventvwr.exe   detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\HPScanFix.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\ie4uinit.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\IESHWIZ.EXE   detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\igfxcfg.exe   detected: Virus.Win32.Sality!IK
C:\WINDOWS\system32\igfxzoom.exe   detected: Virus.Win32.Sality!IK
C:\WINDOWS\system32\imapi.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\java.exe   detected: Virus.Win32.Bancos!IK
C:\WINDOWS\system32\javaw.exe   detected: Virus.Win32.Bancos!IK
C:\WINDOWS\system32\javaws.exe   detected: Virus.Win32.Bancos!IK
C:\WINDOWS\system32\locator.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\logon.scr   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\logonui.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\lpq.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\lpr.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\magnify.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\makecab.exe   detected: BehavesLikeWin32.FileInfector!IK
C:\WINDOWS\system32\migpwd.exe   detected: W32.Virut!IK
C:\WINDOWS\system32\mmc.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\mnmsrvc.exe   detected: Virus.Win32.Virut.n!IK
C:\WINDOWS\system32\mqsvc.exe   detected: Backdoor.Win32.Frauder!IK
C:\WINDOWS\system32\mqtgsvc.exe   detected: Win32.Virtob!IK
C:\WINDOWS\system32\mshearts.exe   detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\msiexec.exe   detected: Virus.Win32.Virtob!IK
C:\WINDOWS\system32\mspaint.exe   detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\mstsc.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\mypixdx.scr   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\net.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\notepad.exe   detected: Trojan-Dropper.Win32.Microjoin!IK
C:\WINDOWS\system32\nwscript.exe   detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\oobe\msoobe.exe   detected: W32.Virut!IK
C:\WINDOWS\system32\osk.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\powercfg.exe   detected: Virus.Win32.Socks.BA!IK
C:\WINDOWS\system32\rcimlby.exe   detected: BehavesLikeWin32.FileInfector!IK
C:\WINDOWS\system32\rdshost.exe   detected: Virus.Win32.SdBot!IK
C:\WINDOWS\system32\reg.exe   detected: Win32.Virtob.8!IK
C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\ALCMTR.EXE   detected: Win32.Warezov!IK
C:\WINDOWS\system32\Restore\rstrui.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\rsm.exe   detected: Win32.Virtob.8!IK
C:\WINDOWS\system32\rsnotify.exe   detected: W32.Virut!IK
C:\WINDOWS\system32\rsvp.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\rundll32.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\sessmgr.exe   detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\shmgrate.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\sndrec32.exe   detected: Virus.Win32.DeadCode!IK
C:\WINDOWS\system32\spider.exe   detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\spoolsv.exe   detected: Virus.Win32.SdBot!IK
C:\WINDOWS\system32\ss3dfo.scr   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\ssbezier.scr   detected: Win32.Virtob!IK
C:\WINDOWS\system32\ssflwbox.scr   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\ssmarque.scr   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\ssmypics.scr   detected: Win32.Virtob!IK
C:\WINDOWS\system32\ssmyst.scr   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\sspipes.scr   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\ssstars.scr   detected: Win32.Virtob!IK
C:\WINDOWS\system32\sstext3d.scr   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\sysocmgr.exe   detected: Win32.Cadoiac.A!IK
C:\WINDOWS\system32\systeminfo.exe   detected: Virus.Win32.Socks.BA!IK
C:\WINDOWS\system32\TAPI16.EXE   detected: Virus.Win9x.ZMorph!IK
C:\WINDOWS\system32\TAPIINI.EXE   detected: Virus.Win9x.ZMorph!IK
C:\WINDOWS\system32\taskmgr.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\tourstart.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\tsdiscon.exe   detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\ups.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\usmt\migwiz.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\usmt\migwiza.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\usmt\migwiz_a.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\utilman.exe   detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\vssvc.exe   detected: Virus.Win32.Virut.q!IK
C:\WINDOWS\system32\wbem\wmic.exe   detected: Win32.Virtob!IK
C:\WINDOWS\system32\wextract.exe   detected: Backdoor.Win32.Hupigon!IK
C:\WINDOWS\system32\wiaacmgr.exe   detected: Trojan-Downloader.Win32.Banload!IK
C:\WINDOWS\system32\wpabaln.exe   detected: W32.Virut!IK
C:\WINDOWS\system32\wpgldfsh.scr   detected: Virus.Win32.Virut!IK
C:\WINDOWS\system32\wscript.exe   detected: Virus.Win32.Virut!IK
C:\WINDOWS\TOUR98.EXE   detected: Virus.Win32.RainSong!IK
C:\WINDOWS\TRACERT.EXE   detected: Virus.Win32.KME!IK
C:\WINDOWS\TUNEUP.EXE   detected: Virus.Win32.Dream.4916!IK
C:\WINDOWS\twunk_32.exe   detected: Trojan-Clicker.Win32.NetBuie!IK
C:\WINDOWS\UPWIZUN.EXE   detected: Virus.Win32.Bolzano!IK
C:\WINDOWS\WELCOME.EXE   detected: Virus.Win32.Thorin!IK
C:\WINDOWS\WINIPCFG.EXE   detected: Virus.Win32.Bolzano!IK
C:\WINDOWS\WINREP.EXE   detected: Virus.Win32.Hezhi!IK
C:\WINDOWS\WRITE.EXE   detected: Virus.Win32.Matrix!IK
C:\WINDOWS\WSCRIPT.EXE   detected: Win32.Virtob!IK
D:\MiniNT\system32\drivers\nvunrm.exe   detected: W32.Virut!IK
D:\MiniNT\system32\IPCONFIG.EXE   detected: Virus.Win32.Virut.q!IK
D:\MiniNT\system32\lsass.exe   detected: Trojan.Win32.Anomaly!IK
D:\MiniNT\system32\NET.EXE   detected: Virus.Win32.Virut!IK
D:\MiniNT\system32\notepad.exe   detected: Virus.Win32.Hupigon!IK
D:\MiniNT\system32\nvuide.exe   detected: W32.Virut!IK
D:\MiniNT\system32\regsvr32.exe   detected: Virus.Win32.Virut.q!IK
D:\MiniNT\system32\rsvp.exe   detected: Virus.Win32.Virut!IK
D:\MiniNT\system32\services.exe   detected: Virus.Win32.Virut.q!IK
D:\MiniNT\system32\start.exe   detected: Backdoor.Win32.Zombam!IK
D:\MiniNT\system32\taskmgr.exe   detected: Virus.Win32.Virut!IK
D:\MiniNT\system32\winlogon.exe   detected: Virus.Win32.Virut.q!IK
D:\MiniNT\system32\nvudisp.exe   detected: W32.Virut!IK
D:\MiniNT\system32\nvunrm.exe   detected: W32.Virut!IK
D:\I386\APPS\APP08661\src\IE\ENCPACK.EXE   detected: Virus.Win32.Gobi.a!IK
D:\I386\APPS\APP13317\src\setup\HPZarp01.exe   detected: Virus.Win32.Virut!IK
D:\I386\APPS\APP13317\src\setup\HPZcdl01.exe   detected: Virus.Win32.Virut!IK
D:\I386\APPS\APP13317\src\setup\HPZchk01.exe   detected: Virus.Win32.Virut!IK
D:\I386\APPS\APP13317\src\setup\HPZdui01.exe   detected: Virus.Win32.Virut!IK
D:\I386\APPS\APP13317\src\setup\HPZmsi01.exe   detected: Virus.Win32.Virut!IK
D:\I386\APPS\APP13317\src\setup\HPZnet01.exe   detected: Virus.Win32.Virut!IK
D:\I386\APPS\APP13317\src\setup\HPZnfx01.exe   detected: Virus.Win32.Virut!IK
D:\I386\APPS\APP13317\src\setup\HPZnop01.exe   detected: Virus.Win32.Virut!IK
D:\I386\APPS\APP13317\src\setup\HPZopt01.exe   detected: Virus.Win32.Virut!IK
D:\I386\APPS\APP13317\src\setup\HPZpnp01.exe   detected: Virus.Win32.Virut!IK
D:\I386\APPS\APP13317\src\setup\HPZprl01.exe   detected: Virus.Win32.Virut!IK
D:\I386\APPS\APP13317\src\setup\HPZpsc01.exe   detected: Virus.Win32.Virut!IK
D:\I386\APPS\APP13317\src\setup\HPZpsl01.exe   detected: Virus.Win32.Virut!IK
D:\I386\APPS\APP13317\src\setup\HPZrcn01.exe   detected: Virus.Win32.Virut!IK
D:\I386\APPS\APP13317\src\setup\HPZrcv01.exe   detected: Virus.Win32.Virut!IK
D:\I386\APPS\APP13317\src\setup\HPZrein01.exe   detected: Virus.Win32.Virut!IK
D:\I386\APPS\APP13317\src\setup\HPZscr01.exe   detected: Virus.Win32.Virut!IK
D:\I386\APPS\APP13317\src\setup\HPZshl01.exe   detected: Virus.Win32.Virut!IK
D:\I386\APPS\APP13317\src\setup\HPZsui01.exe   detected: Virus.Win32.Virut!IK
D:\I386\APPS\APP13317\src\setup\HPZtim01.exe   detected: Virus.Win32.Virut!IK
D:\I386\APPS\APP13317\src\setup\HPZwis01.exe   detected: Virus.Win32.Virut!IK
D:\I386\APPS\APP13317\src\setup\HPZwrp01.exe   detected: Virus.Win32.Virut!IK
D:\I386\APPS\APP13317\src\setup\HPZwup01.exe   detected: Virus.Win32.Virut!IK
D:\I386\APPS\APP13317\src\setup.exe   detected: Virus.Win32.Virut!IK
D:\I386\APPS\APP13317\src\util\ccc\HPZlgc01.exe   detected: Virus.Win32.Virut!IK
D:\I386\APPS\APP13317\src\util\ccc\MediaSizeSettings.exe   detected: Trojan.Win32.Patched!IK
D:\I386\APPS\APP16711\src\MSWORKS\PFILES\MSWORKS\WKSDB.EXE   detected: Virus.Win32.Virut!IK
D:\I386\APPS\APP16711\src\MSWORKS\PFILES\MSWORKS\WKSSS.EXE   detected: Virus.Win32.Virut!IK
D:\I386\APPS\APP16711\src\MSWORKS\PFILES\MSWORKS\WKSWP.EXE   detected: Virus.Win32.Virut!IK
D:\I386\APPS\APP31431\src\DISK1\Setup.exe   detected: Trojan-Banker.Win32.Banker!IK
D:\I386\DRV\APP11985\src\Alcmtr.exe   detected: Win32.Warezov!IK
D:\I386\DRV\APP11985\src\SkyTel.exe   detected: Virus.Win32.Virut!IK
D:\I386\DRV\APP13698\src\igfxcfg.exe   detected: Virus.Win32.Sality!IK
D:\I386\DRV\APP13698\src\igfxzoom.exe   detected: Virus.Win32.Sality!IK
D:\I386\SYSTEM32\Ipconfig.exe   detected: Virus.Win32.Virut.q!IK
D:\I386\SYSTEM32\lsass.exe   detected: Trojan.Win32.Anomaly!IK
D:\I386\SYSTEM32\Net.exe   detected: Virus.Win32.Virut!IK
D:\I386\SYSTEM32\notepad.exe   detected: Virus.Win32.Hupigon!IK
D:\I386\SYSTEM32\nvuide.exe   detected: W32.Virut!IK
D:\I386\SYSTEM32\regsvr32.exe   detected: Virus.Win32.Virut.q!IK
D:\I386\SYSTEM32\rsvp.exe   detected: Virus.Win32.Virut!IK
D:\I386\SYSTEM32\services.exe   detected: Virus.Win32.Virut.q!IK
D:\I386\SYSTEM32\start.exe   detected: Backdoor.Win32.Zombam!IK
D:\I386\SYSTEM32\taskmgr.exe   detected: Virus.Win32.Virut!IK
D:\I386\SYSTEM32\winlogon.exe   detected: Virus.Win32.Virut.q!IK

Scanned

Files:   358019
Traces:   625878
Cookies:   38
Processes:   47

Found

Files:   395
Traces:   5
Cookies:   2
Processes:   4
Registry keys:   0

Scan end:   6/22/2009 7:38:37 AM
Scan time:   1:34:57

Code:

************************************************************************************
ISeeYouXP v2.0 Beta 14

ISeeYouXP v1.3.0-v2.0 Beta 14 Copyright - ShadowPuterDude
ISeeYouXP v1.2.9 and earlier Copyright - PhilliePhan
------------------------------------------------------------------------------------
**** PLEASE NOTE THAT MOST (if not ALL) OF THE ITEMS BELOW ARE NOT BADDIES! ****
**** PLEASE CONSULT A KNOWLEDGEABLE PERSON BEFORE TAKING ANY ACTION. ****
************************************************************************************

Windows/Browser/Java Versions:

Microsoft Windows XP Professional
Version: 5.1.2600
Service Pack: 2.0
Windows Directory: C:\WINDOWS

Internet Explorer
Version: 7.0.5730.13IC
Build: 75730
Language: English (United States)
Path: C:\Program Files\Internet Explorer

Boot State: Normal boot

Scan done at 8:17:14.17, Mon 06/22/2009

------------------------------------------------------------------------------------

ISeeYouXP installation folder and files

"C:\ISeeYouXP\"
bootst~1.vbs May 28 2007 359 "bootstate.vbs"
change.log Jun 8 2008 5012 "change.log"
chodefix.bat Apr 18 2007 5387 "chodefix.bat"
fixchode.reg Apr 18 2007 528 "fixChode.reg"
fixexp~1.bat Feb 24 2007 487 "FixExplorerPolicies.bat"
getunk~1.bat Aug 12 2006 1478 "GetUnKeys.bat"
grep.exe Dec 24 2004 160768 "grep.exe"
hideit.bat Oct 17 2007 1072 "HideIT.bat"
ieinfo.vbs May 28 2007 514 "ieinfo.vbs"
iesecu~1.bat Oct 28 2007 72 "IESecurityZones.bat"
iesecu~1.vbs Nov 8 2007 2399 "IESecurityZones.vbs"
iseeyo~1.bat Jun 8 2008 211377 "ISeeYouXP.bat"
libico~1.dll Mar 16 2004 898048 "libiconv2.dll"
libintl3.dll Oct 9 2004 101888 "libintl3.dll"
locate.com Jan 14 2005 11254 "locate.com"
md5sum.exe Aug 5 2007 49152 "md5sum.exe"
msconf~1.bat Feb 24 2007 578 "MSConfigFix.bat"
osinfo.vbs May 28 2007 598 "osinfo.vbs"
pcbutts.txt Mar 25 2007 5167 "PCBUTTS.TXT"
pcre.dll Nov 14 2004 183313 "pcre.dll"
pv.exe Mar 3 2006 73728 "pv.exe"
regedi~1.bat Mar 30 2007 650 "RegEditFix.bat"
regfix.bat Apr 18 2007 145 "Regfix.bat"
servic~1.vbs May 28 2007 672 "servicesinfo.vbs"
showit.bat Oct 17 2007 1013 "ShowIT.bat"
swreg.exe Apr 5 2007 139776 "swreg.exe"
system~1.bat Feb 28 2007 369 "SystemRestoreFix.bat"
taskmg~1.bat Feb 24 2007 288 "TaskMgrFix.bat"

28 items found: 28 files, 0 directories.
Total of file sizes: 1,856,092 bytes 1.77 M
3 Dir(s) 248,733,097,984 bytes free

------------------------------------------------------------------------------------

System Environment Variables

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\HP_Administrator\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DONNAM
ComSpec=C:\WINDOWS\system32\cmd.exe
errcode=0
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\HP_Administrator
LOGONSERVER=\\DONNAM
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\HP\Digital Imaging\bin;C:\Program Files\HP\Digital Imaging\bin;C:\Program Files\HP\Digital Imaging\bin\Qt\Qt 4.3.3;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp
USERDOMAIN=DONNAM
USERNAME=HP_Administrator
USERPROFILE=C:\Documents and Settings\HP_Administrator
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI

------------------------------------------------------------------------------------

Showing any Pocket Killbox backup files

No matches found.

------------------------------------------------------------------------------------

Displaying BOOT.INI:

[boot loader]
timeout=3
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

------------------------------------------------------------------------------------

Displaying SYSTEM.INI:

; for 16-bit app support
[drivers]
wave=mmdrv.dll
timer=timer.drv
[mci]
[driver32]
[386enh]
woafont=dosapp.FON
EGA80WOA.FON=EGA80WOA.FON
EGA40WOA.FON=EGA40WOA.FON
CGA80WOA.FON=CGA80WOA.FON
CGA40WOA.FON=CGA40WOA.FON

------------------------------------------------------------------------------------

Displaying WIN.INI:

; for 16-bit app support
[fonts]
[extensions]
[mci extensions]
[files]
[Mail]
MAPI=1
CMC=1
CMCDLLNAME=mapi.dll
CMCDLLNAME32=mapi32.dll
MAPIX=1
MAPIXVER=1.0.0.1
OLEMessaging=1
[MCI Extensions.BAK]
aif=MPEGVideo
aifc=MPEGVideo
aiff=MPEGVideo
asf=MPEGVideo
asx=MPEGVideo
au=MPEGVideo
m1v=MPEGVideo
m3u=MPEGVideo
mp2=MPEGVideo
mp2v=MPEGVideo
mp3=MPEGVideo
mpa=MPEGVideo
mpe=MPEGVideo
mpeg=MPEGVideo
mpg=MPEGVideo
mpv2=MPEGVideo
snd=MPEGVideo
wax=MPEGVideo
wm=MPEGVideo
wma=MPEGVideo
wmv=MPEGVideo
wmx=MPEGVideo
wpl=MPEGVideo
wvx=MPEGVideo
m2v=MPEGVideo
mod=MPEGVideo
[MCIAVI]
DefaultVideo=Window
[Drivers.drv]
{09034A7D-F289-4BDF-9660-D16FB5811B32}=28282828C83D0B6828282828FCDAE9517C476250259AE55174476250
[Microtek]
Interface=
[SM3800]
LeadEdge=373
SideEdge=125
[5-Or-More!]
Version=v2.0a

------------------------------------------------------------------------------------

Displaying AUTOEXEC.BAT:

PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625

------------------------------------------------------------------------------------

Displaying CONFIG.SYS:

------------------------------------------------------------------------------------

Displaying Running Processes:

