DiggityDesigns

Need Help WIth Gen.Trojan!IK

Recommended Posts

Hello, I had a problem with a virus or malware that took over most of all the anti-virus programs and malware/spyware programs. The virus or malware would not allow me to run or update most of the programs I used (i.e. Avira, AVG, Norman, SuperAntiSpyware, Avast, SpywareDoctor, Adaware, etc...) I found A-Squared free and have been able to install, update and run it. It finds a bunch of the Gen.Trojan!IK but at the end of the scan and when I try to quarantine them it will not allow me to.

I have read some of the other posts about this virus but I do not want to do what you tell them to do incase I should follow a different approach? Can you help me out and lead me into the right direction? I have downloaded (A-Squared, ISeeYouXP, HiJackFree, Win32kDiag and Avenger) as you have posted to do in other topics.

I am not sure the exact approach you would want me to take, so if you can kindly inform me in a little step by step that would be greatly appreciated!!

Thanks.....

Share this post


Link to post
Share on other sites

Hi DiggityDesigns,

Your decision was correct - as for not running any tools and not following additional advices posted into other users threads.

Since you've read the instruction

http://forum.emsisoft.com/Default.aspx?g=posts&t=1930

please perform only those preliminary steps and post all required log files here.

If there are any problems just describe them and you will be advised

about further actions

My regards

Share this post


Link to post
Share on other sites

Hi DiggityDesigns,

Your decision was correct - as for not running any tools and not following additional advices posted into other users threads.

Since you've read the instruction

please perform
only
those preliminary steps and post all required log files here.

If there are any problems just describe them and you will be advised

about further actions

My regards

Lynx,

Thanks for the fast reply, was acctually going over that right now. Will perform the preliminary steps and post them here as soon as I can.

thanks....

Share this post


Link to post
Share on other sites

Hey Lynx, I wanted to let you know that I did do this process before I started this topic:

Open notepad

Copy and Paste the below lines of code to notepad:

@echo offcopy C:\WINDOWS\system32\logevent.dll c:\logevent.dllcopy C:\WINDOWS\ServicePackFiles\i386\dumprep.exe c:\dumprep.exeGo to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your Desktop.

Double-click on fixes.bat to execute it.

-----------------------------------------------------------

Download Avenger from here and unzip to your desktop.

•Run Avenger

•Read the prompt that appears, and press OK

•Copy & paste the following text in Input script Box:

Files to move:C:\logevent.dll | C:\WINDOWS\SYSTEM32\eventlog.dllC:\dumprep.exe | C:\WINDOWS\SYSTEM32\dumprep.exeThen click "Execute".

•You will be presented with 2 confirmation prompts. Select yes on each. Your system will reboot.

Note: It is possible that Avenger will reboot your system TWICE.

•Upon reboot, a command prompt window will appear on your screen for a few seconds, and then Avenger's log will open. Please paste that log here in your next post.

-----------------------------------------------------------

Go to start > run and copy and paste the following command in the field:

"%userprofile%\desktop\win32kdiag.exe" -f -r

This should restore permissions on locked files and remove mountpoints.

After I did the A2 full scan this time none of the viruses showed up, but Im still not sure that I got rid of everything so I am posting the mentioned logs below-

A2 SCAN:

a-squared Free - Version 4.5
Last update: 10/1/2009 11:52:55 PM

Scan settings:

Scan type: Deep Scan
Objects: Memory, Traces, Cookies, C:\, D:\, E:\, F:\
Scan archives: On
Heuristics: Off
ADS Scan: On

Scan start:	10/2/2009 12:08:04 AM

Value: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Emule --> Order 	detected: Trace.Registry.Emule 5.0!A2
Value: HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Emule --> Order 	detected: Trace.Registry.Emule 5.0!A2
c:\windows\tasks\{7b02ef0b-a410-4938-8480-9ba26420a627}.job 	detected: Trace.File.FraudPack!A2
c:\windows\tasks\{bb65b0fb-5712-401b-b616-e69ac55e2757}.job 	detected: Trace.File.FraudPack!A2
Key: HKEY_USERS\.DEFAULT\software\NordBull\ 	detected: Trace.Registry.FraudPack!A2
Key: HKEY_USERS\S-1-5-18\software\NordBull\ 	detected: Trace.Registry.FraudPack!A2
Key: HKEY_USERS\.DEFAULT\software\PopRock\ 	detected: Trace.Registry.FraudPack!A2
Key: HKEY_USERS\S-1-5-18\software\PopRock\ 	detected: Trace.Registry.FraudPack!A2
c:\program files\regcure\ 	detected: Trace.Directory.RegCure!A2
c:\documents and settings\all users\start menu\programs\regcure\ 	detected: Trace.Directory.RegCure!A2
c:\documents and settings\owner\start menu\programs\regcure\ 	detected: Trace.Directory.RegCure!A2
c:\windows\tasks\regcure.job 	detected: Trace.File.RegCure!A2
c:\windows\tasks\regcure program check.job 	detected: Trace.File.RegCure!A2
Key: HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\RegCure 	detected: Trace.Registry.RegCure!A2
Key: HKEY_LOCAL_MACHINE\software\RegCure 	detected: Trace.Registry.RegCure!A2
c:\documents and settings\owner\application data\microsoft\internet explorer\quick launch\emule.lnk 	detected: Trace.File.Emule 5.0!A2
E:\i386\Apps\App17981\comps\toolbar\toolbr.exe 	detected: Adware.Win32.SearchIt.t!A2

Scanned

Files: 	374128
Traces: 	647767
Cookies: 	6
Processes: 	44

Found

Files: 	1
Traces: 	16
Cookies: 	0
Processes: 	0
Registry keys: 	0

Scan end:	10/2/2009 2:53:44 AM
Scan time:	2:45:40

ISeeYouXP SCAN:

 
************************************************************************************  
                                  ISeeYouXP v2.0 Beta 14  

                 ISeeYouXP v1.3.0-v2.0 Beta 14 Copyright - ShadowPuterDude 
                 ISeeYouXP v1.2.9 and earlier Copyright - PhilliePhan 
------------------------------------------------------------------------------------  
****  PLEASE NOTE THAT MOST (if not ALL) OF THE ITEMS BELOW ARE  NOT  BADDIES!  **** 
  ****   PLEASE CONSULT A KNOWLEDGEABLE PERSON BEFORE TAKING ANY ACTION.   **** 
************************************************************************************  

Windows/Browser/Java Versions: 