PROCESS PID PRIO PATH
smss.exe 1036 Normal C:\WINDOWS\System32\smss.exe
csrss.exe 1108 Normal C:\WINDOWS\system32\csrss.exe
winlogon.exe 1132 High C:\WINDOWS\system32\winlogon.exe
services.exe 1176 Normal C:\WINDOWS\system32\services.exe
lsass.exe 1192 Normal C:\WINDOWS\system32\lsass.exe
svchost.exe 1340 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1444 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1484 Normal C:\WINDOWS\System32\svchost.exe
svchost.exe 1592 Normal C:\WINDOWS\system32\svchost.exe
spoolsv.exe 1756 Normal C:\WINDOWS\system32\spoolsv.exe
ehRecvr.exe 320 Above Normal C:\WINDOWS\eHome\ehRecvr.exe
ehSched.exe 332 Normal C:\WINDOWS\eHome\ehSched.exe
Iaantmon.exe 400 Normal C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
LSSrvc.exe 456 Normal C:\Program Files\Common Files\LightScribe\LSSrvc.exe
svchost.exe 588 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 728 Normal C:\WINDOWS\system32\svchost.exe
mcrdsvc.exe 804 Normal C:\WINDOWS\ehome\mcrdsvc.exe
Elservice.exe 984 High C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
dllhost.exe 2132 Normal C:\WINDOWS\system32\dllhost.exe
alg.exe 2216 Normal C:\WINDOWS\System32\alg.exe
explorer.exe 2576 Normal C:\WINDOWS\explorer.exe
issch.exe 2664 Normal C:\program files\common files\installshield\updateservice\issch.exe
em_exec.exe 2680 Normal C:\Program Files\Logitech\MouseWare\system\em_exec.exe
Iaanotif.exe 2692 Normal C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
hpztsb06.exe 2704 Normal C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
HPWuSchd2.exe 2780 Normal C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
hkcmd.exe 2788 Normal C:\WINDOWS\system32\hkcmd.exe
ehtray.exe 2896 Normal C:\WINDOWS\ehome\ehtray.exe
DMAScheduler.exe 2928 Normal C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
EntriqMediaTray.exe 3012 Normal C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaTray.exe
ehmsas.exe 3044 Normal C:\WINDOWS\eHome\ehmsas.exe
RTHDCPL.EXE 3176 Normal C:\WINDOWS\RTHDCPL.EXE
EntriqMediaServer.exe 3208 Normal C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaServer.exe
Updates from HP.exe 3752 Normal C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
wuauclt.exe 3820 Normal C:\WINDOWS\system32\wuauclt.exe
KBD.EXE 552 High C:\HP\KBD\KBD.EXE
hpsysdrv.exe 2452 Normal c:\windows\system\hpsysdrv.exe
jusched.exe 1052 Normal C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
DISCover.exe 916 Normal C:\Program Files\DISC\DISCover.exe
wmiprvse.exe 2012 Normal C:\WINDOWS\system32\wbem\wmiprvse.exe
svchost.exe 3608 Normal C:\WINDOWS\System32\svchost.exe
svchost.exe 4048 Normal C:\WINDOWS\System32\svchost.exe
svchost.exe 3804 Normal C:\WINDOWS\System32\svchost.exe
svchost.exe 1720 Normal C:\WINDOWS\System32\svchost.exe
IEXPLORE.EXE 2832 Normal C:\Program Files\Internet Explorer\IEXPLORE.EXE
a2service.exe 3712 Normal C:\Program Files\a-squared Free\a2service.exe
cmd.exe 3216 Normal C:\WINDOWS\system32\cmd.exe
ntvdm.exe 3004 Normal C:\WINDOWS\system32\ntvdm.exe
pv.exe 1348 Normal C:\ISEEYO~1\pv.exe

------------------------------------------------------------------------------------

Displaying Windows Services:

Name: a2free
Display Name: a-squared Free Service
Description: Scans the PC for unwanted software and provides protection from malicious code
Path Name: "C:\Program Files\a-squared Free\a2service.exe"
Start Mode: Auto
State: Running

Name: Alerter
Display Name: Alerter
Description: Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Disabled
State: Stopped

Name: ALG
Display Name: Application Layer Gateway Service
Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
Path Name: C:\WINDOWS\System32\alg.exe
Start Mode: Manual
State: Running

Name: AppMgmt
Display Name: Application Management
Description: Provides software installation services such as Assign, Publish, and Remove.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped

Name: aspnet_state
Display Name: ASP.NET State Service
Description: Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
Start Mode: Manual
State: Stopped

Name: AudioSrv
Display Name: Windows Audio
Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: AVP
Display Name: Kaspersky Anti-Virus
Description: Provides protection against viruses and other malicious software.
Path Name: "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" -r
Start Mode: Auto
State: Running

Name: BITS
Display Name: Background Intelligent Transfer Service
Description: Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Running

Name: Browser
Display Name: Computer Browser
Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Stopped

Name: CA Personal Firewall ASEM
Display Name: CA Personal Firewall ASEM
Description:
Path Name:
Start Mode: Auto
State: Stopped

Name: CiSvc
Display Name: Indexing Service
Description: Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
Path Name: C:\WINDOWS\system32\cisvc.exe
Start Mode: Manual
State: Stopped

Name: ClipSrv
Display Name: ClipBook
Description: Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\clipsrv.exe
Start Mode: Disabled
State: Stopped

Name: COMSysApp
Display Name: COM+ System Application
Description: Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Start Mode: Manual
State: Running

Name: CryptSvc
Display Name: Cryptographic Services
Description: Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: DcomLaunch
Display Name: DCOM Server Process Launcher
Description: Provides launch functionality for DCOM services.
Path Name: C:\WINDOWS\system32\svchost -k DcomLaunch
Start Mode: Auto
State: Running

Name: Dhcp
Display Name: DHCP Client
Description: Manages network configuration by registering and updating IP addresses and DNS names.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: dmadmin
Display Name: Logical Disk Manager Administrative Service
Description: Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
Path Name: C:\WINDOWS\System32\dmadmin.exe /com
Start Mode: Manual
State: Stopped

Name: dmserver
Display Name: Logical Disk Manager
Description: Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: Dnscache
Display Name: DNS Client
Description: Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k NetworkService
Start Mode: Disabled
State: Stopped

Name: ehRecvr
Display Name: Media Center Receiver Service
Description: Media Center Service for TV and FM broadcast reception
Path Name: C:\WINDOWS\eHome\ehRecvr.exe
Start Mode: Auto
State: Running

Name: ehSched
Display Name: Media Center Scheduler Service
Description:
Path Name: C:\WINDOWS\eHome\ehSched.exe
Start Mode: Auto
State: Running

Name: ELService
Display Name: Intel(R) Quick Resume technology
Description: Intel(R) Quick Resume Technology Service
Path Name: C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
Start Mode: Auto
State: Running

Name: ERSvc
Display Name: Error Reporting Service
Description: Allows error reporting for services and applictions running in non-standard environments.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: Eventlog
Display Name: Event Log
Description: Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
Path Name: C:\WINDOWS\system32\services.exe
Start Mode: Auto
State: Running

Name: EventSystem
Display Name: COM+ Event System
Description: Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Running

Name: FastUserSwitchingCompatibility
Display Name: Fast User Switching Compatibility
Description: Provides management for applications that require assistance in a multiple user environment.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual
State: Running

Name: Fax
Display Name: Fax
Description: Enables you to send and receive faxes, utilizing fax resources available on this computer or on the network.
Path Name: C:\WINDOWS\system32\fxssvc.exe
Start Mode: Manual
State: Stopped

Name: helpsvc
Display Name: Help and Support
Description: Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: HidServ
Display Name: Human Interface Device Access
Description: Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Disabled
State: Stopped

Name: hpqcxs08
Display Name: hpqcxs08
Description:
Path Name: C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
Start Mode: Manual
State: Stopped

Name: HTTPFilter
Display Name: HTTP SSL
Description: This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\svchost.exe -k HTTPFilter
Start Mode: Manual
State: Stopped

Name: IAANTMON
Display Name: Intel(R) Matrix Storage Event Monitor
Description:
Path Name: C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
Start Mode: Auto
State: Running

Name: IDriverT
Display Name: InstallDriver Table Manager
Description: Provides support for the Running Object Table for InstallShield Drivers
Path Name: "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
Start Mode: Manual
State: Stopped

Name: ImapiService
Display Name: IMAPI CD-Burning COM Service
Description: Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\imapi.exe
Start Mode: Manual
State: Stopped

Name: lanmanserver
Display Name: Server
Description: Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: lanmanworkstation
Display Name: Workstation
Description: Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: LightScribeService
Display Name: LightScribeService Direct Disc Labeling Service
Description: Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work.
Path Name: "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
Start Mode: Auto
State: Running

Name: LmHosts
Display Name: TCP/IP NetBIOS Helper
Description: Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Auto
State: Running

Name: McrdSvc
Display Name: Media Center Extender Service
Description:
Path Name: C:\WINDOWS\ehome\mcrdsvc.exe
Start Mode: Auto
State: Running

Name: Messenger
Display Name: Messenger
Description: Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Disabled
State: Stopped

Name: MHN
Display Name: MHN
Description: Multimedia Home Networking (MHN) is a networking platform for Audio Video (AV) streaming applications on IP home networks. MHN enhances AV streaming performance and reliability by ensuring network quality-of-service (QoS) for AV applications by providing mechanisms for admission control, run time monitoring and enforcement, application feedback, and traffic prioritization.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped

Name: mnmsrvc
Display Name: NetMeeting Remote Desktop Sharing
Description: Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\mnmsrvc.exe
Start Mode: Manual
State: Stopped

Name: MSIServer
Display Name: Windows Installer
Description: Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\msiexec.exe /V
Start Mode: Manual
State: Stopped

Name: NetDDE
Display Name: Network DDE
Description: Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\netdde.exe
Start Mode: Disabled
State: Stopped

Name: NetDDEdsdm
Display Name: Network DDE DSDM
Description: Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\netdde.exe
Start Mode: Disabled
State: Stopped

Name: Netlogon
Display Name: Net Logon
Description: Supports pass-through authentication of account logon events for computers in a domain.
Path Name: C:\WINDOWS\system32\lsass.exe
Start Mode: Manual
State: Stopped

Name: Netman
Display Name: Network Connections
Description: Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual
State: Running

Name: Nla
Display Name: Network Location Awareness (NLA)
Description: Collects and stores network configuration and location information, and notifies applications when this information changes.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Running

Name: NtLmSsp
Display Name: NT LM Security Support Provider
Description: Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
Path Name: C:\WINDOWS\system32\lsass.exe
Start Mode: Manual
State: Stopped

Name: NtmsSvc
Display Name: Removable Storage
Description:
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped

Name: PlugPlay
Display Name: Plug and Play
Description: Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
Path Name: C:\WINDOWS\system32\services.exe
Start Mode: Auto
State: Running

Name: PolicyAgent
Display Name: IPSEC Services
Description: Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
Path Name: C:\WINDOWS\system32\lsass.exe
Start Mode: Auto
State: Running

Name: ProtectedStorage
Display Name: Protected Storage
Description: Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
Path Name: C:\WINDOWS\system32\lsass.exe
Start Mode: Auto
State: Running

Name: RasAuto
Display Name: Remote Access Auto Connection Manager
Description: Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Disabled
State: Stopped

Name: RasMan
Display Name: Remote Access Connection Manager
Description: Creates a network connection.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Running

Name: RDSessMgr
Display Name: Remote Desktop Help Session Manager
Description: Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
Path Name: C:\WINDOWS\system32\sessmgr.exe
Start Mode: Manual
State: Stopped

Name: RemoteAccess
Display Name: Routing and Remote Access
Description: Offers routing services to businesses in local area and wide area network environments.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Disabled
State: Stopped

Name: RemoteRegistry
Display Name: Remote Registry
Description: Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Auto
State: Running

Name: RpcLocator
Display Name: Remote Procedure Call (RPC) Locator
Description: Manages the RPC name service database.
Path Name: C:\WINDOWS\system32\locator.exe
Start Mode: Manual
State: Stopped

Name: RpcSs
Display Name: Remote Procedure Call (RPC)
Description: Provides the endpoint mapper and other miscellaneous RPC services.
Path Name: C:\WINDOWS\system32\svchost -k rpcss
Start Mode: Auto
State: Running

Name: RSVP
Display Name: QoS RSVP
Description: Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
Path Name: C:\WINDOWS\system32\rsvp.exe
Start Mode: Manual
State: Stopped

Name: SamSs
Display Name: Security Accounts Manager
Description: Stores security information for local user accounts.
Path Name: C:\WINDOWS\system32\lsass.exe
Start Mode: Auto
State: Running

Name: SCardSvr
Display Name: Smart Card
Description: Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\SCardSvr.exe
Start Mode: Manual
State: Stopped

Name: Schedule
Display Name: Task Scheduler
Description: Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: seclogon
Display Name: Secondary Logon
Description: Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: SENS
Display Name: System Event Notification
Description: Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: SharedAccess
Display Name: Windows Firewall/Internet Connection Sharing (ICS)
Description: Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: ShellHWDetection
Display Name: Shell Hardware Detection
Description: Provides notifications for AutoPlay hardware events.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: Spooler
Display Name: Print Spooler
Description: Loads files to memory for later printing.
Path Name: C:\WINDOWS\system32\spoolsv.exe
Start Mode: Auto
State: Running

Name: srservice
Display Name: System Restore Service
Description: Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Stopped

Name: SSDPSRV
Display Name: SSDP Discovery Service
Description: Enables discovery of UPnP devices on your home network.
Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Auto
State: Running

Name: stisvc
Display Name: Windows Image Acquisition (WIA)
Description: Provides image acquisition services for scanners and cameras.
Path Name: C:\WINDOWS\system32\svchost.exe -k imgsvc
Start Mode: Auto
State: Running

Name: SwPrv
Display Name: MS Software Shadow Copy Provider
Description: Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\dllhost.exe /Processid:{8DA84759-6C62-4695-9DB6-4789D64FAF43}
Start Mode: Manual
State: Stopped

Name: SysmonLog
Display Name: Performance Logs and Alerts
Description: Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\smlogsvc.exe
Start Mode: Manual
State: Stopped

Name: TapiSrv
Display Name: Telephony
Description: Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual
State: Running

Name: TermService
Display Name: Terminal Services
Description: Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
Path Name: C:\WINDOWS\System32\svchost -k DComLaunch
Start Mode: Manual
State: Running

Name: Themes
Display Name: Themes
Description: Provides user experience theme management.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: TlntSvr
Display Name: Telnet
Description: Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\tlntsvr.exe
Start Mode: Disabled
State: Stopped

Name: TrkWks
Display Name: Distributed Link Tracking Client
Description: Maintains links between NTFS files within a computer or across computers in a network domain.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: upnphost
Display Name: Universal Plug and Play Device Host
Description: Provides support to host Universal Plug and Play devices.
Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Manual
State: Stopped

Name: UPS
Display Name: Uninterruptible Power Supply
Description: Manages an uninterruptible power supply (UPS) connected to the computer.
Path Name: C:\WINDOWS\System32\ups.exe
Start Mode: Manual
State: Stopped

Name: VSS
Display Name: Volume Shadow Copy
Description: Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\vssvc.exe
Start Mode: Manual
State: Stopped

Name: W32Time
Display Name: Windows Time
Description: Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: WebClient
Display Name: WebClient
Description: Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Auto
State: Running

Name: winmgmt
Display Name: Windows Management Instrumentation
Description: Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: WmdmPmSN
Display Name: Portable Media Serial Number Service
Description: Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Stopped

Name: Wmi
Display Name: Windows Management Instrumentation Driver Extensions
Description: Provides systems management information to and from drivers.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped

Name: WmiApSrv
Display Name: WMI Performance Adapter
Description: Provides performance library information from WMI HiPerf providers.
Path Name: C:\WINDOWS\system32\wbem\wmiapsrv.exe
Start Mode: Manual
State: Stopped

Name: WMPNetworkSvc
Display Name: Windows Media Player Network Sharing Service
Description: Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play
Path Name: "C:\Program Files\Windows Media Player\WMPNetwk.exe"
Start Mode: Manual
State: Stopped

Name: wscsvc
Display Name: Security Center
Description: Monitors system security settings and configurations.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: wuauserv
Display Name: Automatic Updates
Description: Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: WudfSvc
Display Name: Windows Driver Foundation - User-mode Driver Framework
Description: Manages user-mode driver host processes
Path Name: C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
Start Mode: Manual
State: Stopped

Name: WZCSVC
Display Name: Wireless Zero Configuration
Description: Provides automatic configuration for the 802.11 adapters
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: xmlprov
Display Name: Network Provisioning Service
Description: Manages XML configuration files on a domain basis for automatic network provisioning.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped

------------------------------------------------------------------------------------

Displaying LOG for Microsoft Windows Malicious Software Removal Tool:

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.23, December 2006
Started On Sun Dec 17 14:15:32 2006

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Dec 17 14:15:43 2006

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.24, January 2007
Started On Tue Jan 16 12:38:28 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Jan 16 12:38:38 2007

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.27, March 2007
Started On Thu Apr 05 01:17:50 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 05 01:18:01 2007

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.29, May 2007
Started On Sat May 26 22:33:34 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Sat May 26 22:34:41 2007

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.29, May 2007
Started On Sat May 26 22:43:49 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Sat May 26 22:44:50 2007

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.34, October 2007
Started On Thu Nov 08 22:59:33 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Nov 08 23:00:30 2007

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.40, April 2008
Started On Tue Apr 29 11:09:30 2008
->Scan ERROR: resource process://pid:1432 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:1432 (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:3504 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:3504 (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:1432 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:1432 (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:1432 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:1432 (code 0x0000054F (1359))

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Apr 29 11:10:35 2008

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.40, April 2008
Started On Tue Apr 29 11:10:36 2008
->Scan ERROR: resource process://pid:1432 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:1432 (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:3504 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:3504 (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:1432 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:1432 (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:1432 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:1432 (code 0x0000054F (1359))

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Apr 29 11:11:35 2008

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.8, March 2009
Started On Fri Mar 27 06:30:46 2009
->Scan ERROR: resource process://pid:1472 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:3460 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:1472 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:1472 (code 0x00000005 (5))

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Mar 27 06:33:02 2009

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.10, May 2009
Started On Fri Jun 05 09:15:52 2009
->Scan ERROR: resource file://C:\Program Files\Photo Pos Lite\Photo Pos Lite.exe (code 0x0000000D (13))

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Jun 05 09:19:19 2009

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.10, May 2009
Started On Fri Jun 05 10:41:53 2009

Extended Scan Results
----------------
->Scan ERROR: resource file://C:\Program Files\Photo Pos Lite\Photo Pos Lite.exe (code 0x0000000D (13))
->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-FastLane.msi)->Data1.cab (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-msxml3.msi)->?_Validation (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-msxml3.msi)->?_Tables (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-msxml3.msi)->?AdminUISequence (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-msxml3.msi)->?Dialog (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-msxml3.msi)->?Directory (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-msxml3.msi)->?EventMapping (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-msxml3.msi)->?InstallUISequence (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-msxml3.msi)->?Media (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-msxml3.msi)->Binary.New (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-msxml3.msi)->?Property (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-msxml3.msi)->?ControlEvent (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-msxml3.msi)->?ModuleSignature (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-msxml3.msi)->?File (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-msxml3.msi)->MSXML3.cab (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-msxml3.msi)->?SelfReg (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-msxml3.msi)->?TextStyle (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-msxml3.msi)->?Component (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-msxml3.msi)->?_StringPool (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-msxml3.msi)->?RadioButton (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-msxml3.msi)->?ControlCondition (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-msxml3.msi)->?InstallExecuteSequence (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-msxml3.msi)->?UIText (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-msxml3.msi)->?Control (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-msxml3.msi)->SummaryInformation (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-SpywareBlocker.msi)->Data1.cab (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Photo Pos Lite\Photo Pos Lite.exe (code 0x0000000D (13))
->Scan ERROR: resource file://C:\Program Files\Updates from HP\9972322\Users\Default\Data\D0000000.FCS (code 0x0000001E (30))
->Scan ERROR: resource file://C:\SAR16\A Disk Files\STORAGE.DL1 (code 0x0000000D (13))
->Scan ERROR: resource file://C:\Program Files\Photo Pos Lite\Photo Pos Lite.exe (code 0x0000000D (13))
->Scan ERROR: resource file://C:\Program Files\Photo Pos Lite\Photo Pos Lite.exe (code 0x0000000D (13))
->Scan ERROR: resource file://C:\Program Files\Photo Pos Lite\Photo Pos Lite.exe (code 0x0000000D (13))
->Scan ERROR: resource file://C:\Program Files\Photo Pos Lite\Photo Pos Lite.exe (code 0x0000000D (13))
No infection found as part of the extended scan

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Jun 05 12:46:55 2009

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.10, May 2009
Started On Sun Jun 21 00:17:32 2009

Extended Scan Results
----------------
Found malware: Virus:Win32/Cutwail.F in file://C:\WINDOWS\system32\drivers\NDIS.sys
->Scan ERROR: resource file://C:\Program Files\Photo Pos Lite\Photo Pos Lite.exe (code 0x0000000D (13))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-FastLane.msi)->Data1.cab (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-msxml3.msi)->?_Validation (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-msxml3.msi)->?_Tables (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-msxml3.msi)->?AdminUISequence (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-msxml3.msi)->?Dialog (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-msxml3.msi)->?Directory (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-msxml3.msi)->?EventMapping (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-msxml3.msi)->?InstallUISequence (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-msxml3.msi)->?Media (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-msxml3.msi)->Binary.New (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-msxml3.msi)->?Property (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-msxml3.msi)->?ControlEvent (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-msxml3.msi)->?ModuleSignature (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-msxml3.msi)->?File (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-msxml3.msi)->MSXML3.cab (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-msxml3.msi)->?SelfReg (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-msxml3.msi)->?TextStyle (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-msxml3.msi)->?Component (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-msxml3.msi)->?_StringPool (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-msxml3.msi)->?RadioButton (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-msxml3.msi)->?ControlCondition (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-msxml3.msi)->?InstallExecuteSequence (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-msxml3.msi)->?UIText (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-msxml3.msi)->?Control (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-msxml3.msi)->SummaryInformation (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe->(nsis-1-SpywareBlocker.msi)->Data1.cab (code 0x0000001E (30))
->Scan ERROR: resource file://C:\Program Files\Photo Pos Lite\Photo Pos Lite.exe (code 0x0000000D (13))
->Scan ERROR: resource file://C:\SAR16\A Disk Files\STORAGE.DL1 (code 0x0000000D (13))
Found malware: Trojan:Win32/Alureon.BP in file://C:\WINDOWS\Temp\wzszxa132.tmp
->Scan ERROR: resource file://C:\Program Files\Photo Pos Lite\Photo Pos Lite.exe (code 0x0000000D (13))
->Scan ERROR: resource file://C:\Program Files\Photo Pos Lite\Photo Pos Lite.exe (code 0x0000000D (13))
->Scan ERROR: resource file://C:\Program Files\Photo Pos Lite\Photo Pos Lite.exe (code 0x0000000D (13))
->Scan ERROR: resource file://C:\Program Files\Photo Pos Lite\Photo Pos Lite.exe (code 0x0000000D (13))

Extended Scan Removal Results
----------------
Start 'remove' for file://\\?\C:\WINDOWS\Temp\wzszxa132.tmp
Operation succeeded !

Start 'clean' for driver://NDIS
Operation succeeded !

Start 'clean' for file://\\?\C:\WINDOWS\system32\drivers\NDIS.sys
Operation failed (code=0x8017), please use a full antivirus product ! !

Start 'remove' for file://\\?\C:\WINDOWS\Temp\wzszxa132.tmp
Operation succeeded !

Results Summary:
----------------
Found Virus:Win32/Cutwail.F, partially removed.
Found Trojan:Win32/Alureon.BP and Removed!

Return code: 7
Microsoft Windows Malicious Software Removal Tool Finished On Sun Jun 21 03:07:10 2009

----------------------------------------------------------------------------
Listing HKCU Explorer\Advanced//Hidden and SuperHidden Registry Keys
if Hidden = 0 then Hidden Files and Folders are not shown
if SuperHidden = 1 is the desired default value.
if ShowSuperHidden = 0 then System Files are not shown
if HideFileExt = 1 then File Extension are not shown
We want their values to be (from top to bottom) 1,1,1,0
----------------------------------------------------------------------------

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\advanced
Hidden   REG_DWORD   1 (0x1)
SuperHidden   REG_DWORD   1 (0x1)
ShowSuperHidden   REG_DWORD   1 (0x1)
HideFileExt   REG_DWORD   0 (0x0)

************************************************************************************

Examining Select Windows Registry Keys
------------------------------------------------------------------------------------

--------------------------------------------------------------------------
Items Found in ZoneMap\Domains:
--------------------------------------------------------------------------

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\zonemap\domains
<NO NAME>   REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\zonemap\domains\msn.com

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\zonemap\domains\trymedia.com

----------------------------------------------------------------------------
Current User ZoneMap ProtocolDefaults
----------------------------------------------------------------------------

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\protocoldefaults
<NO NAME>   REG_SZ
http   REG_DWORD   3 (0x3)
https   REG_DWORD   3 (0x3)
ftp   REG_DWORD   3 (0x3)
file   REG_DWORD   3 (0x3)
@ivt   REG_DWORD   1 (0x1)
shell   REG_DWORD   0 (0x0)

----------------------------------------------------------------------------
Default URL Prefix Keys
----------------------------------------------------------------------------

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url\DefaultPrefix
<NO NAME>   REG_SZ      http://

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url\Prefixes
ftp   REG_SZ      ftp://
gopher   REG_SZ      gopher://
home   REG_SZ      http://
mosaic   REG_SZ      http://
www   REG_SZ      http://

--------------------------------------------------------------------------
Startup Items Disabled via MSCONFIG:
--------------------------------------------------------------------------

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg
key   REG_SZ      SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item   REG_SZ
hkey   REG_SZ      HKLM
command   REG_SZ
inimapping   REG_SZ      0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\state
system.ini   REG_DWORD   0 (0x0)
win.ini   REG_DWORD   0 (0x0)
bootini   REG_DWORD   0 (0x0)
services   REG_DWORD   0 (0x0)
startup   REG_DWORD   0 (0x0)

--------------------------------------------------------------------------
Select AutoRun Registry Keys:
--------------------------------------------------------------------------

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonceex

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
Recguard   REG_SZ      C:\WINDOWS\SMINST\RECGUARD.EXE
PCDrProfiler   REG_SZ
Logitech Utility   REG_SZ      Logi_MwX.Exe
ISUSScheduler   REG_SZ      "c:\program files\common files\installshield\updateservice\issch.exe" -start
ISUSPM Startup   REG_SZ      "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
IAAnotif   REG_SZ      "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
HPDJ Taskbar Utility   REG_SZ      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
HPBootOp   REG_SZ      "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
HP Software Update   REG_SZ      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
HotKeysCmds   REG_SZ      C:\WINDOWS\system32\hkcmd.exe
ftutil2   REG_SZ      "rundll32.exe" ftutil2.dll,SetWriteCacheMode
ehTray   REG_SZ      C:\WINDOWS\ehome\ehtray.exe
DMAScheduler   REG_SZ      "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
NBCUniversal Media Manager Tray   REG_SZ      "C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaTray.exe" /CustomId:NBCUniversal
RTHDCPL   REG_SZ      RTHDCPL.EXE
Adobe Reader Speed Launcher   REG_SZ      "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
QuickTime Task   REG_SZ      "C:\Program Files\QuickTime\qttask.exe" -atboottime
TrojanScanner   REG_SZ      C:\Program Files\Trojan Remover\Trjscan.exe /boot
AVP   REG_SZ      "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Disabled

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce
Trojan Remover   REG_SZ      "C:\Program Files\Trojan Remover\RMVTRJAN.EXE" /restart

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservicesonce

HKEY_USERS\.default\software\microsoft\windows\currentversion\run

HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce

HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run

HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce

Error: Key: s-1-5-19\software\microsoft\windows\currentversion\run does not exist!

HKEY_USERS\s-1-5-20\software\microsoft\windows\currentversion\run

--------------------------------------------------------------------------
WinLogon Notify Registry Key:
--------------------------------------------------------------------------

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain
Asynchronous   REG_DWORD   0 (0x0)
Impersonate   REG_DWORD   0 (0x0)
DllName   REG_EXPAND_SZ   crypt32.dll
Logoff   REG_SZ      ChainWlxLogoffEvent

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet
Asynchronous   REG_DWORD   0 (0x0)
Impersonate   REG_DWORD   0 (0x0)
DllName   REG_EXPAND_SZ   cryptnet.dll
Logoff   REG_SZ      CryptnetWlxLogoffEvent

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll
DLLName   REG_SZ      cscdll.dll
Logon   REG_SZ      WinlogonLogonEvent
Logoff   REG_SZ      WinlogonLogoffEvent
ScreenSaver   REG_SZ      WinlogonScreenSaverEvent
Startup   REG_SZ      WinlogonStartupEvent
Shutdown   REG_SZ      WinlogonShutdownEvent
StartShell   REG_SZ      WinlogonStartShellEvent
Impersonate   REG_DWORD   0 (0x0)
Asynchronous   REG_DWORD   1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui
<NO NAME>   REG_SZ
DLLName   REG_SZ      igfxdev.dll
Asynchronous   REG_DWORD   1 (0x1)
Impersonate   REG_DWORD   1 (0x1)
Unlock   REG_SZ      WinlogonUnlockEvent

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\klogon
<NO NAME>   REG_SZ
Asynchronous   REG_DWORD   0 (0x0)
Impersonate   REG_DWORD   0 (0x0)
DllName   REG_SZ      C:\WINDOWS\system32\klogon.dll
Logon   REG_SZ      WLEventStop
Startup   REG_SZ      WLEventStart
Lock   REG_SZ      WLEventStart
Unlock   REG_SZ      WLEventStop
Logoff   REG_SZ      WLEventStart

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp
DLLName   REG_SZ      wlnotify.dll
Logon   REG_SZ      SCardStartCertProp
Logoff   REG_SZ      SCardStopCertProp
Lock   REG_SZ      SCardSuspendCertProp
Unlock   REG_SZ      SCardResumeCertProp
Enabled   REG_DWORD   1 (0x1)
Impersonate   REG_DWORD   1 (0x1)
Asynchronous   REG_DWORD   1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule
Asynchronous   REG_DWORD   0 (0x0)
DllName   REG_EXPAND_SZ   wlnotify.dll
Impersonate   REG_DWORD   0 (0x0)
StartShell   REG_SZ      SchedStartShell
Logoff   REG_SZ      SchedEventLogOff

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy
Logoff   REG_SZ      WLEventLogoff
Impersonate   REG_DWORD   0 (0x0)
Asynchronous   REG_DWORD   1 (0x1)
DllName   REG_EXPAND_SZ   sclgntfy.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn
DLLName   REG_SZ      WlNotify.dll
Lock   REG_SZ      SensLockEvent
Logon   REG_SZ      SensLogonEvent
Logoff   REG_SZ      SensLogoffEvent
Safe   REG_DWORD   1 (0x1)
MaxWait   REG_DWORD   600 (0x258)
StartScreenSaver   REG_SZ      SensStartScreenSaverEvent
StopScreenSaver   REG_SZ      SensStopScreenSaverEvent
Startup   REG_SZ      SensStartupEvent
Shutdown   REG_SZ      SensShutdownEvent
StartShell   REG_SZ      SensStartShellEvent
PostShell   REG_SZ      SensPostShellEvent
Disconnect   REG_SZ      SensDisconnectEvent
Reconnect   REG_SZ      SensReconnectEvent
Unlock   REG_SZ      SensUnlockEvent
Impersonate   REG_DWORD   1 (0x1)
Asynchronous   REG_DWORD   1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv
Asynchronous   REG_DWORD   0 (0x0)
DllName   REG_EXPAND_SZ   wlnotify.dll
Impersonate   REG_DWORD   0 (0x0)
Logoff   REG_SZ      TSEventLogoff
Logon   REG_SZ      TSEventLogon
PostShell   REG_SZ      TSEventPostShell
Shutdown   REG_SZ      TSEventShutdown
StartShell   REG_SZ      TSEventStartShell
Startup   REG_SZ      TSEventStartup
MaxWait   REG_DWORD   600 (0x258)
Reconnect   REG_SZ      TSEventReconnect
Disconnect   REG_SZ      TSEventDisconnect

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon
DLLName   REG_SZ      wlnotify.dll
Logon   REG_SZ      RegisterTicketExpiredNotificationEvent
Logoff   REG_SZ      UnregisterTicketExpiredNotificationEvent
Impersonate   REG_DWORD   1 (0x1)
Asynchronous   REG_DWORD   1 (0x1)

--------------------------------------------------------------------------
Shared Task Scheduler Registry Items:
--------------------------------------------------------------------------

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
{438755C2-A8BA-11D1-B96B-00A0C90312E1}   REG_SZ      Browseui preloader
{8C7461EF-2B13-11d2-BE35-3078302C2030}   REG_SZ      Component Categories cache daemon

--------------------------------------------------------------------------
Scheduled Tasks:
--------------------------------------------------------------------------

Volume in drive C is HP_PAVILION
Volume Serial Number is 4C8D-5AEC

Directory of C:\WINDOWS\tasks

06/21/2009 11:03 AM <DIR> .
06/21/2009 11:03 AM <DIR> ..
08/10/2004 04:00 AM 65 desktop.ini
06/21/2009 09:34 PM 6 SA.DAT
2 File(s) 71 bytes

Total Files Listed:
2 File(s) 71 bytes
2 Dir(s) 248,733,011,968 bytes free
A HR C:\WINDOWS\tasks\desktop.ini
A H C:\WINDOWS\tasks\SA.DAT

----------------------------------------------------------------------------
ShellExecuteHooks Registry Keys
----------------------------------------------------------------------------

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
{AEB6717E-7E19-11d0-97EE-00C04FD91972}   REG_SZ

----------------------------------------------------------------------------
ShellServiceObjectDelayLoad Registry Keys
----------------------------------------------------------------------------

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
PostBootReminder   REG_SZ      {7849596a-48ea-486e-8937-a2a3009f31a9}
CDBurn   REG_SZ      {fbeb8a05-beee-4442-804e-409d6c4515e9}
WebCheck   REG_SZ      {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
SysTray   REG_SZ      {35CEC8A3-2BE6-11D2-8773-92E220524153}
WPDShServiceObj   REG_SZ      {AAA288BA-9A4C-45B0-95D7-94D524869DB5}

----------------------------------------------------------------------------
ModuleUsage Registry Keys:
----------------------------------------------------------------------------

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/alttiff.ocx
.Owner   REG_SZ      {106E49CF-797A-11D2-81A2-00E02C015623}
{106E49CF-797A-11D2-81A2-00E02C015623}   REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/IEAWSDC.DLL
.Owner   REG_SZ      {02BCC737-B171-4746-94C9-0D8A0B2C0089}
{02BCC737-B171-4746-94C9-0D8A0B2C0089}   REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/MFInstall.ocx
.Owner   REG_SZ      {AFDD01B0-7ABB-11D9-9669-0800200C9A66}
{AFDD01B0-7ABB-11D9-9669-0800200C9A66}   REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/system32/atl.dll
.Owner   REG_SZ      Unknown Owner

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/system32/danim.dll
.Owner   REG_SZ      {DC38CC31-4E3B-11d1-9071-0060081840BC}
DXM60RTM_WEBUSER   REG_SZ      DXM60RTM_WEBUSER
{DC38CC31-4E3B-11d1-9071-0060081840BC}   REG_SZ      {DC38CC31-4E3B-11d1-9071-0060081840BC}

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/system32/ddrawex.dll
.Owner   REG_SZ      {DC38CC31-4E3B-11d1-9071-0060081840BC}
22d6f312-b0f6-11d0-94ab-0080c74c7e95   REG_SZ      22d6f312-b0f6-11d0-94ab-0080c74c7e95
DXM60RTM_WEBUSER   REG_SZ      DXM60RTM_WEBUSER
{DC38CC31-4E3B-11d1-9071-0060081840BC}   REG_SZ      {DC38CC31-4E3B-11d1-9071-0060081840BC}

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/system32/LFCMP13n.dll
.Owner   REG_SZ      Unknown Owner
{75565ED2-1560-4F15-B841-20358DE6A0D1}   REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/system32/LFFAX13n.dll
.Owner   REG_SZ      Unknown Owner
{75565ED2-1560-4F15-B841-20358DE6A0D1}   REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/system32/LFJ2K13n.dll
.Owner   REG_SZ      {75565ED2-1560-4F15-B841-20358DE6A0D1}
{75565ED2-1560-4F15-B841-20358DE6A0D1}   REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/system32/LFTIF13n.dll
.Owner   REG_SZ      Unknown Owner
{75565ED2-1560-4F15-B841-20358DE6A0D1}   REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/system32/LTCLR13n.dll
.Owner   REG_SZ      Unknown Owner
{75565ED2-1560-4F15-B841-20358DE6A0D1}   REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/system32/LTDIS13n.dll
.Owner   REG_SZ      Unknown Owner
{75565ED2-1560-4F15-B841-20358DE6A0D1}   REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/system32/LTEFX13n.dll
.Owner   REG_SZ      Unknown Owner
{75565ED2-1560-4F15-B841-20358DE6A0D1}   REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/system32/LTFIL13n.dll
.Owner   REG_SZ      Unknown Owner
{75565ED2-1560-4F15-B841-20358DE6A0D1}   REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/system32/LTIMG13n.dll
.Owner   REG_SZ      Unknown Owner
{75565ED2-1560-4F15-B841-20358DE6A0D1}   REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/system32/LTKRN13n.dll
.Owner   REG_SZ      Unknown Owner
{75565ED2-1560-4F15-B841-20358DE6A0D1}   REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/system32/MFImgVwr.ocx
.Owner   REG_SZ      {75565ED2-1560-4F15-B841-20358DE6A0D1}
{75565ED2-1560-4F15-B841-20358DE6A0D1}   REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/system32/muweb.dll
.Owner   REG_SZ      {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}   REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/system32/quartz.dll
.Owner   REG_SZ      {DC38CC31-4E3B-11d1-9071-0060081840BC}
DXM60RTM_WEBUSER   REG_SZ      DXM60RTM_WEBUSER
{22d6f312-b0f6-11d0-94ab-0080c74c7e95}   REG_SZ      {22d6f312-b0f6-11d0-94ab-0080c74c7e95}
{4112DF42-0DCB-11d1-8177-00AA00576BAD}   REG_SZ      {4112DF42-0DCB-11d1-8177-00AA00576BAD}
{DC38CC31-4E3B-11d1-9071-0060081840BC}   REG_SZ      {DC38CC31-4E3B-11d1-9071-0060081840BC}

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/system32/wuweb.dll
.Owner   REG_SZ      Unknown Owner
{6414512B-B978-451D-A0D8-FCFDF33E833C}   REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/wupdmgr.exe
.Owner   REG_SZ      Unknown Owner

----------------------------------------------------------------------------
BHO Registry Keys:
----------------------------------------------------------------------------