Microsoft Windows XP Home Edition
Version:           5.1.2600
Service Pack:      3.0
Windows Directory: C:\WINDOWS

Internet Explorer
Version:  8.0.6001.18702
Build:    86001
Language: English (United States)
Path:     C:\Program Files\Internet Explorer


Boot State: Normal boot

Scan done at  5:25:00.00, Fri 10/02/2009 

------------------------------------------------------------------------------------  

ISeeYouXP installation folder and files 

"C:\ISeeYouXP\"
bootst~1.vbs  May 28 2007         359  "bootstate.vbs"
change.log    Jun  8 2008        5012  "change.log"
chodefix.bat  Apr 18 2007        5387  "chodefix.bat"
fixchode.reg  Apr 18 2007         528  "fixChode.reg"
fixexp~1.bat  Feb 24 2007         487  "FixExplorerPolicies.bat"
getunk~1.bat  Aug 12 2006        1478  "GetUnKeys.bat"
grep.exe      Dec 24 2004      160768  "grep.exe"
hideit.bat    Oct 17 2007        1072  "HideIT.bat"
ieinfo.vbs    May 28 2007         514  "ieinfo.vbs"
iesecu~1.bat  Oct 28 2007          72  "IESecurityZones.bat"
iesecu~1.vbs  Nov  8 2007        2399  "IESecurityZones.vbs"
iseeyo~1.bat  Jun  8 2008      211377  "ISeeYouXP.bat"
libico~1.dll  Mar 16 2004      898048  "libiconv2.dll"
libintl3.dll  Oct  9 2004      101888  "libintl3.dll"
locate.com    Jan 14 2005       11254  "locate.com"
md5sum.exe    Aug  5 2007       49152  "md5sum.exe"
msconf~1.bat  Feb 24 2007         578  "MSConfigFix.bat"
osinfo.vbs    May 28 2007         598  "osinfo.vbs"
pcbutts.txt   Mar 25 2007        5167  "PCBUTTS.TXT"
pcre.dll      Nov 14 2004      183313  "pcre.dll"
pv.exe        Mar  3 2006       73728  "pv.exe"
regedi~1.bat  Mar 30 2007         650  "RegEditFix.bat"
regfix.bat    Apr 18 2007         145  "Regfix.bat"
servic~1.vbs  May 28 2007         672  "servicesinfo.vbs"
showit.bat    Oct 17 2007        1013  "ShowIT.bat"
swreg.exe     Apr  5 2007      139776  "swreg.exe"
system~1.bat  Feb 28 2007         369  "SystemRestoreFix.bat"
taskmg~1.bat  Feb 24 2007         288  "TaskMgrFix.bat"

28 items found:  28 files, 0 directories.
  Total of file sizes:  1,856,092 bytes      1.77 M
              3 Dir(s)  32,693,329,920 bytes free

------------------------------------------------------------------------------------  

System Environment Variables  

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BARNCOMP2
ComSpec=C:\WINDOWS\system32\cmd.exe
errcode=0
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\BARNCOMP2
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;%NpmLib%
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0604
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=BARNCOMP2
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS

------------------------------------------------------------------------------------ 

Showing any Pocket Killbox backup files 

No matches found.

------------------------------------------------------------------------------------ 

Displaying BOOT.INI: 

[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

------------------------------------------------------------------------------------ 

Displaying SYSTEM.INI: 

; for 16-bit app support

[drivers]
wave=mmdrv.dll
timer=timer.drv

[mci]
[driver32]
[386enh]
woafont=dosapp.FON
EGA80WOA.FON=EGA80WOA.FON
EGA40WOA.FON=EGA40WOA.FON
CGA80WOA.FON=CGA80WOA.FON
CGA40WOA.FON=CGA40WOA.FON
[TTFontDimenCacheDBCS]
0 4=2 4  
0 5=3 5  
0 6=4 6  
0 7=4 7  
0 8=5 8  
0 9=5 9  
0 10=6 10  
0 11=7 11  
0 12=7 12  
0 13=8 13  
0 14=8 14  
0 15=9 15  
0 16=10 16  
0 18=11 18  
0 20=12 20  
0 22=13 22  

------------------------------------------------------------------------------------ 

Displaying WIN.INI: 

; for 16-bit app support
[fonts]
[extensions]
[mci extensions]
[files]
[MCI Extensions.BAK]
aif=MPEGVideo
aifc=MPEGVideo
aiff=MPEGVideo
asf=MPEGVideo
asx=MPEGVideo
au=MPEGVideo
m1v=MPEGVideo
m3u=MPEGVideo
mp2=MPEGVideo
mp2v=MPEGVideo
mp3=MPEGVideo
mpa=MPEGVideo
mpe=MPEGVideo
mpeg=MPEGVideo
mpg=MPEGVideo
mpv2=MPEGVideo
snd=MPEGVideo
wax=MPEGVideo
wm=MPEGVideo
wma=MPEGVideo
wmv=MPEGVideo
wmx=MPEGVideo
wpl=MPEGVideo
wvx=MPEGVideo
[status]
State=Running
[Readiris]
Scanner32=Twaino38,22
[AMV Video Convert Tool]
DIR=C:\Documents and Settings\Owner\Desktop\
[Cucusoft AVI to DVD VCD SVCD MPEG Converter (Pro Version)]
left=415
top=29
batch=0
editFilters=0

------------------------------------------------------------------------------------ 

Displaying AUTOEXEC.BAT: 


------------------------------------------------------------------------------------ 

Displaying CONFIG.SYS: 


------------------------------------------------------------------------------------ 

Displaying Running Processes: 

 PROCESS            PID  PRIO     PATH 
smss.exe             364 Normal   C:\WINDOWS\System32\smss.exe 
csrss.exe            588 Normal   C:\WINDOWS\system32\csrss.exe 
winlogon.exe         616 High     C:\WINDOWS\system32\winlogon.exe 
services.exe         660 Normal   C:\WINDOWS\system32\services.exe 
lsass.exe            672 Normal   C:\WINDOWS\system32\lsass.exe 
Ati2evxx.exe         840 Normal   C:\WINDOWS\system32\Ati2evxx.exe 
svchost.exe          856 Normal   C:\WINDOWS\system32\svchost.exe 
svchost.exe          924 Normal   C:\WINDOWS\system32\svchost.exe 
svchost.exe         1020 Normal   C:\WINDOWS\System32\svchost.exe 
svchost.exe         1092 Normal   C:\WINDOWS\system32\svchost.exe 
svchost.exe         1228 Normal   C:\WINDOWS\system32\svchost.exe 
Ati2evxx.exe        1500 Normal   C:\WINDOWS\system32\Ati2evxx.exe 
Explorer.EXE        1600 Normal   C:\WINDOWS\Explorer.EXE 
spoolsv.exe         1704 Normal   C:\WINDOWS\system32\spoolsv.exe 
sched.exe           1752 Normal   C:\Program Files\Avira\AntiVir Desktop\sched.exe 
svchost.exe         1804 Normal   C:\WINDOWS\system32\svchost.exe 
a2service.exe       1868 Normal   C:\Program Files\a-squared Free\a2service.exe 
avguard.exe         2020 Normal   C:\Program Files\Avira\AntiVir Desktop\avguard.exe 
AppleMobileDeviceService.exe       96 Normal   C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 
mDNSResponder.exe      184 Normal   C:\Program Files\Bonjour\mDNSResponder.exe 
svchost.exe          352 Normal   C:\WINDOWS\system32\svchost.exe 
jqs.exe              460 Idle     C:\Program Files\Java\jre6\bin\jqs.exe 
svchost.exe          396 Normal   C:\WINDOWS\System32\svchost.exe 
svchost.exe          980 Normal   C:\WINDOWS\System32\svchost.exe 
PRISMXL.SYS         1056 Normal   C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS 
PDVDServ.exe        1088 Normal   C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe 
svchost.exe         1132 Normal   C:\WINDOWS\system32\svchost.exe 
readericon45G.exe     1356 Idle     C:\Program Files\Digital Media Reader\readericon45G.exe 
wdfmgr.exe          1412 Normal   C:\WINDOWS\system32\wdfmgr.exe 
RTHDCPL.EXE         1420 Normal   C:\WINDOWS\RTHDCPL.EXE 
WLService.exe       1512 Normal   C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe 
WUSB54GSv2.exe      1152 High     C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe 
iTunesHelper.exe      208 Normal   C:\Program Files\iTunes\iTunesHelper.exe 
jusched.exe          728 Normal   C:\Program Files\Java\jre6\bin\jusched.exe 
avgnt.exe            864 Normal   C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 
ctfmon.exe          1392 Normal   C:\WINDOWS\system32\ctfmon.exe 
hpqtra08.exe        1760 Normal   C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe 
iPodService.exe     2668 Normal   C:\Program Files\iPod\bin\iPodService.exe 
alg.exe             2712 Normal   C:\WINDOWS\System32\alg.exe 
hpqSTE08.exe        2468 Normal   C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe 
iexplore.exe        1108 Normal   C:\Program Files\Internet Explorer\iexplore.exe 
iexplore.exe        1532 Normal   C:\Program Files\Internet Explorer\iexplore.exe 
hpswp_clipbook.exe     2972 Normal   C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe 
cmd.exe             3588 Normal   C:\WINDOWS\system32\cmd.exe 
ntvdm.exe           2908 Normal   C:\WINDOWS\system32\ntvdm.exe 
wmiprvse.exe        1156 Normal   C:\WINDOWS\system32\wbem\wmiprvse.exe 
pv.exe              3776 Normal   C:\ISEEYO~1\pv.exe 

------------------------------------------------------------------------------------ 

Displaying Windows Services: 

Name:           a2free
Display Name:   a-squared Free Service
  Description: Scans the PC for unwanted software and provides protection from malicious code
  Path Name:   "C:\Program Files\a-squared Free\a2service.exe"
  Start Mode:  Auto
  State:       Running

Name:           Alerter
Display Name:   Alerter
  Description: Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k LocalService
  Start Mode:  Disabled
  State:       Stopped

Name:           ALG
Display Name:   Application Layer Gateway Service
  Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
  Path Name:   C:\WINDOWS\System32\alg.exe
  Start Mode:  Manual
  State:       Running

Name:           AntiVirSchedulerService
Display Name:   Avira AntiVir Scheduler
  Description: Service to schedule Avira AntiVir Personal - Free Antivirus jobs and updates.
  Path Name:   "C:\Program Files\Avira\AntiVir Desktop\sched.exe"
  Start Mode:  Auto
  State:       Running

Name:           AntiVirService
Display Name:   Avira AntiVir Guard
  Description: Offers permanent protection against viruses and malware with the AntiVir search engine.
  Path Name:   "C:\Program Files\Avira\AntiVir Desktop\avguard.exe"
  Start Mode:  Auto
  State:       Running

Name:           Apple Mobile Device
Display Name:   Apple Mobile Device
  Description: Provides the interface to Apple mobile devices.
  Path Name:   "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
  Start Mode:  Auto
  State:       Running

Name:           AppMgmt
Display Name:   Application Management
  Description: Provides software installation services such as Assign, Publish, and Remove.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Stopped

Name:           aspnet_state
Display Name:   ASP.NET State Service
  Description: Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
  Start Mode:  Manual
  State:       Stopped

Name:           Ati HotKey Poller
Display Name:   Ati HotKey Poller
  Description: 
  Path Name:   C:\WINDOWS\system32\Ati2evxx.exe
  Start Mode:  Auto
  State:       Running

Name:           ATI Smart
Display Name:   ATI Smart
  Description: 
  Path Name:   C:\WINDOWS\system32\ati2sgag.exe
  Start Mode:  Auto
  State:       Stopped

Name:           AudioSrv
Display Name:   Windows Audio
  Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           BITS
Display Name:   Background Intelligent Transfer Service
  Description: Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Stopped

Name:           Bonjour Service
Display Name:   Bonjour Service
  Description: Bonjour allows applications like iTunes and Safari to advertise and discover services on the local network.  Having Bonjour running enables you to connect to hardware devices like Apple TV and software services like iTunes sharing and AirTunes. If you disable Bonjour, any network service that explicitly depends on it will fail to start.
  Path Name:   "C:\Program Files\Bonjour\mDNSResponder.exe"
  Start Mode:  Auto
  State:       Running

Name:           Browser
Display Name:   Computer Browser
  Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Stopped

Name:           CiSvc
Display Name:   Indexing Service
  Description: Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
  Path Name:   C:\WINDOWS\system32\cisvc.exe
  Start Mode:  Manual
  State:       Stopped

Name:           ClipSrv
Display Name:   ClipBook
  Description: Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\WINDOWS\system32\clipsrv.exe
  Start Mode:  Disabled
  State:       Stopped

Name:           clr_optimization_v2.0.50727_32
Display Name:   .NET Runtime Optimization Service v2.0.50727_X86
  Description: Microsoft .NET Framework NGEN
  Path Name:   C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
  Start Mode:  Manual
  State:       Stopped