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
<NO NAME>   REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
NoExplorer   REG_DWORD   1 (0x1)

--------------------------------------------------------------------------
Select Policy Keys:
--------------------------------------------------------------------------

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer
NoDriveTypeAutoRun   REG_DWORD   323 (0x143)
CDRAutoRun   REG_BINARY      00000000
NoDriveAutoRun   REG_DWORD   67108863 (0x3ffffff)
NoDrives   REG_DWORD   0 (0x0)

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system

HKEY_CURRENT_USER\software\policies\microsoft\internet explorer

HKEY_CURRENT_USER\software\policies\microsoft\internet explorer\Control Panel

HKEY_CURRENT_USER\software\policies\microsoft\internet explorer\Infodelivery

HKEY_CURRENT_USER\software\policies\microsoft\internet explorer\Restrictions

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer
NoCDBurning   REG_DWORD   0 (0x0)
NoDriveAutoRun   REG_DWORD   67108863 (0x3ffffff)
NoDriveTypeAutoRun   REG_DWORD   323 (0x143)
NoDrives   REG_DWORD   0 (0x0)

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system
dontdisplaylastusername   REG_DWORD   0 (0x0)
legalnoticecaption   REG_SZ
legalnoticetext   REG_SZ
shutdownwithoutlogon   REG_DWORD   1 (0x1)
undockwithoutlogon   REG_DWORD   1 (0x1)
InstallVisualStyle   REG_EXPAND_SZ   C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
InstallTheme   REG_EXPAND_SZ   C:\WINDOWS\Resources\Themes\Royale.theme

HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer
NoDriveTypeAutoRun   REG_DWORD   323 (0x143)
NoDriveAutoRun   REG_DWORD   67108863 (0x3ffffff)

HKEY_USERS\.default\software\microsoft\windows\currentversion\policies

HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\Explorer

HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\System

HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer
NoDriveTypeAutoRun   REG_DWORD   323 (0x143)
NoDriveAutoRun   REG_DWORD   67108863 (0x3ffffff)

HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\system

************************************************************************************

Checking File System for suspicious Files

--------------------------------------------------------------------------
Items in the Root Directory:
--------------------------------------------------------------------------

Locating all files created in C:\

"C:\"
4EC32~1.79N Nov 28 2006 "4.79 Netscape"
aaw7boot.log Feb 9 2009 4107 "aaw7boot.log"
AHOLDI~1 Nov 28 2006 "aholding file"
AMIPRO Nov 28 2006 "AMIPRO"
asd.log Aug 28 2002 144 "ASD.LOG"
attribs.log Jul 17 2000 0 "ATTRIBS.LOG"
autoexec.001 Oct 2 2003 637 "AUTOEXEC.001"
autoexec.002 Mar 21 2005 657 "AUTOEXEC.002"
autoexec.003 May 11 2005 677 "AUTOEXEC.003"
autoexec.004 Sep 28 2005 696 "AUTOEXEC.004"
autoexec.bat Aug 24 2006 100 "AUTOEXEC.BAT"
autoexec.pif Aug 25 2001 967 "Autoexec.PIF"
BACKGRND Dec 5 2006 "Backgrnd"
BIBLE_CD Nov 28 2006 "BIBLE_CD"
bookma~1.htm Oct 15 2002 75340 "bookmark_s.htm"
boot.bak Nov 28 2006 211 "BOOT.BAK"
boot.ini Jan 2 2007 279 "boot.ini"
bootlog.prv May 25 2006 72126 "BOOTLOG.PRV"
bootlog.txt May 25 2006 69472 "BOOTLOG.TXT"
BORDERS Dec 5 2006 "Borders"
burner.log Dec 14 2000 0 "burner.log"
caavse~1.txt Dec 31 2006 35636 "caavsetupLog.txt"
caisslog.txt Jan 7 2008 89311 "caisslog.txt"
CATHARAE Aug 14 2007 "CATHARAE"
CDROM Nov 28 2006 "cdrom"
cheklist.jsp Aug 6 1996 32768 "CHEKLIST.JSP"
CLIPART Dec 5 2006 "Clipart"
CMDCONS Nov 28 2006 "cmdcons"
cmldr Aug 9 2004 260272 "cmldr"
CMPNENTS Nov 14 2005 "CMPNENTS"
combofix.txt Jun 21 2009 87688 "ComboFix.txt"
comman~1.vir Oct 2 2003 967 "command.PIF.vir"
complinc.dll Aug 6 1996 77312 "COMPLINC.DLL"
CONFIG.MSI Aug 24 2006 "Config.Msi"
config.sys Aug 30 2005 0 "CONFIG.SYS"
CPIC32 Nov 28 2006 "CPIC32"
detlog.old Jan 31 2002 73992 "DETLOG.OLD"
detlog.txt Feb 8 2002 74169 "DETLOG.TXT"
DIRECTCD Nov 28 2006 "DirectCD"
DOCUME~1 Nov 14 2005 "Documents and Settings"
DOSBOOT Nov 28 2006 "dosboot"
DOWNLO~1 Nov 28 2006 "downloads"
dvdpath.txt Mar 12 2007 81 "DVDPATH.TXT"
EASYCD~1 Nov 28 2006 "Easy CD Creator"
flashp~1.exe Oct 7 2000 317635 "flashplayer5installer.exe"
FTP Nov 29 2006 "FTP"
GARDEN~1 Mar 10 2007 "GARDENPhotos"
GENEAL~1 Nov 28 2006 "GENEALOGY"
GENEAL~2 Jul 29 2008 "Genealogy_Work"
hiberfil.sys Jun 21 2009 2137473024 "hiberfil.sys"
HP Nov 14 2005 "hp"
hpfr5550.log Jun 20 2009 1324319 "hpfr5550.log"
hpwebh~1.log Aug 24 2006 51 "hpWebHelper.log"
HSF Nov 28 2006 "HSF"
hyph.dat Aug 6 1996 24072 "HYPH.DAT"
IMOUSE Nov 28 2006 "imouse"
infoshet.jsp Aug 6 1996 17408 "INFOSHET.JSP"
install.dat Nov 10 2007 164 "install.dat"
io.sys Aug 30 2005 0 "IO.SYS"
iph.ph Sep 7 2000 77 "IPH.PH"
ISEEYO~1 Jun 22 2009 "ISeeYouXP"
JEWELR~1 Jun 19 2009 "JEWELRY Photos"
KPCMS Nov 28 2006 "KPCMS"
liprefs.js Oct 7 2005 151 "liprefs.js"
MAGIX Nov 28 2006 "MAGIX"
MICROT~1 Feb 9 2009 "Microtek(2)"
mmjb51~1.exe Sep 30 2000 7737584 "mmjb51149enu.exe"
MOVIES~1 Nov 22 2007 "MOVIES+"
msdos.--- Nov 15 1999 1646 "MSDOS.---"
msdos.sys Aug 30 2005 0 "MSDOS.SYS"
msgenbw.ppd Aug 6 1996 5651 "MSGENBW.PPD"
msgencol.ppd Aug 6 1996 3534 "MSGENCOL.PPD"
msoffice.gid Aug 6 1996 0 "MSOFFICE.GID"
msoffice.hlp Aug 6 1996 24926 "MSOFFICE.HLP"
mspub.exe Aug 6 1996 2507776 "MSPUB.EXE"
mspub.m14 Aug 6 1996 1629190 "MSPUB.M14"
mspubpss.gid Aug 6 1996 0 "MSPUBPSS.GID"
mspubpss.hlp Aug 6 1996 29017 "MSPUBPSS.HLP"
MUSIC Nov 28 2006 "MUSIC"
MYGAME~1 Mar 19 2008 "My Games"
MYMUSI~1 Nov 29 2006 "My Music"
mybackup.qic Mar 19 2003 1528780032 "MyBackup.qic"
MYDOCU~1 Nov 28 2006 "My Documents"
MYDOWN~1 Nov 29 2006 "My Download Files"
MYLABEL Nov 29 2006 "MYLABEL"
MYPHOT~1 Nov 29 2006 "My Photos"
n2pact~1.log Sep 7 2000 0 "N2PActiveX.log"
n2pinst.log Sep 10 2002 11910 "N2pInst.log"
n6setup.exe Sep 7 2000 262144 "N6Setup.exe"
netlog.txt Sep 29 2000 6247 "NETLOG.TXT"
NETSCAPE Nov 29 2006 "NETSCAPE"
ntdetect.com Aug 9 2004 47564 "NTDETECT.COM"
ntldr Aug 9 2004 250032 "ntldr"
nu Aug 12 2004 117760 "NU"
OLDPRO~1 Nov 29 2006 "Old Program Files"
pagefile.sys Jun 21 2009 3205496832 "pagefile.sys"
PAGEWIZ Dec 5 2006 "PageWiz"
PAPERS Dec 5 2006 "Papers"
PCAUDIO Nov 29 2006 "PCAUDIO"
PD Nov 29 2006 "PD"
PDF995 Nov 29 2006 "pdf995"
printer.inf Aug 6 1996 12130 "PRINTER.INF"
PROGRA~1 Nov 14 2005 "Program Files"
PSFONTS Nov 29 2006 "psfonts"
PSPLUS Nov 29 2006 "PSPLUS"
pub1a01.tmp May 18 2009 35840 "pub1A01.tmp"
pub3bf8.tmp May 21 2009 49152 "pub3BF8.tmp"
pubda6.tmp May 13 2009 16384 "pubDA6.tmp"
pubmerge.dll Aug 6 1996 165888 "PUBMERGE.DLL"
PYTHON22 Aug 24 2006 "Python22"
qmspub.gid Aug 6 1996 0 "QMSPUB.GID"
qmspub.hlp Aug 6 1996 85739 "QMSPUB.HLP"
QOOBOX Jun 21 2009 "Qoobox"
QUICKENW Nov 29 2006 "Quickenw"
quickt~1.exe Oct 12 2000 500544 "QuickTimeInstaller.exe"
readme.gid Aug 6 1996 0 "README.GID"
readme.hlp Aug 6 1996 37229 "README.HLP"
RECYCLER Jun 21 2009 "RECYCLER"
resetlog.txt Nov 18 1999 225 "RESETLOG.TXT"
RICHAR~1 Nov 29 2006 "RICHARD'S PHOTOS"
rulerfnt.fon Aug 6 1996 6144 "RULERFNT.FON"
SAR16 Nov 29 2006 "SAR16"
SBPCI Nov 29 2006 "SBPCI"
scandisk.log Nov 28 2006 26708 "SCANDISK.LOG"
SCANWI~1 Jan 3 2007 "scanwizard 5"
SCANWI~1.30 Feb 9 2009 "ScanWizard 5 v6.30"
SCREMOVE Nov 29 2006 "scremove"
SDFIX Jun 21 2009 "SDFix"
setsta~1.xml Oct 30 2005 241 "setstatus.xml"
SETUP Dec 5 2006 "Setup"
setuplog.txt Nov 15 1999 146183 "SETUPLOG.TXT"
setupxlg.txt Jan 31 2002 455 "SETUPXLG.TXT"
STOMP35 Nov 29 2006 "STOMP35"
SYSTEM.SAV Aug 24 2006 "system.sav"
SYSTEM~1 Nov 28 2006 "System Volume Information"
TAXES2~1 Jun 16 2009 "TAXES 2004 scans"
TEMP Aug 24 2006 "temp"
thumbs.db Jan 6 2008 6144 "Thumbs.db"
TLCWIN Nov 29 2006 "TLCWIN"
TOOLS_95 Nov 29 2006 "Tools_95"
UNZIPPED Nov 29 2006 "unzipped"
USERS Mar 19 2008 "users"
VISIONS Nov 29 2006 "Visions"
wdbimp.dll Aug 6 1996 83968 "WDBIMP.DLL"
WINDOWS Nov 14 2005 "WINDOWS"
window~1.bmk Oct 12 2000 63 "WINDOWSWinHlp32.BMK"
WUTEMP Nov 29 2006 "WUTemp"
~state.ini Dec 14 2000 13 "~State.INI"

148 items found: 76 files (19 H/S), 72 directories (8 H/S).
Total of file sizes: 6,888,199,405 bytes 6.41 G

--------------------------------------------------------------------------
Items in the C:\TEMP Directory:
--------------------------------------------------------------------------

Locating all files created in C:\TEMP

"C:\temp\"
EARTHLNK Nov 29 2006 "EARTHLNK"
eth1.jpg Jul 16 2002 317545 "ETH1.jpg"
eth2.jpg Jul 16 2002 145607 "ETH2.jpg"
eth3.jpg Jul 16 2002 128373 "ETH3.jpg"
eth4.jpg Jul 16 2002 413099 "ETH4.jpg"
FONTWIZ Nov 29 2006 "FONTWIZ"
FP Nov 29 2006 "FP"
IMAGE Nov 29 2006 "IMAGE"
IPPLUS Nov 29 2006 "IPPLUS"
KUDOREAD Nov 29 2006 "KUDOREAD"
MSPUB Nov 29 2006 "MSPUB"
quicks~1.htm Jul 16 2002 175 "QuickStartGuide.html"
thumbs.db Jan 6 2008 29184 "Thumbs.db"
WIN Nov 29 2006 "Win"

14 items found: 6 files (1 H/S), 8 directories.
Total of file sizes: 1,033,983 bytes 1,009.75 K

--------------------------------------------------------------------------
Locating all Backup files on C:
--------------------------------------------------------------------------

Locating all *.BAK* files

"C:\"
boot.bak Nov 28 2006 211 "BOOT.BAK"

"C:\WINDOWS\"
active~1.bak Sep 15 2000 9670 "Active Setup Log.BAK"
brndlog.bak Oct 2 2003 233 "brndlog.bak"
imsins.bak Apr 29 2008 1374 "imsins.BAK"
system.bak Sep 5 2000 2045 "SYSTEM.BAK"
win.bak Sep 5 2000 6795 "WIN.BAK"
wininit.bak Nov 8 2006 43 "WININIT.BAK"

"C:\Program Files\EarthLink\"
ccards.bak Oct 21 1998 182 "CCards.bak"
phones.bak Oct 21 1998 35097 "Phones.bak"
products.bak Oct 21 1998 2098 "Products.bak"

"C:\WINDOWS\CREATOR\"
rcdcini.bak Nov 24 2004 2804 "RCDCINI.bak"

"C:\WINDOWS\inf\"
mplayer2.bak Dec 13 2001 22481 "mplayer2.bak"

"C:\WINDOWS\repair\"
system.bak Aug 24 2006 4964352 "system.bak"

"C:\WINDOWS\system32\"
winaspi.bak Apr 23 1999 3536 "winaspi.BAK"
wnaspi32.bak Apr 23 1999 36864 "wnaspi32.BAK"

"C:\Documents and Settings\All Users\DRM\"
drmv1.bak Mar 5 2007 4348 "DRMv1.bak"

"C:\Program Files\Real\RealPlayer\"
dataca~1.bak Mar 12 2003 178865 "DataCache.dcp.bak"

"C:\Program Files\Updates from HP\9972322\"
clasid.bak Aug 24 2006 1282 "clasid.bak"

"C:\temp\EARTHLNK\NETSCAPE\"
netscape.bak Feb 19 1996 3240 "NETSCAPE.BAK"

"C:\temp\EARTHLNK\REGISTER\"
register.bak Feb 14 1996 221 "REGISTER.BAK"

"C:\temp\MSPUB\CLIPART\"
diamond.bak Jun 25 1998 8364 "DIAMOND.BAK"

"C:\WINDOWS\All Users\DRM\"
drmv1.bak Mar 7 2001 4348 "DRMv1.bak"
drmv10.bak Mar 7 2001 401 "DRMv10.bak"
drmv11.bak Mar 7 2001 401 "DRMv11.bak"
drmv12.bak Mar 7 2001 1925 "DRMv12.bak"
drmv13.bak Mar 7 2001 782 "DRMv13.bak"
drmv14.bak Mar 7 2001 1163 "DRMv14.bak"
drmv15.bak Mar 7 2001 782 "DRMv15.bak"
drmv16.bak Mar 7 2001 782 "DRMv16.bak"
drmv17.bak Mar 7 2001 401 "DRMv17.bak"
drmv19.bak Mar 7 2001 782 "DRMv19.bak"

"C:\WINDOWS\Debug\UserMode\"
userenv.bak Jun 21 2009 307248 "userenv.bak"

"C:\WINDOWS\system32\config\"
default.bak Jun 21 2009 524288 "default.bak"
sam.bak Jun 21 2009 24576 "SAM.bak"
security.bak Jun 21 2009 53248 "SECURITY.bak"
software.bak Jun 21 2009 34603008 "software.bak"
system.bak Jun 21 2009 11272192 "system.bak"

"C:\WINDOWS\system32\NtmsData\"
ntmsdata.bak Jun 30 2008 139264 "NTMSDATA.BAK"

"C:\Program Files\Adobe\Acrobat 6.0\Reader\"
acrord32.bak Nov 3 2003 7671876 "AcroRd32.bak"
acrord~1.bak Dec 2 2004 7667779 "AcroRd32.exe.603.bak"
acrord~2.bak Jul 25 2005 7667779 "AcroRd32.exe.604.bak"
acrord~3.bak May 18 2004 7667779 "AcroRd32602.bak"

"C:\Program Files\Netscape\Users\goodscents\"
bookma~1.bak Jun 12 2009 83066 "bookmarks.html.sbsd.bak"

"C:\Program Files\Netscape\Users50\default\"
abookm~1.bak Mar 28 2004 98304 "abook.mab.bak"
bookma~1.bak Jun 17 2009 173880 "bookmarks.html.sbsd.bak"
prefs.bak Jun 21 2009 12927 "prefs.bak"

"C:\Program Files\SBC Yahoo!\Connection Manager\IP Insight\"
iplog.bak Apr 26 2005 524308 "IPLOG.BAK"

"C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\"
brndlog.bak Aug 30 2005 439 "brndlog.bak"

"C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\"
brndlog.bak Aug 30 2005 439 "brndlog.bak"

"C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\"
brndlog.bak Aug 30 2005 10912 "brndlog.bak"

"C:\Documents and Settings\HP_Administrator\My Documents\My Music\License Backup\"
drmv1key.bak Mar 5 2007 4348 "drmv1key.bak"
drmv2key.bak Mar 5 2007 11115 "drmv2key.bak"
drmv2lic.bak Mar 6 2007 7168 "drmv2lic.bak"

"C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\"
gbdete~1.bak Nov 3 2003 86016 "GbDetect602.bak"
pdf.bak Nov 3 2003 416040 "pdf.bak"

"C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\"
access~1.bak Nov 3 2003 225891 "Accessibility.bak"
acroform.bak Nov 3 2003 1561187 "Acroform.bak"
acrofo~1.bak May 18 2004 1581667 "AcroForm.api.604.bak"
digsig~1.bak Nov 3 2003 742061 "Digsig.api.604.bak"
ebook.bak Nov 3 2003 1352291 "eBook.bak"
ebook602.bak May 18 2004 1352291 "eBook602.bak"
escript.bak Nov 3 2003 950959 "Escript.bak"
ppklit~1.bak Nov 3 2003 1979055 "ppklite.api.604.bak"
weblin~1.bak Nov 3 2003 148143 "WebLink.api.604.bak"
xfa.bak Nov 3 2003 1376935 "XFA.bak"
xfaapi~1.bak May 22 2004 1614502 "XFA.api.603.bak"
xfaapi~2.bak Jul 25 2005 1614503 "XFA.api.604.bak"