Name:           COMSysApp
Display Name:   COM+ System Application
  Description: Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
  Start Mode:  Manual
  State:       Stopped

Name:           CryptSvc
Display Name:   Cryptographic Services
  Description: Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           DcomLaunch
Display Name:   DCOM Server Process Launcher
  Description: Provides launch functionality for DCOM services.
  Path Name:   C:\WINDOWS\system32\svchost -k DcomLaunch
  Start Mode:  Auto
  State:       Running

Name:           Dhcp
Display Name:   DHCP Client
  Description: Manages network configuration by registering and updating IP addresses and DNS names.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           dmadmin
Display Name:   Logical Disk Manager Administrative Service
  Description: Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
  Path Name:   C:\WINDOWS\System32\dmadmin.exe /com
  Start Mode:  Manual
  State:       Stopped

Name:           dmserver
Display Name:   Logical Disk Manager
  Description: Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Stopped

Name:           Dnscache
Display Name:   DNS Client
  Description: Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k NetworkService
  Start Mode:  Auto
  State:       Running

Name:           Dot3svc
Display Name:   Wired AutoConfig
  Description: This service performs IEEE 802.1X authentication on Ethernet interfaces
  Path Name:   C:\WINDOWS\System32\svchost.exe -k dot3svc
  Start Mode:  Manual
  State:       Stopped

Name:           EapHost
Display Name:   Extensible Authentication Protocol Service
  Description: Provides windows clients Extensible Authentication Protocol Service
  Path Name:   C:\WINDOWS\System32\svchost.exe -k eapsvcs
  Start Mode:  Manual
  State:       Stopped

Name:           ERSvc
Display Name:   Error Reporting Service
  Description: Allows error reporting for services and applictions running in non-standard environments.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           Eventlog
Display Name:   Event Log
  Description: Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
  Path Name:   C:\WINDOWS\system32\services.exe
  Start Mode:  Auto
  State:       Running

Name:           EventSystem
Display Name:   COM+ Event System
  Description: Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Running

Name:           FastUserSwitchingCompatibility
Display Name:   Fast User Switching Compatibility
  Description: Provides management for applications that require assistance in a multiple user environment.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Running

Name:           FLEXnet Licensing Service
Display Name:   FLEXnet Licensing Service
  Description: This service performs licensing functions on behalf of FLEXnet enabled products.
  Path Name:   "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"
  Start Mode:  Manual
  State:       Stopped

Name:           FontCache3.0.0.0
Display Name:   Windows Presentation Foundation Font Cache 3.0.0.0
  Description: Optimizes performance of Windows Presentation Foundation (WPF) applications by caching commonly used font data. WPF applications will start this service if it is not already running. It can be disabled, though doing so will degrade the performance of WPF applications.
  Path Name:   c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
  Start Mode:  Manual
  State:       Stopped

Name:           getPlus(R) Helper
Display Name:   getPlus(R) Helper
  Description: 
  Path Name:   C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
  Start Mode:  Manual
  State:       Stopped

Name:           helpsvc
Display Name:   Help and Support
  Description: Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           HidServ
Display Name:   Human Interface Device Access
  Description: Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Disabled
  State:       Stopped

Name:           hkmsvc
Display Name:   Health Key and Certificate Management Service
  Description: Manages health certificates and keys (used by NAP)
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Stopped

Name:           hpqcxs08
Display Name:   hpqcxs08
  Description: 
  Path Name:   C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
  Start Mode:  Manual
  State:       Running

Name:           hpqddsvc
Display Name:   HP CUE DeviceDiscovery Service
  Description: This service detects and monitors CUE devices on the system.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
  Start Mode:  Auto
  State:       Running

Name:           HTTPFilter
Display Name:   HTTP SSL
  Description: This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service,  using the Secure Socket Layer (SSL).  If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k HTTPFilter
  Start Mode:  Manual
  State:       Stopped

Name:           idsvc
Display Name:   Windows CardSpace
  Description: Securely enables the creation, management, and disclosure of digital identities.
  Path Name:   "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
  Start Mode:  Manual
  State:       Stopped

Name:           ImapiService
Display Name:   IMAPI CD-Burning COM Service
  Description: Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\WINDOWS\system32\imapi.exe
  Start Mode:  Manual
  State:       Stopped

Name:           iPod Service
Display Name:   iPod Service
  Description: iPod hardware management services
  Path Name:   "C:\Program Files\iPod\bin\iPodService.exe"
  Start Mode:  Manual
  State:       Running

Name:           JavaQuickStarterService
Display Name:   Java Quick Starter
  Description: Prefetches JRE files for faster startup of Java applets and applications
  Path Name:   "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
  Start Mode:  Auto
  State:       Running

Name:           lanmanserver
Display Name:   Server
  Description: Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           lanmanworkstation
Display Name:   Workstation
  Description: Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           Lavasoft Ad-Aware Service
Display Name:   Lavasoft Ad-Aware Service
  Description: Ad-Aware Service
  Path Name:   
  Start Mode:  Auto
  State:       Stopped

Name:           LmHosts
Display Name:   TCP/IP NetBIOS Helper
  Description: Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k LocalService
  Start Mode:  Auto
  State:       Running

Name:           Macromedia Licensing Service
Display Name:   Macromedia Licensing Service
  Description: Provides authentication services for Macromedia applications.
  Path Name:   "C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"
  Start Mode:  Manual
  State:       Stopped

Name:           Messenger
Display Name:   Messenger
  Description: Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Disabled
  State:       Stopped

Name:           mnmsrvc
Display Name:   NetMeeting Remote Desktop Sharing
  Description: Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\WINDOWS\system32\mnmsrvc.exe
  Start Mode:  Manual
  State:       Stopped

Name:           MSDTC
Display Name:   Distributed Transaction Coordinator
  Description: Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start. 
  Path Name:   C:\WINDOWS\system32\msdtc.exe
  Start Mode:  Manual
  State:       Stopped

Name:           MSIServer
Display Name:   Windows Installer
  Description: Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\WINDOWS\system32\msiexec.exe /V
  Start Mode:  Manual
  State:       Stopped

Name:           napagent
Display Name:   Network Access Protection Agent
  Description: Allows windows clients to participate in Network Access Protection
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Stopped

Name:           Net Driver HPZ12
Display Name:   Net Driver HPZ12
  Description: 
  Path Name:   C:\WINDOWS\System32\svchost.exe -k HPZ12
  Start Mode:  Auto
  State:       Running

Name:           NetDDE
Display Name:   Network DDE
  Description: Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\WINDOWS\system32\netdde.exe
  Start Mode:  Disabled
  State:       Stopped

Name:           NetDDEdsdm
Display Name:   Network DDE DSDM
  Description: Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. 
  Path Name:   C:\WINDOWS\system32\netdde.exe
  Start Mode:  Disabled
  State:       Stopped

Name:           Netlogon
Display Name:   Net Logon
  Description: Supports pass-through authentication of account logon events for computers in a domain.
  Path Name:   C:\WINDOWS\system32\lsass.exe
  Start Mode:  Manual
  State:       Stopped

Name:           Netman
Display Name:   Network Connections
  Description: Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Running

Name:           NetTcpPortSharing
Display Name:   Net.Tcp Port Sharing Service
  Description: Provides ability to share TCP ports over the net.tcp protocol.
  Path Name:   "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
  Start Mode:  Disabled
  State:       Stopped

Name:           Nla
Display Name:   Network Location Awareness (NLA)
  Description: Collects and stores network configuration and location information, and notifies applications when this information changes.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Running

Name:           NtLmSsp
Display Name:   NT LM Security Support Provider
  Description: Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
  Path Name:   C:\WINDOWS\system32\lsass.exe
  Start Mode:  Manual
  State:       Stopped

Name:           NtmsSvc
Display Name:   Removable Storage
  Description: 
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Stopped

Name:           odserv
Display Name:   Microsoft Office Diagnostics Service
  Description: Run portions of Microsoft Office Diagnostics.
  Path Name:   "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
  Start Mode:  Manual
  State:       Stopped

Name:           ose
Display Name:   Office Source Engine
  Description: Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports.
  Path Name:   "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
  Start Mode:  Manual
  State:       Stopped

Name:           PlugPlay
Display Name:   Plug and Play
  Description: Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
  Path Name:   C:\WINDOWS\system32\services.exe
  Start Mode:  Auto
  State:       Running

Name:           Pml Driver HPZ12
Display Name:   Pml Driver HPZ12
  Description: 
  Path Name:   C:\WINDOWS\System32\svchost.exe -k HPZ12
  Start Mode:  Auto
  State:       Running

Name:           PolicyAgent
Display Name:   IPSEC Services
  Description: Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
  Path Name:   C:\WINDOWS\system32\lsass.exe
  Start Mode:  Auto
  State:       Running

Name:           PrismXL
Display Name:   PrismXL
  Description: 
  Path Name:   C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
  Start Mode:  Auto
  State:       Running

Name:           ProtectedStorage
Display Name:   Protected Storage
  Description: Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
  Path Name:   C:\WINDOWS\system32\lsass.exe
  Start Mode:  Auto
  State:       Running

Name:           RasAuto
Display Name:   Remote Access Auto Connection Manager
  Description: Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Stopped

Name:           RasMan
Display Name:   Remote Access Connection Manager
  Description: Creates a network connection.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Running

Name:           RDSessMgr
Display Name:   Remote Desktop Help Session Manager
  Description: Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
  Path Name:   C:\WINDOWS\system32\sessmgr.exe
  Start Mode:  Manual
  State:       Stopped

Name:           RemoteAccess
Display Name:   Routing and Remote Access
  Description: Offers routing services to businesses in local area and wide area network environments.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Disabled
  State:       Stopped

Name:           RpcLocator
Display Name:   Remote Procedure Call (RPC) Locator
  Description: Manages the RPC name service database.
  Path Name:   C:\WINDOWS\system32\locator.exe
  Start Mode:  Manual
  State:       Stopped

Name:           RpcSs
Display Name:   Remote Procedure Call (RPC)
  Description: Provides the endpoint mapper and other miscellaneous RPC services.
  Path Name:   C:\WINDOWS\system32\svchost -k rpcss
  Start Mode:  Auto
  State:       Running

Name:           RSVP
Display Name:   QoS RSVP
  Description: Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
  Path Name:   C:\WINDOWS\system32\rsvp.exe
  Start Mode:  Manual
  State:       Stopped

Name:           SamSs
Display Name:   Security Accounts Manager
  Description: Stores security information for local user accounts.
  Path Name:   C:\WINDOWS\system32\lsass.exe
  Start Mode:  Auto
  State:       Running

Name:           SCardSvr
Display Name:   Smart Card
  Description: Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\WINDOWS\System32\SCardSvr.exe
  Start Mode:  Manual
  State:       Stopped

Name:           Schedule
Display Name:   Task Scheduler
  Description: Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           seclogon
Display Name:   Secondary Logon
  Description: Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           SENS
Display Name:   System Event Notification
  Description: Tracks system events such as Windows logon, network, and power events.  Notifies COM+ Event System subscribers of these events.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           SharedAccess
Display Name:   Windows Firewall/Internet Connection Sharing (ICS)
  Description: Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           ShellHWDetection
Display Name:   Shell Hardware Detection
  Description: Provides notifications for AutoPlay hardware events.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           Spooler
Display Name:   Print Spooler
  Description: Loads files to memory for later printing.
  Path Name:   C:\WINDOWS\system32\spoolsv.exe
  Start Mode:  Auto
  State:       Running

Name:           srservice
Display Name:   System Restore Service
  Description: Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           SSDPSRV
Display Name:   SSDP Discovery Service
  Description: Enables discovery of UPnP devices on your home network.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k LocalService
  Start Mode:  Manual
  State:       Running

Name:           stisvc
Display Name:   Windows Image Acquisition (WIA)
  Description: Provides image acquisition services for scanners and cameras.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k imgsvc
  Start Mode:  Auto
  State:       Running

Name:           SwPrv
Display Name:   MS Software Shadow Copy Provider
  Description: Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\WINDOWS\system32\dllhost.exe /Processid:{63C33B1B-E9A2-4399-8C21-F59FA31488FA}
  Start Mode:  Manual
  State:       Stopped

Name:           SysmonLog
Display Name:   Performance Logs and Alerts
  Description: Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\WINDOWS\system32\smlogsvc.exe
  Start Mode:  Manual
  State:       Stopped

Name:           TapiSrv
Display Name:   Telephony
  Description: Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Running

Name:           TermService
Display Name:   Terminal Services
  Description: Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
  Path Name:   C:\WINDOWS\System32\svchost -k DComLaunch
  Start Mode:  Manual
  State:       Running

Name:           Themes
Display Name:   Themes
  Description: Provides user experience theme management.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           TrkWks
Display Name:   Distributed Link Tracking Client
  Description: Maintains links between NTFS files within a computer or across computers in a network domain.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           UMWdf
Display Name:   Windows User Mode Driver Framework
  Description: Enables Windows user mode drivers.
  Path Name:   C:\WINDOWS\system32\wdfmgr.exe
  Start Mode:  Auto
  State:       Running