"C:\Program Files\McAfee.com\Agent\Data\Cache\"
mcsubdb.bak May 18 2005 477 "McSubDB.Bak"

"C:\WINDOWS\pchealth\helpctr\Config\Cache\"
profes~1.bak Jun 22 2009 713102 "Professional_32_1033.dat.bak"

"C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\Recording\"
record~1.bak Jun 21 2009 520 "Recordings.xml.bak"

"C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\Annotations\"
annots.bak Nov 3 2003 1770157 "Annots.bak"

"C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\ImageViewer\"
imagev~1.bak Oct 7 2003 406179 "ImageViewer602.bak"
svgcor~1.bak Sep 18 2003 2183233 "SVGCore602.bak"

"C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\Multimedia\"
multim~1.bak May 15 2003 1237684 "Multimedia602.bak"

"C:\Python22\Lib\site-packages\win32\Demos\service\"
pipete~1.bak Mar 12 2003 5381 "pipeTestService.py.bak"
pipete~2.bak Sep 2 1999 3649 "pipeTestServiceClient.py.bak"

"C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\"
raspho~1.bak Jun 21 2009 2 "rasphone.pbk.bak"

"C:\Documents and Settings\HP_Administrator\Application Data\Netscape\NSB\Profiles\97xnf8ft.default\"
bookma~1.bak Jun 17 2009 2900 "bookmarks.bak"

"C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\HP\Digital Imaging\db\"
admini~1.bak Feb 20 2009 786 "administrativeInfo.bak"
albumi~1.bak Dec 17 2006 424 "albumImagesTable.bak"
albumt~1.bak Dec 17 2006 584 "albumTable.bak"
exifta~1.bak Feb 20 2009 18525 "EXIFTable.bak"
imaget~1.bak Feb 20 2009 20673 "imageTable.bak"
keywor~1.bak Dec 17 2006 1509 "keywordTable.bak"
keywor~2.bak Dec 17 2006 360 "keywordImagesTable.bak"
manage~1.bak Feb 20 2009 441 "managedFolderTable.bak"
pathna~1.bak Feb 20 2009 5221 "pathnameTable.bak"
proper~1.bak Dec 17 2006 456 "propertiesTable.bak"
rofima~1.bak Dec 17 2006 360 "ROFImagesTable.bak"
roftable.bak Dec 17 2006 392 "ROFTable.bak"

"C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\HP\Digital Imaging\db2\"
admini~1.bak Mar 25 2009 986 "administrativeInfo.bak"
albumi~1.bak Mar 25 2009 425 "albumImagesTable.bak"
albump~1.bak Mar 25 2009 360 "AlbumProjectTable.bak"
albumt~1.bak Mar 25 2009 841 "albumTable.bak"
contac~1.bak Mar 25 2009 553 "contactsTable.bak"
exifta~1.bak Mar 25 2009 489 "EXIFTable.bak"
groupf~1.bak Mar 25 2009 361 "groupFriendsTable.bak"
groupt~1.bak Mar 25 2009 425 "groupTable.bak"
imaget~1.bak Mar 25 2009 1065 "imageTable.bak"
inboun~1.bak Mar 25 2009 905 "InboundAlbumTable.bak"
keywor~1.bak Mar 25 2009 361 "keywordImagesTable.bak"
keywor~2.bak Mar 25 2009 458 "keywordattributeTable.bak"
manage~1.bak Mar 25 2009 361 "managedFolderTable.bak"
outbou~1.bak Mar 25 2009 585 "OutboundAlbumTable.bak"
outbou~2.bak Mar 25 2009 393 "outboundAlbumContactsTable.bak"
pathna~1.bak Mar 25 2009 457 "pathnameTable.bak"
projec~1.bak Mar 25 2009 616 "ProjectsTable.bak"
proper~1.bak Mar 25 2009 457 "propertiesTable.bak"
recent~1.bak Mar 25 2009 457 "recentActivitiesTable.bak"
rofima~1.bak Mar 25 2009 361 "ROFImagesTable.bak"
roftable.bak Mar 25 2009 393 "ROFTable.bak"

"C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\Multimedia\MPP\"
flash602.bak May 15 2003 77917 "Flash602.bak"
flashm~1.bak Dec 8 2004 82014 "flash.mpp.bak"
quickt~1.bak May 15 2003 204901 "QuickTime602.bak"

"C:\Program Files\Updates from HP\9972322\Users\Default\Data\3458\"
userprof.bak Jan 21 2009 1585 "UserProf.bak"

"C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\"
brndlog.bak Aug 30 2005 439 "brndlog.bak"

116 items found: 116 files (12 H/S), 0 directories.
Total of file sizes: 105,574,536 bytes 100.68 M

--------------------------------------------------------------------------
Locating all copies of Internet Explorer on C:
--------------------------------------------------------------------------

Locating all copies of Internet Explorer

"C:\Program Files\Internet Explorer\"
iexplore.exe Feb 29 2008 625664 "iexplore.exe"

"C:\WINDOWS\ie7\"
iexplore.exe Aug 9 2004 93184 "iexplore.exe"

"C:\WINDOWS\ie7updates\KB944533-IE7\"
iexplore.exe Aug 13 2007 622080 "iexplore.exe"

"C:\WINDOWS\ie7updates\KB947864-IE7\"
iexplore.exe Dec 6 2007 625664 "iexplore.exe"

"C:\WINDOWS\system32\dllcache\"
iexplore.exe Feb 29 2008 625664 "iexplore.exe"

"C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\"
iexplore.exe Dec 6 2007 625664 "iexplore.exe"

"C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\"
iexplore.exe Feb 22 2008 625664 "iexplore.exe"

7 items found: 7 files, 0 directories.
Total of file sizes: 3,843,584 bytes 3.66 M

--------------------------------------------------------------------------
Locating all copies of beep.sy_ on C:
--------------------------------------------------------------------------

Locating all copies of Internet Explorer

"C:\WINDOWS\I386\"
beep.sy_ Aug 9 2004 2123 "BEEP.SY_"

1 item found: 1 file, 0 directories.
Total of file sizes: 2,123 bytes 2.07 K

--------------------------------------------------------------------------
Locating all copies of beep.sys on C:
--------------------------------------------------------------------------

Locating all copies of Internet Explorer

"C:\WINDOWS\system32\dllcache\"
beep.sys Aug 9 2004 4224 "beep.sys"

"C:\WINDOWS\system32\drivers\"
beep.sys Aug 9 2004 4224 "beep.sys"

"C:\SDFix\apps\Replace\w2k\"
beep.sys Aug 7 2008 4080 "beep.sys"

"C:\SDFix\apps\Replace\xp\"
beep.sys Aug 7 2008 4224 "beep.sys"

4 items found: 4 files, 0 directories.
Total of file sizes: 16,752 bytes 16.36 K

--------------------------------------------------------------------------
Locating all copies of Windows Explorer on C:
--------------------------------------------------------------------------

Locating all copies of Windows Explorer

"C:\WINDOWS\"
explorer.exe Jun 13 2007 1033216 "explorer.exe"

"C:\WINDOWS\$NtUninstallKB938828$\"
explorer.exe Aug 9 2004 1032192 "explorer.exe"

"C:\hp\support\Support Center\"
explorer.exe Aug 12 1999 3805809 "explorer.exe"

"C:\WINDOWS\system32\dllcache\"
explorer.exe Jun 13 2007 1033216 "explorer.exe"

"C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\"
explorer.exe Jun 13 2007 1033216 "explorer.exe"

5 items found: 5 files, 0 directories.
Total of file sizes: 7,937,649 bytes 7.57 M

--------------------------------------------------------------------------
Items in Document and Settings:
--------------------------------------------------------------------------

Listing contents of C:\Documents and Settings

"C:\Documents and Settings\"
ADMINI~1 Nov 14 2005 "Administrator"
ALLUSE~1 Nov 14 2005 "All Users"
alluse~1.log Jan 3 2008 4096 "All Users.LOG"
DEFAUL~1 Nov 14 2005 "Default User"
defaul~1.log Jan 3 2008 4096 "Default User.LOG"
HP_ADM~1 Nov 28 2006 "HP_Administrator"
LOCALS~1 Aug 24 2006 "LocalService"
NETWOR~1 Aug 24 2006 "NetworkService"

8 items found: 2 files (2 H/S), 6 directories (3 H/S).
Total of file sizes: 8,192 bytes 8.00 K

--------------------------------------------------------------------------
Desktop Items:
--------------------------------------------------------------------------

Locating all files created in C:\Documents and Settings\HP_Administrator\Desktop within the last 90 days.

"C:\Documents and Settings\HP_Administrator\Desktop\"
a2free~1.exe Jun 21 2009 49811272 "a2FreeSetup.exe"
a2hija~1.exe Jun 22 2009 1760112 "a2HiJackFreeSetup.exe"
atf-cl~1.exe Jun 22 2009 50688 "ATF-Cleaner.exe"
explor~1.exe Jun 22 2009 420137 "explorerxpsetup.exe"
explor~1.lnk Jun 22 2009 1591 "ExplorerXP.lnk"
iseeyo~1.exe Jun 22 2009 1106604 "ISeeYouXP.exe"
iseeyo~1.lnk Jun 22 2009 545 "ISeeYouXP.lnk"
killbo~1.exe Jun 22 2009 93696 "KillBox-Beta.exe"
photop~1.lnk Apr 2 2009 1661 "Photo Pos Lite.lnk"
rmvirut.exe Jun 21 2009 2734080 "rmvirut.exe"
rmvirut.nt Jun 21 2009 495104 "rmvirut.nt"
screen~1.lnk Jun 17 2009 721 "Screenshot Captor.lnk"
sdfix.exe Jun 21 2009 1529241 "SDFix.exe"
sh9cb6~1.lnk Jun 21 2009 286 "Shortcut to ComboFix.exe.lnk"

14 items found: 14 files, 0 directories.
Total of file sizes: 58,005,738 bytes 55.32 M

Locating all files created in C:\Documents and Settings\All Users\Desktop\ within the last 90 days.

"C:\Documents and Settings\All Users\Desktop\"
5550pr~1.lnk Jun 6 2009 1168 "5550 printer assistant.lnk"
a-squa~1.lnk Jun 21 2009 659 "a-squared Free.lnk"
a-squa~2.lnk Jun 22 2009 721 "a-squared HiJackFree.lnk"
adobep~2.lnk Apr 1 2009 1796 "Adobe PhotoDeluxe Home Edition 4.0.lnk"
malwar~1.lnk Jun 13 2009 707 "Malwarebytes' Anti-Malware.lnk"
trojan~1.lnk Jun 20 2009 795 "Trojan Remover.lnk"

6 items found: 6 files, 0 directories.
Total of file sizes: 5,846 bytes 5.71 K

--------------------------------------------------------------------------
Start Menu Items:
--------------------------------------------------------------------------

Locating all files created inC:\Documents and Settings\HP_Administrator\Start Menu within the last 90 days.

No matches found.

Locating all files created in C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup within the last 90 days.

No matches found.

Locating all files created in C:\Documents and Settings\All Users\Start Menu within the last 90 days.

"C:\Documents and Settings\All Users\Start Menu\"
hpsolu~1.lnk Mar 25 2009 995 "HP Solution Center.lnk"
setpro~1.lnk Jun 12 2009 1618 "Set Program Access and Defaults.lnk"
window~2.lnk Jun 12 2009 1518 "Windows Update.lnk"

3 items found: 3 files, 0 directories.
Total of file sizes: 4,131 bytes 4.03 K

Locating all files created in C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ within the last 90 days.

No matches found.

--------------------------------------------------------------------------
Application Data Items:
--------------------------------------------------------------------------

Locating all files created in C:\Documents and Settings\HP_Administrator\Application Data\ within the last 90 days.

"C:\Documents and Settings\HP_Administrator\Application Data\"
DONATI~1 Jun 17 2009 "DonationCoder"
HPAPPD~1 Mar 25 2009 "HPAppData"
MALWAR~1 Jun 13 2009 "Malwarebytes"
SIMPLY~1 Jun 5 2009 "Simply Super Software"

4 items found: 0 files, 4 directories.

Locating all files created in C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\ within the last 90 days.

"C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\"
dcbc2a~1.ini Jun 21 2009 5632 "DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini"
donati~1.dat Jun 17 2009 58 "DonationCoder_ScreenshotCaptor_InstallInfo.dat"
iconca~1.db Apr 1 2009 9203066 "IconCache.db"

3 items found: 3 files (1 H/S), 0 directories.
Total of file sizes: 9,208,756 bytes 8.78 M

Locating all files created in C:\Documents and Settings\All Users\Application Data\ within the last 90 days.

"C:\Documents and Settings\All Users\Application Data\"
DONATI~1 Jun 17 2009 "DonationCoder"
HP Mar 25 2009 "HP"
HPPROD~1 Mar 25 2009 "HP Product Assistant"
hpzins~1.log Mar 25 2009 1026 "hpzinstall.log"
KASPER~1 Jun 21 2009 "Kaspersky Lab Setup Files"
KASPER~2 Jun 21 2009 "Kaspersky Lab"
MALWAR~1 Jun 13 2009 "Malwarebytes"
SIMPLY~1 Jun 5 2009 "Simply Super Software"
TEMP Jun 5 2009 "TEMP"

9 items found: 1 file, 8 directories.
Total of file sizes: 1,026 bytes 1.00 K

--------------------------------------------------------------------------
C:\Documents and Settings\HP_Administrator\Local Settings\TEMP:
--------------------------------------------------------------------------

Locating all files created in C:\Documents and Settings\HP_Administrator\Local Settings\TEMP within the last 90 days.

--------------------------------------------------------------------------
Items in Templates Folder:
--------------------------------------------------------------------------

Locating all files created in C:\Documents and Settings\HP_Administrator\Templates

"C:\Documents and Settings\HP_Administrator\Templates\"
amipro.sam Aug 9 2004 4570 "amipro.sam"
default.tlx Jun 25 1999 108544 "Default.tlx"
excel.xls Aug 9 2004 5632 "excel.xls"
excel4.xls Aug 9 2004 1518 "excel4.xls"
excel9.xls Mar 10 1999 11776 "EXCEL9.XLS"
lotus.wk4 Aug 9 2004 2448 "lotus.wk4"
mspub.pub Aug 6 1996 6144 "MSPUB.PUB"
powerpnt.ppt Aug 9 2004 12288 "powerpnt.ppt"
presenta.shw Aug 9 2004 461 "presenta.shw"
pwrpnt9.pot Mar 10 1999 10240 "PWRPNT9.POT"
quattro.wb2 Aug 9 2004 4017 "quattro.wb2"
sndrec.wav Aug 9 2004 58 "sndrec.wav"
winword.doc Aug 9 2004 4608 "winword.doc"
winword2.doc Aug 9 2004 1769 "winword2.doc"
winword8.doc Aug 1 1997 10752 "WINWORD8.DOC"
wordpfct.wpd Aug 10 2004 30 "wordpfct.wpd"
wordpfct.wpg Aug 10 2004 57 "wordpfct.wpg"

17 items found: 17 files, 0 directories.
Total of file sizes: 184,912 bytes 180.58 K

--------------------------------------------------------------------------
Items in Program Files:
--------------------------------------------------------------------------

Locating all files created in C:\Program Files\ within the last 90 days.

"C:\Program Files\"
A-SQUA~1 Jun 21 2009 "a-squared Free"
A-SQUA~2 Jun 22 2009 "a-squared HiJackFree"
AUTORUNS Jun 13 2009 "AutoRuns"
AVS4YOU Jun 2 2009 "AVS4YOU"
EXPLOR~1 Jun 22 2009 "ExplorerXP"
FILESC~1 Mar 30 2009 "File Scanner Library (Spybot - Search & Destroy)"
GOOGLE Jun 13 2009 "Google"
KASPER~1 Jun 21 2009 "Kaspersky Lab"
MALWAR~1 Jun 13 2009 "Malwarebytes' Anti-Malware"
MISC~1.SUP Mar 30 2009 "Misc. Support Library (Spybot - Search & Destroy)"
PHOTOP~1 Apr 2 2009 "Photo Pos Lite"
PHOTOS~1 Apr 1 2009 "PhotoScape"
SCREEN~1 Jun 17 2009 "ScreenshotCaptor"
SDHELP~1 Mar 30 2009 "SDHelper (Spybot - Search & Destroy)"
TEATIM~1 Mar 30 2009 "TeaTimer (Spybot - Search & Destroy)"
TROJAN~1 Jun 20 2009 "Trojan Remover"
UNIBLUE Apr 1 2009 "Uniblue"

17 items found: 0 files, 17 directories.

Locating all files created in C:\Program Files\Common Files\ within the last 90 days.

"C:\Program Files\Common Files\"
AVSMEDIA Jun 2 2009 "AVSMedia"
HEWLET~1 Mar 25 2009 "Hewlett-Packard"
THRAEX~1 Apr 2 2009 "Thraex Software"

3 items found: 0 files, 3 directories.

Locating all files created in C:\Program Files\Common Files\Microsoft Shared\Web Folders within the last 90 days.

No matches found.

--------------------------------------------------------------------------
Items in the Windows Directory:
--------------------------------------------------------------------------

Locating all files created in C:\WINDOWS\ within the last 90 days.

"C:\WINDOWS\"
0.log Jun 21 2009 0 "0.log"
bootstat.dat Jun 21 2009 2048 "bootstat.dat"
dump5b20.tmp Jun 13 2009 90112 "DUMP5b20.tmp"
dump5beb.tmp Jun 12 2009 90112 "DUMP5beb.tmp"
dump5d71.tmp Jun 12 2009 90112 "DUMP5d71.tmp"
dump5d81.tmp Jun 19 2009 90112 "DUMP5d81.tmp"
dump5ff2.tmp Jun 21 2009 90112 "DUMP5ff2.tmp"
dump606f.tmp Jun 19 2009 90112 "DUMP606f.tmp"
dump6282.tmp Jun 19 2009 90112 "DUMP6282.tmp"
dump63f9.tmp Jun 10 2009 90112 "DUMP63f9.tmp"
dump64b5.tmp Jun 13 2009 90112 "DUMP64b5.tmp"
dump6707.tmp Jun 19 2009 90112 "DUMP6707.tmp"
dumpe35b.tmp Jun 19 2009 90112 "DUMPe35b.tmp"
ERDNT Jun 21 2009 "ERDNT"
ERUNT Jun 19 2009 "ERUNT"
hpgins32.dat Mar 25 2009 149090 "hpgins32.dat"
hpinfo.lnk Jun 6 2009 811 "hpinfo.lnk"
label.ini May 17 2009 635 "label.ini"
ld09ex~1.vir Jun 11 2009 18944 "ld09.exe.vir"
mplayer.ini Jun 17 2009 82 "MPLAYER.INI"
nircmd.exe Apr 20 2009 31232 "NIRCMD.exe"
ntbtlog.txt Jun 21 2009 3027870 "ntbtlog.txt"
pev.exe Jun 8 2009 155136 "PEV.exe"
photop~1.exe Apr 2 2009 138237 "Photo Pos Lite Uninstaller.exe"
quicken.ini Apr 25 2009 586 "QUICKEN.INI"
schedlgu.txt Jun 21 2009 32644 "SchedLgU.Txt"
setupact.log Jun 21 2009 433928 "setupact.log"
setupapi.log Jun 21 2009 237196 "setupapi.log"
system.ini Jun 21 2009 227 "system.ini"
TEMP Jun 21 2009 "temp"
twui215.ini Jun 19 2009 54 "TWUI215.INI"
wiadebug.log Jun 21 2009 159 "wiadebug.log"
wiaservc.log Jun 21 2009 49 "wiaservc.log"
win.ini Jun 17 2009 837 "win.ini"
winamp.ini Jun 10 2009 1065 "winamp.ini"
window~1.log Jun 21 2009 1701419 "WindowsUpdate.log"
wininit.ini Jun 5 2009 167 "WININIT.INI"
wmsetup.log Jun 3 2009 84886 "wmsetup.log"
wmsetu~1.log Jun 3 2009 10212 "wmsetup10.log"

39 items found: 36 files (1 H/S), 3 directories.
Total of file sizes: 7,018,746 bytes 6.69 M

--------------------------------------------------------------------------
C:\WINDOWS\Downloaded Program Files:
--------------------------------------------------------------------------

Locating all files created in C:\WINDOWS\Downloaded Program Files\ within the last 90 days.