Name:           upnphost
Display Name:   Universal Plug and Play Device Host
  Description: Provides support to host Universal Plug and Play devices.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k LocalService
  Start Mode:  Manual
  State:       Stopped

Name:           UPS
Display Name:   Uninterruptible Power Supply
  Description: Manages an uninterruptible power supply (UPS) connected to the computer.
  Path Name:   C:\WINDOWS\System32\ups.exe
  Start Mode:  Manual
  State:       Stopped

Name:           usnjsvc
Display Name:   Messenger Sharing Folders USN Journal Reader service
  Description: Service installed by Messenger to enable sharing scenarios
  Path Name:   "C:\Program Files\MSN Messenger\usnsvc.exe"
  Start Mode:  Manual
  State:       Stopped

Name:           VSS
Display Name:   Volume Shadow Copy
  Description: Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\WINDOWS\System32\vssvc.exe
  Start Mode:  Manual
  State:       Stopped

Name:           W32Time
Display Name:   Windows Time
  Description: Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           WebClient
Display Name:   WebClient
  Description: Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k LocalService
  Start Mode:  Auto
  State:       Running

Name:           winmgmt
Display Name:   Windows Management Instrumentation
  Description: Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           WmdmPmSN
Display Name:   Portable Media Serial Number Service
  Description: Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Stopped

Name:           WmiApSrv
Display Name:   WMI Performance Adapter
  Description: Provides performance library information from WMI HiPerf providers.
  Path Name:   C:\WINDOWS\system32\wbem\wmiapsrv.exe
  Start Mode:  Manual
  State:       Stopped

Name:           wscsvc
Display Name:   Security Center
  Description: Monitors system security settings and configurations.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           wuauserv
Display Name:   Automatic Updates
  Description: Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           WUSB54GSv2SVC
Display Name:   WUSB54GSv2SVC
  Description: 
  Path Name:   "C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54GSv2.exe"
  Start Mode:  Auto
  State:       Running

Name:           WZCSVC
Display Name:   Wireless Zero Configuration
  Description: Provides automatic configuration for the 802.11 adapters
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Stopped

Name:           xmlprov
Display Name:   Network Provisioning Service
  Description: Manages XML configuration files on a domain basis for automatic network provisioning.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Stopped


------------------------------------------------------------------------------------ 

Displaying LOG for Microsoft Windows Malicious Software Removal Tool: 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.2, September 2008
Started On Sat Sep 13 03:48:31 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Sep 13 03:49:18 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.2, September 2008
Started On Sat Sep 13 03:54:19 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Sep 13 03:54:57 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.3, October 2008
Started On Thu Oct 16 02:52:51 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Oct 16 02:54:07 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.4, November 2008
Started On Wed Nov 12 14:38:35 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Nov 12 14:40:01 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.5, December 2008
Started On Fri Dec 12 05:24:59 2008

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Dec 12 05:26:24 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.6, January 2009
Started On Thu Jan 15 03:07:37 2009

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 15 03:09:48 2009


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.7, February 2009
Started On Thu Feb 12 03:55:32 2009

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 12 03:57:00 2009


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.8, March 2009
Started On Sun Mar 15 14:00:34 2009

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Mar 15 14:02:12 2009


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.9, April 2009
Started On Wed Apr 15 03:56:22 2009
Security policy adjusted. Engine requests reboot and try again, ignoring.
Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 15 03:57:53 2009


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.10, May 2009
Started On Wed May 13 05:03:46 2009
WARNING: Security policy doesn't allow for all actions MSRT may require.
Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed May 13 05:05:16 2009


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.11, June 2009
Started On Thu Jun 11 04:47:39 2009
WARNING: Security policy doesn't allow for all actions MSRT may require.
Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jun 11 04:49:23 2009


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.11, June 2009
Started On Thu Jun 18 00:59:19 2009
WARNING: Security policy doesn't allow for all actions MSRT may require.
Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jun 18 01:00:53 2009


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.12, July 2009
Started On Wed Jul 15 05:24:44 2009
WARNING: Security policy doesn't allow for all actions MSRT may require.
Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jul 15 05:26:12 2009


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.13, August 2009
Started On Thu Aug 13 17:27:19 2009
WARNING: Security policy doesn't allow for all actions MSRT may require.
Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Aug 13 17:28:49 2009


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.14, September 2009
Started On Tue Sep 08 18:43:08 2009
WARNING: Security policy doesn't allow for all actions MSRT may require.
Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Sep 08 18:45:07 2009


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.14, September 2009
Started On Mon Sep 21 23:04:36 2009
WARNING: Security policy doesn't allow for all actions MSRT may require.---------------------------------------------------------------------------- 
   Listing HKCU Explorer\Advanced//Hidden and SuperHidden Registry Keys 
       if Hidden = 0 then Hidden Files and Folders are not shown 
       if SuperHidden = 1 is the desired default value. 
       if ShowSuperHidden = 0 then System Files are not shown 
       if HideFileExt = 1 then File Extension are not shown 
   We want their values to be (from top to bottom) 1,1,1,0 
---------------------------------------------------------------------------- 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\advanced
  Hidden	REG_DWORD      	1 (0x1)
  SuperHidden	REG_DWORD      	1 (0x1)
  ShowSuperHidden	REG_DWORD      	1 (0x1)
  HideFileExt	REG_DWORD      	0 (0x0)

************************************************************************************  

Examining Select Windows Registry Keys 
------------------------------------------------------------------------------------ 

   -------------------------------------------------------------------------- 
       Items Found in ZoneMap\Domains: 
   -------------------------------------------------------------------------- 



HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\zonemap\domains
  <NO NAME>	REG_SZ         	

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\zonemap\domains\msn.com

   ---------------------------------------------------------------------------- 
       Current User ZoneMap ProtocolDefaults 
   ---------------------------------------------------------------------------- 



HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\protocoldefaults
  <NO NAME>	REG_SZ         	
  http	REG_DWORD      	3 (0x3)
  https	REG_DWORD      	3 (0x3)
  ftp	REG_DWORD      	3 (0x3)
  file	REG_DWORD      	3 (0x3)
  @ivt	REG_DWORD      	1 (0x1)
  shell	REG_DWORD      	0 (0x0)

   ---------------------------------------------------------------------------- 
           Default URL Prefix Keys 
   ---------------------------------------------------------------------------- 



HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url\DefaultPrefix
  <NO NAME>	REG_SZ         	http://

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url\Prefixes
  ftp	REG_SZ         	ftp://
  gopher	REG_SZ         	gopher://
  home	REG_SZ         	http://
  mosaic	REG_SZ         	http://
  www	REG_SZ         	http://

   -------------------------------------------------------------------------- 
           Startup Items Disabled via MSCONFIG: 
   -------------------------------------------------------------------------- 


   -------------------------------------------------------------------------- 
           Select AutoRun Registry Keys: 
   -------------------------------------------------------------------------- 



HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
  updateMgr	REG_SZ         	C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
  ctfmon.exe	REG_SZ         	C:\WINDOWS\system32\ctfmon.exe
  MsnMsgr	REG_SZ         	"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
  SUPERAntiSpyware	REG_SZ         	C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater


Error: Key: software\microsoft\windows\currentversion\runonce does not exist!



HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
  RemoteControl	REG_SZ         	"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
  readericon	REG_SZ         	C:\Program Files\Digital Media Reader\readericon45G.exe
  RTHDCPL	REG_SZ         	RTHDCPL.EXE
  Alcmtr	REG_SZ         	ALCMTR.EXE
  Recguard	REG_EXPAND_SZ  	%WINDIR%\SMINST\RECGUARD.EXE
  Easy Dock	REG_SZ         	
  Adobe Reader Speed Launcher	REG_SZ         	"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
  QuickTime Task	REG_SZ         	"C:\Program Files\QuickTime\qttask.exe" -atboottime
  iTunesHelper	REG_SZ         	"C:\Program Files\iTunes\iTunesHelper.exe"
  SunJavaUpdateSched	REG_SZ         	"C:\Program Files\Java\jre6\bin\jusched.exe"
  avgnt	REG_SZ         	"C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents


HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce


HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex


HKEY_USERS\.default\software\microsoft\windows\currentversion\run
  Power2GoExpress	REG_SZ         	NA


HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run
  Power2GoExpress	REG_SZ         	NA


Error: Key: s-1-5-19\software\microsoft\windows\currentversion\run does not exist!


   -------------------------------------------------------------------------- 
           WinLogon Notify Registry Key: 
   -------------------------------------------------------------------------- 



HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent
  DLLName	REG_SZ         	Ati2evxx.dll
  Asynchronous	REG_DWORD      	0 (0x0)
  Impersonate	REG_DWORD      	1 (0x1)
  Lock	REG_SZ         	AtiLockEvent
  Logoff	REG_SZ         	AtiLogoffEvent
  Logon	REG_SZ         	AtiLogonEvent
  Disconnect	REG_SZ         	AtiDisConnectEvent
  Reconnect	REG_SZ         	AtiReConnectEvent
  Safe	REG_DWORD      	0 (0x0)
  Shutdown	REG_SZ         	AtiShutdownEvent
  StartScreenSaver	REG_SZ         	AtiStartScreenSaverEvent
  StartShell	REG_SZ         	AtiStartShellEvent
  Startup	REG_SZ         	AtiStartupEvent
  StopScreenSaver	REG_SZ         	AtiStopScreenSaverEvent
  Unlock	REG_SZ         	AtiUnLockEvent

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter
  DLLName	REG_SZ         	avgrsstx.dll
  Startup	REG_SZ         	AvgStartup

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain
  Asynchronous	REG_DWORD      	0 (0x0)
  Impersonate	REG_DWORD      	0 (0x0)
  DllName	REG_EXPAND_SZ  	crypt32.dll
  Logoff	REG_SZ         	ChainWlxLogoffEvent

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet
  Asynchronous	REG_DWORD      	0 (0x0)
  Impersonate	REG_DWORD      	0 (0x0)
  DllName	REG_EXPAND_SZ  	cryptnet.dll
  Logoff	REG_SZ         	CryptnetWlxLogoffEvent

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll
  DLLName	REG_SZ         	cscdll.dll
  Logon	REG_SZ         	WinlogonLogonEvent
  Logoff	REG_SZ         	WinlogonLogoffEvent
  ScreenSaver	REG_SZ         	WinlogonScreenSaverEvent
  Startup	REG_SZ         	WinlogonStartupEvent
  Shutdown	REG_SZ         	WinlogonShutdownEvent
  StartShell	REG_SZ         	WinlogonStartShellEvent
  Impersonate	REG_DWORD      	0 (0x0)
  Asynchronous	REG_DWORD      	1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy
  Asynchronous	REG_DWORD      	1 (0x1)
  DllName	REG_EXPAND_SZ  	%SystemRoot%\System32\dimsntfy.dll
  Startup	REG_SZ         	WlDimsStartup
  Shutdown	REG_SZ         	WlDimsShutdown
  Logon	REG_SZ         	WlDimsLogon
  Logoff	REG_SZ         	WlDimsLogoff
  StartShell	REG_SZ         	WlDimsStartShell
  Lock	REG_SZ         	WlDimsLock
  Unlock	REG_SZ         	WlDimsUnlock

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp
  DLLName	REG_SZ         	wlnotify.dll
  Logon	REG_SZ         	SCardStartCertProp
  Logoff	REG_SZ         	SCardStopCertProp
  Lock	REG_SZ         	SCardSuspendCertProp
  Unlock	REG_SZ         	SCardResumeCertProp
  Enabled	REG_DWORD      	1 (0x1)
  Impersonate	REG_DWORD      	1 (0x1)
  Asynchronous	REG_DWORD      	1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule
  Asynchronous	REG_DWORD      	0 (0x0)
  DllName	REG_EXPAND_SZ  	wlnotify.dll
  Impersonate	REG_DWORD      	0 (0x0)
  StartShell	REG_SZ         	SchedStartShell
  Logoff	REG_SZ         	SchedEventLogOff