No matches found.

--------------------------------------------------------------------------
C:\WINDOWS\PCHealth\HelpCtr\Binaries:
--------------------------------------------------------------------------

Locating all files in C:\WINDOWS\PCHealth\HelpCtr\Binaries

"C:\WINDOWS\pchealth\helpctr\binaries\"
brpinfo.dll Aug 9 2004 21504 "brpinfo.dll"
hcappres.dll Aug 9 2004 6656 "HCAppRes.dll"
helpctr.exe Aug 9 2004 768512 "HelpCtr.exe"
helphost.exe Aug 9 2004 99840 "HelpHost.exe"
helpsvc.exe Aug 9 2004 743936 "HelpSvc.exe"
helpsv~1.exe Aug 9 2004 743936 "HelpSvc(2).exe"
hscmui.cab Aug 9 2004 68327 "hscmui.cab"
hscsp_w3.cab Aug 9 2004 305145 "hscsp_w3.cab"
hscupd.exe Aug 9 2004 18944 "HscUpd.exe"
msconfig.exe Sep 27 2005 169984 "msconfig.exe"
msinfo.dll Aug 9 2004 376320 "msinfo.dll"
notiflag.exe Aug 9 2004 35328 "notiflag.exe"
pchdt_w3.cab Aug 9 2004 2737914 "pchdt_w3.cab"
pchshell.dll Aug 9 2004 102400 "pchshell.dll"
pchsvc.dll Aug 9 2004 38912 "pchsvc.dll"

15 items found: 15 files, 0 directories.
Total of file sizes: 6,237,658 bytes 5.95 M

--------------------------------------------------------------------------
C:\WINDOWS\system:
--------------------------------------------------------------------------

Locating all files created in C:\WINDOWS\system within the last 90 days.

"C:\WINDOWS\system\"
hpsysdrv.dat Jun 21 2009 186 "hpsysdrv.DAT"

1 item found: 1 file, 0 directories.
Total of file sizes: 186 bytes 0.18 K

--------------------------------------------------------------------------
C:\WINDOWS\system32:
--------------------------------------------------------------------------

Locating all files created in C:\WINDOWS\system32 within the last 90 days.

"C:\WINDOWS\system32\"
adcgai~1.bmp Jun 19 2009 76614 "AdcgainBefort.bmp"
adcgai~2.bmp Jun 19 2009 76614 "AdcgainDone.bmp"
adobefnt.lst Apr 11 2009 172857 "AdobeFnt.lst"
autoler.bmp Jun 19 2009 44278 "Autoler.bmp"
bshadi~1.bmp Jun 19 2009 153174 "BShadingxx.bmp"
ca.tmp Jun 20 2009 84 "CA.tmp"
cb.tmp Jun 20 2009 1 "CB.tmp"
donati~1.dat Jun 17 2009 58 "DonationCoder_ScreenshotCaptor_InstallInfo.dat"
mrt.exe May 7 2009 24699336 "MRT.exe"
recv.log Mar 25 2009 8301 "RECV.log"
sent.log Mar 25 2009 2348 "SENT.log"
tapi16.exe Jun 21 2009 24576 "TAPI16.EXE"
tapisrv.exe Jun 21 2009 126976 "TAPISRV.EXE"
test.log Apr 1 2009 48225 "TEST.log"
wpa.dbl Jun 3 2009 1158 "wpa.dbl"
wshadi~1.bmp Jun 19 2009 183798 "Wshadingxx.bmp"
zllictbl.dat Jun 10 2009 4212 "zllictbl.dat"

17 items found: 17 files (1 H/S), 0 directories.
Total of file sizes: 25,622,610 bytes 24.43 M

--------------------------------------------------------------------------
C:\WINDOWS\system32\com:
--------------------------------------------------------------------------

Locating all files created in C:\WINDOWS\system32\com within the last 90 days.

No matches found.

--------------------------------------------------------------------------
C:\WINDOWS\system32\components:
--------------------------------------------------------------------------
Locating all files created in C:\WINDOWS\system32\components within the last 90 days.

No matches found.

--------------------------------------------------------------------------
C:\WINDOWS\system32\drivers:
--------------------------------------------------------------------------

Locating all files created in C:\WINDOWS\system32\drivers within the last 90 days.

"C:\WINDOWS\system32\drivers\"
ethfklug.sys Jun 21 2009 136256 "ethfklug.sys"
fidbox.dat Jun 21 2009 4204064 "fidbox.dat"
fidbox.idx Jun 21 2009 33924 "fidbox.idx"
fidbox2.dat Jun 22 2009 606240 "fidbox2.dat"
fidbox2.idx Jun 22 2009 3152 "fidbox2.idx"
klbg.sys Jun 21 2009 33808 "klbg.sys"
klick.dat Jun 21 2009 94643 "klick.dat"
klif.sys Jun 21 2009 226832 "klif.sys"
klin.dat Jun 21 2009 105395 "klin.dat"
mbam.sys May 26 2009 19096 "mbam.sys"
mbamsw~1.sys May 26 2009 40160 "mbamswissarmy.sys"
ndis.sys Jun 10 2009 182912 "ndis.sys"

12 items found: 12 files (4 H/S), 0 directories.
Total of file sizes: 5,686,482 bytes 5.42 M

--------------------------------------------------------------------------
C:\WINDOWS\system32\drivers\etc:
--------------------------------------------------------------------------

Locating all files created in C:\WINDOWS\system32\drivers\etc within the last 90 days.

"C:\WINDOWS\system32\drivers\etc\"
hosts Jun 21 2009 686 "HOSTS"

1 item found: 1 file, 0 directories.
Total of file sizes: 686 bytes 0.67 K

--------------------------------------------------------------------------
C:\WINDOWS\TEMP:
--------------------------------------------------------------------------

Locating all files created in C:\WINDOWS\TEMP within the last 90 days.

No matches found.

************************************************************************************

Checking for .COM files to Delete. They will only print if deleted!

Locating .COM files in the C:\WINDOWS\System32 folder

"C:\WINDOWS\system32\"
chcp.com Aug 9 2004 7680 "chcp.com"
command.com Aug 9 2004 50620 "command.com"
diskcomp.com Aug 9 2004 9216 "diskcomp.com"
diskcopy.com Aug 9 2004 7168 "diskcopy.com"
edit.com Aug 9 2004 69886 "edit.com"
format.com Aug 9 2004 25600 "format.com"
graftabl.com Aug 9 2004 26112 "graftabl.com"
graphics.com Aug 9 2004 19694 "graphics.com"
kb16.com Aug 9 2004 14710 "kb16.com"
loadfix.com Aug 9 2004 1131 "loadfix.com"
locate.com Jan 14 2005 11254 "locate.com"
mode.com Aug 9 2004 19456 "mode.com"
more.com Aug 9 2004 15872 "more.com"
tree.com Aug 9 2004 11264 "tree.com"
win.com Aug 9 2004 18432 "win.com"

15 items found: 15 files, 0 directories.
Total of file sizes: 308,095 bytes 300.87 K

************************************************************************************

Miscellaneous Malware Detections:
------------------------------------------------------------------------------------

**** Delfin Media {31EE3286-D785-4E3F-95FC-51D00FDABC01} NOT FOUND by this tool! ****

**** SmitFraud {0BC9BC01-54D4-4CCE-2B7D-955164314CD4} NOT FOUND by this tool! ****

**** SpywareStrike {C1A2FDA2-1A5B-2A8F-F3A2-B22DA1A3C41D} NOT FOUND by this tool! ****

**** SpywareStrike {C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C} NOT FOUND by this tool! ****

**** SpywareStrike {D81E2FC4-B0A2-11D3-21AC-07C04C21A18A} NOT FOUND by this tool! ****

**** SpyAxe {A1D9D3F0-8C2A-9A1D-A376-2CACFB10AB72} NOT FOUND by this tool! ****

**** SpyAxe {A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} NOT FOUND by this tool! ****

**** SpyAxe {A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} NOT FOUND by this tool! ****

**** SpyAxe {A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} NOT FOUND by this tool! ****

**** SpyAxe {A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F} NOT FOUND by this tool! ****

**** SpyFalcon {A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F} NOT FOUND by this tool! ****

**** SpyFalcon {C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D} NOT FOUND by this tool! ****

**** SpyFalcon {CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E} NOT FOUND by this tool! ****

**** SpyFalcon {35a88e51-b53d-43e9-b8a7-75d4c31b4676} NOT FOUND by this tool! ****

**** SpyFalcon {64ba30a2-811a-4597-b0af-d551128be340} NOT FOUND by this tool! ****

**** SpyFalcon {89aef01d-d237-49c7-84dc-4e1904c1fd31} NOT FOUND by this tool! ****

**** SpyFalcon {e04408db-4812-4478-8d4d-e46edcffd3b6} NOT FOUND by this tool! ****

**** SpyFalcon {336ec37f-54bf-4f13-8237-03f64fa591e7} NOT FOUND by this tool! ****

**** SpyFalcon {5bc82bdb-bc03-4671-9a78-3ef2b68449de} NOT FOUND by this tool! ****

**** SpyFalcon {24c60b9b-26b5-4201-9f7a-fb9219356ae9} NOT FOUND by this tool! ****

**** SpyFalcon {a0c51615-738a-4542-801a-5af61614e182} NOT FOUND by this tool! ****

**** SpyFalcon {70fbd528-2d3c-4a00-9b8c-bbf441e534be} NOT FOUND by this tool! ****

**** SpyFalcon {a566f298-05a6-4b3d-b672-da7c27316430} NOT FOUND by this tool! ****

**** SpyFalcon {f5947202-e9cb-4a72-88e7-22f2cbd2b124} NOT FOUND by this tool! ****

**** SpyFalcon {5aaf6542-f4ba-4df4-873d-4902ecbe794c} NOT FOUND by this tool! ****

**** SpyFalcon {3e4155b8-5a4a-4e95-83b2-ab032da9acbc} NOT FOUND by this tool! ****

**** SpyFalcon {9952355f-fefb-4764-bcd7-a993d03dd7e2} NOT FOUND by this tool! ****

**** SpyFalcon {55059d4f-a1ac-4837-ae07-4859101f598d} NOT FOUND by this tool! ****

**** SpyFalcon {c3786a8d-6426-4c29-a23f-f36e47b31e0c} NOT FOUND by this tool! ****

**** SpyLocked {25b7d2fd-4f71-46d1-801a-7de323e4ec82} NOT FOUND by this tool! ****

**** SpyLocked {4233AC08-A2C4-4742-A0B4-83719613D62C} NOT FOUND by this tool! ****

**** SpyLocked {716002DB-288C-4BF0-80CD-A467E78D8B55} NOT FOUND by this tool! ****

**** SpyLocked {735E980D-45D2-4777-AF82-9923D3C8D3AE} NOT FOUND by this tool! ****

**** SpyLocked {B23DC537-3E13-44C7-BF67-D8405EB377F7} NOT FOUND by this tool! ****

**** SpyLocked {B292EC9F-A074-4115-8342-1F459702D8D2} NOT FOUND by this tool! ****

**** SpyLocked {CECA6F2B-247B-4ECE-9B7A-D0135C8036FC} NOT FOUND by this tool! ****

**** SpyLocked {DA3B49F6-8C54-4429-A275-21A86DCCA413} NOT FOUND by this tool! ****

**** SpyLocked {EDE8BED5-92CF-4482-8F51-A01CD9B3EA37} NOT FOUND by this tool! ****

**** SpyLocked {FA4FBF53-C766-4622-8011-A87A805EEBF0} NOT FOUND by this tool! ****

**** SpywareLocked {0E4E5110-A772-4C4A-A7DC-137FE10ABD6E} NOT FOUND by this tool! ****

**** SpywareLocked {07A582E8-BAE3-457D-9D29-2048DE45A369} NOT FOUND by this tool! ****

**** SpywareLocked {3BAA1AD8-EE49-4772-BF0B-F55083E0F7AA} NOT FOUND by this tool! ****

**** SpywareLocked {9D6FAC42-A7BE-4702-87EF-75D8DC14249E} NOT FOUND by this tool! ****

**** SpywareLocked {ABEF791F-947E-4CDF-83C3-E72A240AFB67} NOT FOUND by this tool! ****

**** SpywareLocked {BD0FC212-0A36-4232-83CC-2063FB9282E0} NOT FOUND by this tool! ****

**** SpywareLocked {B0DED443-5E68-4001-A81B-0A0001621AB8} NOT FOUND by this tool! ****

**** SpywareLocked {F38B1B2B-4976-46DD-9FE5-60FDE72F0B4D} NOT FOUND by this tool! ****

**** SpywareQuake {0c7416f0-dd23-420f-97f5-aae352ea2bf1} NOT FOUND by this tool! ****

**** SpywareQuake {E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} NOT FOUND by this tool! ****

**** SpywareQuake {AC1B4DA2-12FA-31F2-1A7D-CD2B14E6AD4E} NOT FOUND by this tool! ****

**** SpywareQuake {CD5E2AC9-25CE-A1C5-D1E2-DC6B28A6ED5A} NOT FOUND by this tool! ****

**** SpywareQuake {EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E} NOT FOUND by this tool! ****

**** SpywareQuake {e5b1e382-817e-4b74-8a96-ec78751e6acf} NOT FOUND by this tool! ****

**** SpywareQuake {a0aa3e4b-31cb-4ea2-9049-22b7f5b65edb} NOT FOUND by this tool! ****

**** SpywareQuake {cbb430e6-5b1b-474a-9d7e-160d4fe74bea} NOT FOUND by this tool! ****

**** SpywareQuake {62eb0924-19d2-4226-b4b9-8ad1f70904c1} NOT FOUND by this tool! ****

**** SpywareQuake {6c69e319-0d03-47da-997a-36586cbc53b3} NOT FOUND by this tool! ****

**** SpywareQuake {aea3d2df-2b2c-4d7b-81a0-d975c6dc088e} NOT FOUND by this tool! ****

**** SpywareSheriff {1C3B31AE-FD16-D2CE-43FF-DC4CD5C1BC5E} NOT FOUND by this tool! ****

**** VirusBurster {9d635a36-6b3c-4146-8625-f3aaf507bbf8} NOT FOUND by this tool! ****

**** TrustCleaner {24E27EA9-FCF3-444F-BD80-20543BA5D946} NOT FOUND by this tool! ****

**** Troj/Small-ER {4F141CBA-1457-6CCA-03A7-7AA21B61EA0F} NOT FOUND by this tool! ****

**** Troj/Spabot-E {429F4BB8-7BF7-4152-8011-3C6F9EB7E892} NOT FOUND by this tool! ****

**** Troj/Dloader-OF {203B1C4D9-BC71-8916-38AD-9DEA5D213614} NOT FOUND by this tool! ****

**** Troj/Crafted-A {0BC9BC01-54D4-4CCE-2B7D-955164314CD4} NOT FOUND by this tool! ****

**** Troj/Agent-FG {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} NOT FOUND by this tool! ****

**** TX 4 BrowserAd adware {8e99f990-b75a-4568-b3c8-24cbc8cbbfc1} NOT FOUND by this tool! ****

**** Trojan-Proxy.Win32.Small {87A3E824-A726-4CF4-8A66-6314B11BDA0C} NOT FOUND by this tool! ****

**** Trojan-Downloader.Win32.Delf.ks {786C369D-409A-456f-A13C-971EADA850C6} NOT FOUND by this tool! ****

**** W32/Almanahe.a Worm NOT FOUND by this tool! ****

**** msctl32.dll SpamBot NOT FOUND by this tool! ****

**** KeyLogger NOT FOUND by this tool! ****

--------------------------------------------------------------------------
CHECKING FOR BOT-TYPE WORMS:
--------------------------------------------------------------------------

**** W32/Sdbot Worm NOT FOUND by this tool! ****

--------------------------------------------------------------------------
CHECKING FOR KNOWN ROOTKIT STEALTHING AGENTS:
--------------------------------------------------------------------------

**** i386p.* Stealthing Agent NOT FOUND by this tool! ****

**** ErrorSafe erssdd.* Stealthing Agent NOT FOUND by this tool! ****

**** VUNDO DP.* Stealthing Agent NOT FOUND by this tool! ****

**** Troj/NTRootK-BP main.* Stealthing Agent NOT FOUND by this tool! ****

**** W32/Almanahe.sys RioDrvrs.* Stealthing Agent NOT FOUND by this tool! ****

**** W32/Almanahe.sys DKIS6.* Stealthing Agent NOT FOUND by this tool! ****

--------------------------------------------------------------------------
CHECKING FOR VISIBLE ROOTKIT-TYPE REGISTRY KEYS:
--------------------------------------------------------------------------

**** Rustock.B trojan, PE386 rootkit NOT FOUND by this tool! ****

**** Rustock.B trojan, huy32 rootkit NOT FOUND by this tool! ****

**** Rustock.B trojan, lzx32 rootkit NOT FOUND by this tool! ****

**** Rustock.B trojan, msguard rootkit NOT FOUND by this tool! ****

**** Rustock.B trojan, xpdt.sy_ rootkit NOT FOUND by this tool! ****

**** Rustock.B trojan, xpdt.sys rootkit NOT FOUND by this tool! ****

**** CmdService adware NOT FOUND by this tool! ****

**** Network_Monitor adware NOT FOUND by this tool! ****

**** Trojan.Peacomm NOT FOUND by this tool! ****

**** Trojan.Peacomm windev NOT FOUND by this tool! ****

**** AVPE Haxdoor NOT FOUND by this tool! ****

**** MEMLOW Haxdoor NOT FOUND by this tool! ****

**** VDMT Haxdoor NOT FOUND by this tool! ****

**** YCSVGA Haxdoor NOT FOUND by this tool! ****

**** PPTP Haxdoor NOT FOUND by this tool! ****

**** DVB Haxdoor NOT FOUND by this tool! ****

**** YVBB Haxdoor NOT FOUND by this tool! ****

**** YVPP Haxdoor NOT FOUND by this tool! ****

**** NKGFS Haxdoor NOT FOUND by this tool! ****

**** XMSK Haxdoor NOT FOUND by this tool! ****

**** AVPX Haxdoor NOT FOUND by this tool! ****

**** MMXF Haxdoor NOT FOUND by this tool! ****

**** DP1112 Vundo Rootkit NOT FOUND by this tool! ****

**** SYSBUS32 Rootkit Driver NOT FOUND by this tool! ****

**** I386P Rootkit Driver NOT FOUND by this tool! ****

**** ERSSDD Rootkit NOT FOUND by this tool! ****

**** GencTurK RootKit NOT FOUND by this tool! ****

**** Troj/NTRootK-BP RootKit NOT FOUND by this tool! ****

**** W32/Almanahe.sys NOT FOUND by this tool! ****

************************************************************************************

Dumping HKLM Uninstall Programs list

DisplayName   REG_SZ      a-squared Free 4.5
DisplayName   REG_SZ      a-squared HiJackFree 3.1
DisplayName   REG_SZ      ABBYY FineReader 4.0 Sprint
DisplayName   REG_SZ      Adaptec DirectCD
DisplayName   REG_SZ      Adaptec DirectCD Reader
DisplayName   REG_SZ      Adaptec Easy CD Creator
DisplayName   REG_SZ      Adobe Acrobat - Reader 6.0.2 Update
DisplayName   REG_SZ      Adobe Acrobat 4.0
DisplayName   REG_SZ      Adobe Acrobat and Reader 6.0.3 Update
DisplayName   REG_SZ      Adobe Acrobat and Reader 6.0.4 Update
DisplayName   REG_SZ      Adobe Acrobat and Reader 6.0.5 Update
DisplayName   REG_SZ      Adobe Atmosphere Player for Acrobat and Adobe Reader
DisplayName   REG_SZ      Adobe Common File Installer
DisplayName   REG_SZ      Adobe Flash Player 10 ActiveX
DisplayName   REG_SZ      Adobe Help Center 2.1
DisplayName   REG_SZ      Adobe PhotoDeluxe Home Edition 4.0
DisplayName   REG_SZ      Adobe Premiere Elements 3.0
DisplayName   REG_SZ      Adobe Premiere Elements 3.0
DisplayName   REG_SZ      Adobe Premiere Elements 3.0 Templates
DisplayName   REG_SZ      Adobe Reader 6.0.1
DisplayName   REG_SZ      Adobe Reader 8.1.2
DisplayName   REG_SZ      Adobe Type Manager
DisplayName   REG_SZ      Affinity SiteBuilder for Contribute 2 Extension
DisplayName   REG_SZ      Anfy
DisplayName   REG_SZ      Apple Software Update
DisplayName   REG_SZ      Auto Switch
DisplayName   REG_SZ      AutoUpdate
DisplayName   REG_SZ      BackWeb
DisplayName   REG_SZ      Brother 1440
DisplayName   REG_SZ      Brownie
DisplayName   REG_SZ      BufferChm
DisplayName   REG_SZ      CatchUp V1.3
DisplayName   REG_SZ      CP_AtenaShokunin1Config
DisplayName   REG_SZ      CP_CalendarTemplates1
DisplayName   REG_SZ      cp_LightScribeConfig
DisplayName   REG_SZ      cp_OnlineProjectsConfig
DisplayName   REG_SZ      CP_Package_Basic1
DisplayName   REG_SZ      CP_Package_Variety1
DisplayName   REG_SZ      CP_Package_Variety2
DisplayName   REG_SZ      CP_Package_Variety3
DisplayName   REG_SZ      CP_Panorama1Config
DisplayName   REG_SZ      cp_PosterPrintConfig
DisplayName   REG_SZ      cp_UpdateProjectsConfig
DisplayName   REG_SZ      CueTour
DisplayName   REG_SZ      Customer Experience Enhancement
DisplayName   REG_SZ      Customer Experience Enhancement
DisplayName   REG_SZ      Data Fax SoftModem with SmartCP
DisplayName   REG_SZ      Destination Component
DisplayName   REG_SZ      DISCover
DisplayName   REG_SZ      DivX
DisplayName   REG_SZ      DocMgr
DisplayName   REG_SZ      DocProc
DisplayName   REG_SZ      DocProcQFolder
DisplayName   REG_SZ      Drop! Extreme
DisplayName   REG_SZ      DVD Decrypter (Remove Only)
DisplayName   REG_SZ      DVD Flick
DisplayName   REG_SZ      DVD Shrink 3.2
DisplayName   REG_SZ      DVDFab HD Decrypter 4.0.1.2
DisplayName   REG_SZ      EarthLink TotalAccess 2.3
DisplayName   REG_SZ      Enhanced Multimedia Keyboard Solution
DisplayName   REG_SZ      EnterNet 300
DisplayName   REG_SZ      Entriq MediaSphere 3.5.2.2
DisplayName   REG_SZ      eSupportQFolder
DisplayName   REG_SZ      ExplorerXP (remove only)
DisplayName   REG_SZ      Family Tree Maker
DisplayName   REG_SZ      Family Tree Maker 2005
DisplayName   REG_SZ      Family Tree Maker 2006
DisplayName   REG_SZ      FullDPAppQFolder
DisplayName   REG_SZ      GemMaster Mystic
DisplayName   REG_SZ      GenSmarts
DisplayName   REG_SZ      getPlus(R)_ocx
DisplayName   REG_SZ      GPBaseService
DisplayName   REG_SZ      GTE Easy Sign Up
DisplayName   REG_SZ      High Definition Audio Driver Package - KB888111
DisplayName   REG_SZ      Hotfix for Windows Internet Explorer 7 (KB947864)
DisplayName   REG_SZ      Hotfix for Windows Media Format 11 SDK (KB929399)
DisplayName   REG_SZ      Hotfix for Windows Media Player 10 (KB903157)
DisplayName   REG_SZ      Hotfix for Windows Media Player 10 (KB910393)
DisplayName   REG_SZ      Hotfix for Windows Media Player 11 (KB939683)
DisplayName   REG_SZ      Hotfix for Windows XP (KB888795)
DisplayName   REG_SZ      Hotfix for Windows XP (KB891593)
DisplayName   REG_SZ      Hotfix for Windows XP (KB893357)
DisplayName   REG_SZ      Hotfix for Windows XP (KB895961)
DisplayName   REG_SZ      Hotfix for Windows XP (KB896344)
DisplayName   REG_SZ      Hotfix for Windows XP (KB899337)
DisplayName   REG_SZ      Hotfix for Windows XP (KB899510)
DisplayName   REG_SZ      Hotfix for Windows XP (KB902841)
DisplayName   REG_SZ      Hotfix for Windows XP (KB906569)
DisplayName   REG_SZ      Hotfix for Windows XP (KB912024)
DisplayName   REG_SZ      Hotfix for Windows XP (KB914440)
DisplayName   REG_SZ      Hotfix for Windows XP (KB915865)
DisplayName   REG_SZ      Hotfix for Windows XP (KB926239)
DisplayName   REG_SZ      Hotfix for Windows XP (KB935448)
DisplayName   REG_SZ      HouseCall (for Netscape)
DisplayName   REG_SZ      HP Boot Optimizer
DisplayName   REG_SZ      HP DigitalMedia Archive
DisplayName   REG_SZ      HP Document Manager 1.2
DisplayName   REG_SZ      HP DVD Play 2.1
DisplayName   REG_SZ      HP Easy Internet
DisplayName   REG_SZ      HP Help 2.1
DisplayName   REG_SZ      HP Imaging Device Functions 11.5
DisplayName   REG_SZ      hp instant support
DisplayName   REG_SZ      HP Pavilion Desktop Tour
DisplayName   REG_SZ      HP Photosmart for Media Center PC
DisplayName   REG_SZ      HP Photosmart Premier Software 6.5
DisplayName   REG_SZ      hp print screen utility
DisplayName   REG_SZ      HP Printer Scanner Copier Enhancer
DisplayName   REG_SZ      HP Scanjet G3110 11.5
DisplayName   REG_SZ      HP Smart Web Printing
DisplayName   REG_SZ      HP Solution Center 11.0
DisplayName   REG_SZ      HP Update
DisplayName   REG_SZ      HP Web Helper
DisplayName   REG_SZ      hpg3110
DisplayName   REG_SZ      hpg3110QFolder
DisplayName   REG_SZ      HPPhotoSmartExpress
DisplayName   REG_SZ      HPProductAssistant
DisplayName   REG_SZ      HpSdpAppCoreApp
DisplayName   REG_SZ      InstantShareDevices
DisplayName   REG_SZ      Intel RSX 3D
DisplayName   REG_SZ      Intel(R) Graphics Media Accelerator Driver
DisplayName   REG_SZ      Intel(R) Matrix Storage Manager
DisplayName   REG_SZ      Intel(R) PRO Network Connections Drivers
DisplayName   REG_SZ      Intel(R) Quick Resume Technology Drivers
DisplayName   REG_SZ      Intel® Viiv™ Software
DisplayName   REG_SZ      Iomega Tools for Windows 95
DisplayName   REG_SZ      J2SE Runtime Environment 5.0 Update 6
DisplayName   REG_SZ      Java 2 Runtime Environment Standard Edition v1.3
DisplayName   REG_SZ      Java 2 Runtime Environment, SE v1.4.2
DisplayName   REG_SZ      Java 2 Runtime Environment, SE v1.4.2_03
DisplayName   REG_SZ      Java 2 Runtime Environment, SE v1.4.2_05
DisplayName   REG_SZ      Java 2 Runtime Environment, SE v1.4.2_06
DisplayName   REG_SZ      Java(TM) 6 Update 3
DisplayName   REG_SZ      Kaspersky Anti-Virus 2009
DisplayName   REG_SZ      Kaspersky Anti-Virus 2009
DisplayName   REG_SZ      King of the Stars
DisplayName   REG_SZ      KODAK DC215 Software
DisplayName   REG_SZ      Lavasoft Reghance 2.1
DisplayName   REG_SZ      LightScribe 1.4.105.1
DisplayName   REG_SZ      Lizardtech DjVu Control (autoinstall)
DisplayName   REG_SZ      Logitech MouseWare 9.79.1
DisplayName   REG_SZ      Macromedia Extension Manager
DisplayName   REG_SZ      Malwarebytes' Anti-Malware
DisplayName   REG_SZ      Metafile Companion 1.10
DisplayName   REG_SZ      Microsoft .NET Framework 1.0 Hotfix (KB887998)
DisplayName   REG_SZ      Microsoft .NET Framework 1.0 Hotfix (KB930494)
DisplayName   REG_SZ      Microsoft .NET Framework 1.1
DisplayName   REG_SZ      Microsoft .NET Framework 1.1
DisplayName   REG_SZ      Microsoft .NET Framework 1.1 Hotfix (KB886903)
DisplayName   REG_SZ      Microsoft Compression Client Pack 1.0 for Windows XP
DisplayName   REG_SZ      Microsoft Encarta Encyclopedia 2000
DisplayName   REG_SZ      Microsoft Home Publishing 2000
DisplayName   REG_SZ      Microsoft Internationalized Domain Names Mitigation APIs
DisplayName   REG_SZ      Microsoft Internet Explorer 6 SP1 and Internet Tools
DisplayName   REG_SZ      Microsoft Money 2000 Standard Edition
DisplayName   REG_SZ      Microsoft Money 2006
DisplayName   REG_SZ      Microsoft National Language Support Downlevel APIs
DisplayName   REG_SZ      Microsoft Office 2000 Premium
DisplayName   REG_SZ      Microsoft Publisher 97
DisplayName   REG_SZ      Microsoft User-Mode Driver Framework Feature Pack 1.0
DisplayName   REG_SZ      Microsoft VGX Q833989
DisplayName   REG_SZ      Microsoft Web Publishing Wizard 1.6
DisplayName   REG_SZ      Microsoft Works
DisplayName   REG_SZ      Microsoft Works 2000
DisplayName   REG_SZ      Mjuice Components
DisplayName   REG_SZ      MrSID Browser Plug-in 1.3
DisplayName   REG_SZ      MSXML 4.0 SP2 (KB925672)
DisplayName   REG_SZ      MSXML 4.0 SP2 (KB927978)
DisplayName   REG_SZ      Multimedia Keyboard Hub
DisplayName   REG_SZ      MusicMatch Jukebox 4
DisplayName   REG_SZ      muvee autoProducer 5.0
DisplayName   REG_SZ      muvee autoProducer unPlugged 2.0
DisplayName   REG_SZ      My HP Games
DisplayName   REG_SZ      NBC Universal 1.0.0.7
DisplayName   REG_SZ      Net2Phone/Net2Fax
DisplayName   REG_SZ      Netscape (7.1)
DisplayName   REG_SZ      Netscape Browser (remove only)
DisplayName   REG_SZ      OCR Software by I.R.I.S. 11.0
DisplayName   REG_SZ      One-touch Multimedia Keyboard
DisplayName   REG_SZ      OptionalContentQFolder
DisplayName   REG_SZ      Otto
DisplayName   REG_SZ      PanoStandAlone
DisplayName   REG_SZ      PC-Doctor 5 for Windows
DisplayName   REG_SZ      PCmover
DisplayName   REG_SZ      PCmover
DisplayName   REG_SZ      pdfEdit995
DisplayName   REG_SZ      Photo Pos Lite
DisplayName   REG_SZ      PhotoGallery
DisplayName   REG_SZ      PhotoScape
DisplayName   REG_SZ      Pop-Up Stopper Free Edition
DisplayName   REG_SZ      Python 2.2 pywin32 extensions (build 203)
DisplayName   REG_SZ      Python 2.2.3
DisplayName   REG_SZ      Quicken 2006
DisplayName   REG_SZ      Quicken Basic 2000
DisplayName   REG_SZ      QuickLink III
DisplayName   REG_SZ      QuickTime
DisplayName   REG_SZ      RandMap
DisplayName   REG_SZ      Read in Microsoft Reader Add-in for Microsoft Word
DisplayName   REG_SZ      RealPlayer
DisplayName   REG_SZ      Realtek High Definition Audio Driver
DisplayName   REG_SZ      RegVac Registry Cleaner 5.01 (Registered Version)
DisplayName   REG_SZ      Remove WeatherBug Installer
DisplayName   REG_SZ      Riptide PCI Audio
DisplayName   REG_SZ      SBC Self Support Tool
DisplayName   REG_SZ      SBC Yahoo! Applications
DisplayName   REG_SZ      SBC Yahoo! Dial Connection Manager
DisplayName   REG_SZ      SBC Yahoo! DSL Activation
DisplayName   REG_SZ      SBC Yahoo! DSL Extras
DisplayName   REG_SZ      SBC Yahoo! Internet Mail
DisplayName   REG_SZ      SBC Yahoo! Login
DisplayName   REG_SZ      SBC Yahoo! Messenger Explorer Bar
DisplayName   REG_SZ      Scan
DisplayName   REG_SZ      Screenshot Captor 2.56.01
DisplayName   REG_SZ      Security Update for Step By Step Interactive Training (KB898458)
DisplayName   REG_SZ      Security Update for Step By Step Interactive Training (KB923723)
DisplayName   REG_SZ      Security Update for Windows Internet Explorer 7 (KB944533)
DisplayName   REG_SZ      Security Update for Windows Media Player 10 (KB911565)
DisplayName   REG_SZ      Security Update for Windows Media Player 10 (KB917734)
DisplayName   REG_SZ      Security Update for Windows Media Player 11 (KB936782)
DisplayName   REG_SZ      Security Update for Windows Media Player 6.4 (KB925398)
DisplayName   REG_SZ      Security Update for Windows XP (KB893756)
DisplayName   REG_SZ      Security Update for Windows XP (KB896358)
DisplayName   REG_SZ      Security Update for Windows XP (KB896422)
DisplayName   REG_SZ      Security Update for Windows XP (KB896423)
DisplayName   REG_SZ      Security Update for Windows XP (KB896424)
DisplayName   REG_SZ      Security Update for Windows XP (KB896428)
DisplayName   REG_SZ      Security Update for Windows XP (KB899587)
DisplayName   REG_SZ      Security Update for Windows XP (KB899591)
DisplayName   REG_SZ      Security Update for Windows XP (KB900725)
DisplayName   REG_SZ      Security Update for Windows XP (KB901017)
DisplayName   REG_SZ      Security Update for Windows XP (KB901214)
DisplayName   REG_SZ      Security Update for Windows XP (KB902400)
DisplayName   REG_SZ      Security Update for Windows XP (KB904706)
DisplayName   REG_SZ      Security Update for Windows XP (KB905414)
DisplayName   REG_SZ      Security Update for Windows XP (KB905749)
DisplayName   REG_SZ      Security Update for Windows XP (KB908519)
DisplayName   REG_SZ      Security Update for Windows XP (KB908531)
DisplayName   REG_SZ      Security Update for Windows XP (KB911562)
DisplayName   REG_SZ      Security Update for Windows XP (KB911927)
DisplayName   REG_SZ      Security Update for Windows XP (KB912812)
DisplayName   REG_SZ      Security Update for Windows XP (KB912919)
DisplayName   REG_SZ      Security Update for Windows XP (KB913580)
DisplayName   REG_SZ      Security Update for Windows XP (KB914388)
DisplayName   REG_SZ      Security Update for Windows XP (KB914389)
DisplayName   REG_SZ      Security Update for Windows XP (KB917344)
DisplayName   REG_SZ      Security Update for Windows XP (KB917422)
DisplayName   REG_SZ      Security Update for Windows XP (KB917953)
DisplayName   REG_SZ      Security Update for Windows XP (KB918118)
DisplayName   REG_SZ      Security Update for Windows XP (KB918439)
DisplayName   REG_SZ      Security Update for Windows XP (KB919007)
DisplayName   REG_SZ      Security Update for Windows XP (KB920213)
DisplayName   REG_SZ      Security Update for Windows XP (KB920670)
DisplayName   REG_SZ      Security Update for Windows XP (KB920683)
DisplayName   REG_SZ      Security Update for Windows XP (KB920685)
DisplayName   REG_SZ      Security Update for Windows XP (KB921398)
DisplayName   REG_SZ      Security Update for Windows XP (KB921503)
DisplayName   REG_SZ      Security Update for Windows XP (KB922616)
DisplayName   REG_SZ      Security Update for Windows XP (KB922819)
DisplayName   REG_SZ      Security Update for Windows XP (KB923191)
DisplayName   REG_SZ      Security Update for Windows XP (KB923414)
DisplayName   REG_SZ      Security Update for Windows XP (KB923689)
DisplayName   REG_SZ      Security Update for Windows XP (KB923694)
DisplayName   REG_SZ      Security Update for Windows XP (KB923980)
DisplayName   REG_SZ      Security Update for Windows XP (KB924191)
DisplayName   REG_SZ      Security Update for Windows XP (KB924270)
DisplayName   REG_SZ      Security Update for Windows XP (KB924496)
DisplayName   REG_SZ      Security Update for Windows XP (KB924667)
DisplayName   REG_SZ      Security Update for Windows XP (KB925454)
DisplayName   REG_SZ      Security Update for Windows XP (KB925486)
DisplayName   REG_SZ      Security Update for Windows XP (KB925902)
DisplayName   REG_SZ      Security Update for Windows XP (KB926255)
DisplayName   REG_SZ      Security Update for Windows XP (KB926436)
DisplayName   REG_SZ      Security Update for Windows XP (KB927779)
DisplayName   REG_SZ      Security Update for Windows XP (KB927802)
DisplayName   REG_SZ      Security Update for Windows XP (KB928090)
DisplayName   REG_SZ      Security Update for Windows XP (KB928255)
DisplayName   REG_SZ      Security Update for Windows XP (KB928843)
DisplayName   REG_SZ      Security Update for Windows XP (KB929969)
DisplayName   REG_SZ      Security Update for Windows XP (KB930178)
DisplayName   REG_SZ      Security Update for Windows XP (KB931261)
DisplayName   REG_SZ      Security Update for Windows XP (KB931768)
DisplayName   REG_SZ      Security Update for Windows XP (KB931784)
DisplayName   REG_SZ      Security Update for Windows XP (KB932168)
DisplayName   REG_SZ      Security Update for Windows XP (KB933729)
DisplayName   REG_SZ      Security Update for Windows XP (KB935839)
DisplayName   REG_SZ      Security Update for Windows XP (KB935840)
DisplayName   REG_SZ      Security Update for Windows XP (KB936021)
DisplayName   REG_SZ      Security Update for Windows XP (KB938127)
DisplayName   REG_SZ      Security Update for Windows XP (KB938829)
DisplayName   REG_SZ      Security Update for Windows XP (KB939653)
DisplayName   REG_SZ      Signature995
DisplayName   REG_SZ      SkinsHP1
DisplayName   REG_SZ      SlideShow
DisplayName   REG_SZ      SlideShowMusic
DisplayName   REG_SZ      SmartWebPrinting
DisplayName   REG_SZ      SolutionCenter
DisplayName   REG_SZ      Sonic Express Labeler
DisplayName   REG_SZ      Sonic MyDVD Plus
DisplayName   REG_SZ      Sonic RecordNow Audio
DisplayName   REG_SZ      Sonic RecordNow Copy
DisplayName   REG_SZ      Sonic RecordNow Data
DisplayName   REG_SZ      Sonic Update Manager
DisplayName   REG_SZ      Sonic_PrimoSDK
DisplayName   REG_SZ      SOUPUP2 - Achernar
DisplayName   REG_SZ      Stomp Backup MyPC
DisplayName   REG_SZ      Stomp Backup MyPC Update Manager
DisplayName   REG_SZ      Super Jigsaw Desserts
DisplayName   REG_SZ      SureThing CD Labeler - Stomper Edition 32 bit
DisplayName   REG_SZ      SureThing CD Labeler - Stomper Edition 32 bit
DisplayName   REG_SZ      Sweet Home 3D version 1.2
DisplayName   REG_SZ      The Cleaner 3.1
DisplayName   REG_SZ      Trellix Web
DisplayName   REG_SZ      Trojan Remover 6.7.9
DisplayName   REG_SZ      Ulead Photo Explorer 7.0 SE
DisplayName   REG_SZ      Ultimate Label Maker v2
DisplayName   REG_SZ      Ultimate Paint 1.91f
DisplayName   REG_SZ      UMAX VistaScan
DisplayName   REG_SZ      Unload
DisplayName   REG_SZ      upapp
DisplayName   REG_SZ      Update for Windows Media Player 10 (KB913800)
DisplayName   REG_SZ      Update for Windows Media Player 10 (KB926251)
DisplayName   REG_SZ      Update for Windows XP (KB898461)
DisplayName   REG_SZ      Update for Windows XP (KB900485)
DisplayName   REG_SZ      Update for Windows XP (KB904942)
DisplayName   REG_SZ      Update for Windows XP (KB910437)
DisplayName   REG_SZ      Update for Windows XP (KB911280)
DisplayName   REG_SZ      Update for Windows XP (KB912945)
DisplayName   REG_SZ      Update for Windows XP (KB916595)
DisplayName   REG_SZ      Update for Windows XP (KB920872)
DisplayName   REG_SZ      Update for Windows XP (KB922582)
DisplayName   REG_SZ      Update for Windows XP (KB927891)
DisplayName   REG_SZ      Update for Windows XP (KB929338)
DisplayName   REG_SZ      Update for Windows XP (KB930916)
DisplayName   REG_SZ      Update for Windows XP (KB931836)
DisplayName   REG_SZ      Update for Windows XP (KB933360)
DisplayName   REG_SZ      Update for Windows XP (KB936357)
DisplayName   REG_SZ      Update for Windows XP (KB938828)
DisplayName   REG_SZ      Update Rollup 2 for Windows XP Media Center Edition 2005
DisplayName   REG_SZ      Updates from HP (remove only)
DisplayName   REG_SZ      VC 9.0 Runtime
DisplayName   REG_SZ      VC 9.0 Runtime
DisplayName   REG_SZ      Viewpoint Manager (Remove Only)
DisplayName   REG_SZ      WebFldrs XP
DisplayName   REG_SZ      WebReg
DisplayName   REG_SZ      Winamp (remove only)
DisplayName   REG_SZ      Windows 98 KB891711 Update
DisplayName   REG_SZ      Windows 98 KB896358 Update
DisplayName   REG_SZ      Windows 98 KB908519 Update
DisplayName   REG_SZ      Windows 98 KB918547 Update
DisplayName   REG_SZ      Windows 98 Q888113 Update
DisplayName   REG_SZ      Windows Genuine Advantage Validation Tool (KB892130)
DisplayName   REG_SZ      Windows Genuine Advantage Validation Tool (KB892130)
DisplayName   REG_SZ      Windows Installer 3.1 (KB893803)
DisplayName   REG_SZ      Windows Internet Explorer 7
DisplayName   REG_SZ      Windows Media Format 11 runtime
DisplayName   REG_SZ      Windows Media Format 11 runtime
DisplayName   REG_SZ      Windows Media Player 11
DisplayName   REG_SZ      Windows Media Player 11
DisplayName   REG_SZ      Windows XP Hotfix - KB873339
DisplayName   REG_SZ      Windows XP Hotfix - KB883667
DisplayName   REG_SZ      Windows XP Hotfix - KB885250
DisplayName   REG_SZ      Windows XP Hotfix - KB885835
DisplayName   REG_SZ      Windows XP Hotfix - KB885836
DisplayName   REG_SZ      Windows XP Hotfix - KB886185
DisplayName   REG_SZ      Windows XP Hotfix - KB887472
DisplayName   REG_SZ      Windows XP Hotfix - KB887742
DisplayName   REG_SZ      Windows XP Hotfix - KB888113
DisplayName   REG_SZ      Windows XP Hotfix - KB888302
DisplayName   REG_SZ      Windows XP Hotfix - KB890175
DisplayName   REG_SZ      Windows XP Hotfix - KB890859
DisplayName   REG_SZ      Windows XP Hotfix - KB891781
DisplayName   REG_SZ      Windows XP Hotfix - KB892050
DisplayName   REG_SZ      Windows XP Hotfix - KB893066
DisplayName   REG_SZ      Windows XP Media Center Edition 2005 KB908246
DisplayName   REG_SZ      Windows XP Media Center Edition 2005 KB925766
DisplayName   REG_SZ      WinRAR archiver
DisplayName   REG_SZ      WinZip
DisplayName   REG_SZ      xat.com JPEG Optimizer
ParentDisplayName   REG_SZ
ParentDisplayName   REG_SZ
ParentDisplayName   REG_SZ      Microsoft Learning - Software Updates
ParentDisplayName   REG_SZ      Microsoft Learning - Software Updates
ParentDisplayName   REG_SZ      Windows Internet Explorer 7 - Software Updates
ParentDisplayName   REG_SZ      Windows Internet Explorer 7 - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP - Software Updates
ParentDisplayName   REG_SZ      Windows XP Media Center Edition 2005
ParentDisplayName   REG_SZ      Windows XP Media Center Edition 2005
ParentDisplayName   REG_SZ      Windows XP Media Center Edition 2005
QuietDisplayName   REG_SZ      DirectShow
QuietDisplayName   REG_SZ      Internet Explorer Exception pack
QuietDisplayName   REG_SZ      Internet Explorer Help
QuietDisplayName   REG_SZ      Internet Explorer Help Content
QuietDisplayName   REG_SZ      Internet Explorer ReadMe
QuietDisplayName   REG_SZ      Lizardtech DjVu Control (autoinstall)
QuietDisplayName   REG_SZ      Microsoft VGX Q833989
QuietDisplayName   REG_SZ      Offline Browsing Pack
QuietDisplayName   REG_SZ      Shockwave Director 7.0.0
QuietDisplayName   REG_SZ      Task Scheduler
QuietDisplayName   REG_SZ      Vector Graphics Rendering (VML)
WildTangentUninstallDisplayName   REG_SZ      Bejeweled 2 Deluxe
WildTangentUninstallDisplayName   REG_SZ      Bistro Stars
WildTangentUninstallDisplayName   REG_SZ      Blasterball 2 Remix
WildTangentUninstallDisplayName   REG_SZ      Blasterball 2 Revolution
WildTangentUninstallDisplayName   REG_SZ      Bookworm Deluxe
WildTangentUninstallDisplayName   REG_SZ      Cake Mania
WildTangentUninstallDisplayName   REG_SZ      Chuzzle Deluxe
WildTangentUninstallDisplayName   REG_SZ      Diner Dash
WildTangentUninstallDisplayName   REG_SZ      Drop! Extreme
WildTangentUninstallDisplayName   REG_SZ      FATE
WildTangentUninstallDisplayName   REG_SZ      Garden Dreams
WildTangentUninstallDisplayName   REG_SZ      Insaniquarium Deluxe
WildTangentUninstallDisplayName   REG_SZ      JEOPARDY
WildTangentUninstallDisplayName   REG_SZ      Jewel Quest
WildTangentUninstallDisplayName   REG_SZ      My HP Game Console
WildTangentUninstallDisplayName   REG_SZ      Polar Bowler
WildTangentUninstallDisplayName   REG_SZ      SCRABBLE
WildTangentUninstallDisplayName   REG_SZ      Slingo Deluxe
WildTangentUninstallDisplayName   REG_SZ      Tradewinds
WildTangentUninstallDisplayName   REG_SZ      Wheel of Fortune

#####################################################################################################

-- All DONE! :)

~ ShadowPuterDude ~

Code:

Logfile of HiJackFree v3.0
Scan saved at 8:22:17 AM, on 6/22/2009
Platform: Windows XP Service Pack 2 (Windows NT 5.1.2600)
MSIE: Internet Explorer v 7.0 Service Pack 2 (7.0.5730.13)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\program files\common files\installshield\updateservice\issch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaTray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaServer.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\DISC\DISCover.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\a-squared HiJackFree\a2hijackfree.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
O2 - BHO: - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PCDrProfiler]
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ftutil2] "rundll32.exe" ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [NBCUniversal Media Manager Tray] "C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaTray.exe" /CustomId:NBCUniversal
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [Trojan Remover] "C:\Program Files\Trojan Remover\RMVTRJAN.EXE" /restart
O7 - Regedit - Enabled
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\conn_support.ico
O9 - Extra "Tools" menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\conn_support.ico
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O14 - IERESET.INF: SEARCH_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
O14 - IERESET.INF: MS_START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
O15 - Trusted Zone: *://www.adobe.com
O15 - Trusted Zone: http://www.ebay.com
O15 - Trusted Zone: http://games.latimes.com
O15 - Trusted Zone: http://www.latimes.com
O15 - Trusted Zone: http://office.microsoft.com
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166389992015
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166389978218
O16 - DPF: {75565ED2-1560-4F15-B841-20358DE6A0D1} (ImageControl Class) - http://content.ancestry.com/asfiles/files/install/MFImgVwr.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\System32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - ShellServiceObjectDelayLoad: PostBootReminder -
O21 - ShellServiceObjectDelayLoad: CDBurn -
O21 - ShellServiceObjectDelayLoad: WebCheck -
O21 - ShellServiceObjectDelayLoad: SysTray -
O21 - ShellServiceObjectDelayLoad: WPDShServiceObj -
O22 - SharedTaskScheduler: Browseui preloader - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Free Service - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Alerter - C:\WINDOWS\system32\svchost.exe
O23 - Service: Application Layer Gateway Service - C:\WINDOWS\System32\alg.exe
O23 - Service: Application Management - C:\WINDOWS\system32\svchost.exe
O23 - Service: ASP.NET State Service - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
O23 - Service: Windows Audio - C:\WINDOWS\System32\svchost.exe
O23 - Service: Kaspersky Anti-Virus - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Background Intelligent Transfer Service - C:\WINDOWS\system32\svchost.exe
O23 - Service: Computer Browser - C:\WINDOWS\system32\svchost.exe
O23 - Service: Indexing Service - C:\WINDOWS\system32\cisvc.exe
O23 - Service: ClipBook - C:\WINDOWS\system32\clipsrv.exe
O23 - Service: COM+ System Application - C:\WINDOWS\system32\dllhost.exe
O23 - Service: Cryptographic Services - C:\WINDOWS\system32\svchost.exe
O23 - Service: DCOM Server Process Launcher - C:\WINDOWS\system32\svchost
O23 - Service: DHCP Client - C:\WINDOWS\system32\svchost.exe
O23 - Service: Logical Disk Manager Administrative Service - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Logical Disk Manager - C:\WINDOWS\System32\svchost.exe
O23 - Service: DNS Client - C:\WINDOWS\system32\svchost.exe
O23 - Service: Media Center Receiver Service - C:\WINDOWS\eHome\ehRecvr.exe
O23 - Service: Media Center Scheduler Service - C:\WINDOWS\eHome\ehSched.exe
O23 - Service: Intel(R) Quick Resume technology - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Error Reporting Service - C:\WINDOWS\System32\svchost.exe
O23 - Service: Event Log - C:\WINDOWS\system32\services.exe
O23 - Service: COM+ Event System - C:\WINDOWS\system32\svchost.exe
O23 - Service: Fast User Switching Compatibility - C:\WINDOWS\System32\svchost.exe
O23 - Service: Fax - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Help and Support - C:\WINDOWS\System32\svchost.exe
O23 - Service: Human Interface Device Access - C:\WINDOWS\System32\svchost.exe
O23 - Service: hpqcxs08 - C:\WINDOWS\system32\svchost.exe
O23 - Service: HTTP SSL - C:\WINDOWS\System32\svchost.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service - C:\WINDOWS\system32\imapi.exe
O23 - Service: Server - C:\WINDOWS\system32\svchost.exe
O23 - Service: Workstation - C:\WINDOWS\system32\svchost.exe
O23 - Service: LightScribeService Direct Disc Labeling Service - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: TCP/IP NetBIOS Helper - C:\WINDOWS\system32\svchost.exe
O23 - Service: Media Center Extender Service - C:\WINDOWS\ehome\mcrdsvc.exe
O23 - Service: Messenger - C:\WINDOWS\system32\svchost.exe
O23 - Service: MHN - C:\WINDOWS\System32\svchost.exe
O23 - Service: NetMeeting Remote Desktop Sharing - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Windows Installer - C:\WINDOWS\system32\msiexec.exe
O23 - Service: Network DDE - C:\WINDOWS\system32\netdde.exe
O23 - Service: Network DDE DSDM - C:\WINDOWS\system32\netdde.exe
O23 - Service: Net Logon - C:\WINDOWS\system32\lsass.exe
O23 - Service: Network Connections - C:\WINDOWS\System32\svchost.exe
O23 - Service: Network Location Awareness (NLA) - C:\WINDOWS\system32\svchost.exe
O23 - Service: NT LM Security Support Provider - C:\WINDOWS\system32\lsass.exe
O23 - Service: Removable Storage - C:\WINDOWS\system32\svchost.exe
O23 - Service: Plug and Play - C:\WINDOWS\system32\services.exe
O23 - Service: IPSEC Services - C:\WINDOWS\system32\lsass.exe
O23 - Service: Protected Storage - C:\WINDOWS\system32\lsass.exe
O23 - Service: Remote Access Auto Connection Manager - C:\WINDOWS\system32\svchost.exe
O23 - Service: Remote Access Connection Manager - C:\WINDOWS\system32\svchost.exe
O23 - Service: Remote Desktop Help Session Manager - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Routing and Remote Access - C:\WINDOWS\system32\svchost.exe
O23 - Service: Remote Registry - C:\WINDOWS\system32\svchost.exe
O23 - Service: Remote Procedure Call (RPC) Locator - C:\WINDOWS\system32\locator.exe
O23 - Service: Remote Procedure Call (RPC) - C:\WINDOWS\system32\svchost
O23 - Service: QoS RSVP - C:\WINDOWS\system32\rsvp.exe
O23 - Service: Security Accounts Manager - C:\WINDOWS\system32\lsass.exe
O23 - Service: Smart Card - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Task Scheduler - C:\WINDOWS\System32\svchost.exe
O23 - Service: Secondary Logon - C:\WINDOWS\System32\svchost.exe
O23 - Service: System Event Notification - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) - C:\WINDOWS\System32\svchost.exe
O23 - Service: Shell Hardware Detection - C:\WINDOWS\System32\svchost.exe
O23 - Service: Print Spooler - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: System Restore Service - C:\WINDOWS\system32\svchost.exe
O23 - Service: SSDP Discovery Service - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Image Acquisition (WIA) - C:\WINDOWS\system32\svchost.exe
O23 - Service: MS Software Shadow Copy Provider - C:\WINDOWS\system32\dllhost.exe
O23 - Service: Performance Logs and Alerts - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telephony - C:\WINDOWS\System32\svchost.exe
O23 - Service: Terminal Services - C:\WINDOWS\System32\svchost
O23 - Service: Themes - C:\WINDOWS\System32\svchost.exe
O23 - Service: Telnet - C:\WINDOWS\system32\tlntsvr.exe
O23 - Service: Distributed Link Tracking Client - C:\WINDOWS\system32\svchost.exe
O23 - Service: Universal Plug and Play Device Host - C:\WINDOWS\system32\svchost.exe
O23 - Service: Uninterruptible Power Supply - C:\WINDOWS\System32\ups.exe
O23 - Service: Volume Shadow Copy - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Windows Time - C:\WINDOWS\System32\svchost.exe
O23 - Service: WebClient - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Management Instrumentation - C:\WINDOWS\system32\svchost.exe
O23 - Service: Portable Media Serial Number Service - C:\WINDOWS\System32\svchost.exe
O23 - Service: Windows Management Instrumentation Driver Extensions - C:\WINDOWS\System32\svchost.exe
O23 - Service: WMI Performance Adapter - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Windows Media Player Network Sharing Service - C:\Program Files\Windows Media Player\WMPNetwk.exe
O23 - Service: Security Center - C:\WINDOWS\System32\svchost.exe
O23 - Service: Automatic Updates - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework - C:\WINDOWS\system32\svchost.exe
O23 - Service: Wireless Zero Configuration - C:\WINDOWS\System32\svchost.exe
O23 - Service: Network Provisioning Service - C:\WINDOWS\System32\svchost.exe

Rank: Newbie
Groups: Member

Joined: 6/22/2009
Posts: 3

Not the answer I was hoping for, but what I expected after seeing the logs.
I do appreciate and thank you for your help in this.

Donna

Guest User

Anti-Malware Forum - Emsi Software - Anti-Virus, Anti-Trojan and Anti-Spyware