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy
  Logoff	REG_SZ         	WLEventLogoff
  Impersonate	REG_DWORD      	0 (0x0)
  Asynchronous	REG_DWORD      	1 (0x1)
  DllName	REG_EXPAND_SZ  	sclgntfy.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn
  DLLName	REG_SZ         	WlNotify.dll
  Lock	REG_SZ         	SensLockEvent
  Logon	REG_SZ         	SensLogonEvent
  Logoff	REG_SZ         	SensLogoffEvent
  Safe	REG_DWORD      	1 (0x1)
  MaxWait	REG_DWORD      	600 (0x258)
  StartScreenSaver	REG_SZ         	SensStartScreenSaverEvent
  StopScreenSaver	REG_SZ         	SensStopScreenSaverEvent
  Startup	REG_SZ         	SensStartupEvent
  Shutdown	REG_SZ         	SensShutdownEvent
  StartShell	REG_SZ         	SensStartShellEvent
  PostShell	REG_SZ         	SensPostShellEvent
  Disconnect	REG_SZ         	SensDisconnectEvent
  Reconnect	REG_SZ         	SensReconnectEvent
  Unlock	REG_SZ         	SensUnlockEvent
  Impersonate	REG_DWORD      	1 (0x1)
  Asynchronous	REG_DWORD      	1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv
  Asynchronous	REG_DWORD      	0 (0x0)
  DllName	REG_EXPAND_SZ  	wlnotify.dll
  Impersonate	REG_DWORD      	0 (0x0)
  Logoff	REG_SZ         	TSEventLogoff
  Logon	REG_SZ         	TSEventLogon
  PostShell	REG_SZ         	TSEventPostShell
  Shutdown	REG_SZ         	TSEventShutdown
  StartShell	REG_SZ         	TSEventStartShell
  Startup	REG_SZ         	TSEventStartup
  MaxWait	REG_DWORD      	600 (0x258)
  Reconnect	REG_SZ         	TSEventReconnect
  Disconnect	REG_SZ         	TSEventDisconnect

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon
  DLLName	REG_SZ         	wlnotify.dll
  Logon	REG_SZ         	RegisterTicketExpiredNotificationEvent
  Logoff	REG_SZ         	UnregisterTicketExpiredNotificationEvent
  Impersonate	REG_DWORD      	1 (0x1)
  Asynchronous	REG_DWORD      	1 (0x1)

   -------------------------------------------------------------------------- 
           Shared Task Scheduler Registry Items: 
   -------------------------------------------------------------------------- 



HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
  {438755C2-A8BA-11D1-B96B-00A0C90312E1}	REG_SZ         	Browseui preloader
  {8C7461EF-2B13-11d2-BE35-3078302C2030}	REG_SZ         	Component Categories cache daemon

   -------------------------------------------------------------------------- 
           Scheduled Tasks: 
   -------------------------------------------------------------------------- 

Volume in drive C has no label.
Volume Serial Number is 18A2-DE4C

Directory of C:\WINDOWS\tasks

10/01/2009  11:59 PM    <DIR>          .
10/01/2009  11:59 PM    <DIR>          ..
09/28/2009  12:07 AM               472 Ad-Aware Update (Weekly).job
09/11/2009  01:10 PM               284 AppleSoftwareUpdate.job
08/04/2004  03:00 PM                65 desktop.ini
10/01/2009  11:59 PM               438 regcure program check.job
10/01/2009  11:59 PM               372 regcure.job
10/01/2009  11:12 PM                 6 SA.DAT
10/02/2009  05:00 AM               240 {7b02ef0b-a410-4938-8480-9ba26420a627}.job
10/02/2009  05:00 AM               278 {bb65b0fb-5712-401b-b616-e69ac55e2757}.job
              8 File(s)          2,155 bytes

    Total Files Listed:
              8 File(s)          2,155 bytes
              2 Dir(s)  32,693,469,184 bytes free
A          C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
A          C:\WINDOWS\tasks\AppleSoftwareUpdate.job
   HR     C:\WINDOWS\tasks\desktop.ini
A          C:\WINDOWS\tasks\regcure program check.job
A          C:\WINDOWS\tasks\regcure.job
A   H      C:\WINDOWS\tasks\SA.DAT
A   H      C:\WINDOWS\tasks\{7b02ef0b-a410-4938-8480-9ba26420a627}.job
A   H      C:\WINDOWS\tasks\{bb65b0fb-5712-401b-b616-e69ac55e2757}.job

   ---------------------------------------------------------------------------- 
           ShellExecuteHooks Registry Keys 
   ---------------------------------------------------------------------------- 



HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
  {AEB6717E-7E19-11d0-97EE-00C04FD91972}	REG_SZ         	

   ---------------------------------------------------------------------------- 
           ShellServiceObjectDelayLoad Registry Keys 
   ---------------------------------------------------------------------------- 



HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
  PostBootReminder	REG_SZ         	{7849596a-48ea-486e-8937-a2a3009f31a9}
  CDBurn	REG_SZ         	{fbeb8a05-beee-4442-804e-409d6c4515e9}
  WebCheck	REG_SZ         	{E6FB5E20-DE35-11CF-9C87-00AA005127ED}
  SysTray	REG_SZ         	{35CEC8A3-2BE6-11D2-8773-92E220524153}

   ---------------------------------------------------------------------------- 
           ModuleUsage Registry Keys: 
   ---------------------------------------------------------------------------- 



HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/DownloadManagerV2.ocx
  .Owner	REG_SZ         	{4871A87A-BFDD-4106-8153-FFDE2BAC2967}
  {4871A87A-BFDD-4106-8153-FFDE2BAC2967}	REG_SZ         	

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/gp.ocx
  .Owner	REG_SZ         	{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
  {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}	REG_SZ         	

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/Manager.exe
  .Owner	REG_SZ         	{4871A87A-BFDD-4106-8153-FFDE2BAC2967}
  {4871A87A-BFDD-4106-8153-FFDE2BAC2967}	REG_SZ         	

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/PhotoUploader5.ocx
  .Owner	REG_SZ         	{0CCA191D-13A6-4E29-B746-314DEE697D83}
  {0CCA191D-13A6-4E29-B746-314DEE697D83}	REG_SZ         	

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/securelogin.ocx
  .Owner	REG_SZ         	{85D1F3B2-2A21-11D7-97B9-0010DC2A6243}
  {85D1F3B2-2A21-11D7-97B9-0010DC2A6243}	REG_SZ         	

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/system32/atl.dll
  .Owner	REG_SZ         	Unknown Owner
  {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}	REG_SZ         	

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/system32/imlCID.dll
  .Owner	REG_SZ         	{7DFDB8FD-B498-4958-B930-38021B94351D}
  {7DFDB8FD-B498-4958-B930-38021B94351D}	REG_SZ         	

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/system32/unicows.dll
  .Owner	REG_SZ         	{0CCA191D-13A6-4E29-B746-314DEE697D83}
  {0CCA191D-13A6-4E29-B746-314DEE697D83}	REG_SZ         	

   ---------------------------------------------------------------------------- 
           BHO Registry Keys: 
   ---------------------------------------------------------------------------- 



HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0347C33E-8762-4905-BF09-768834316C61}
  <NO NAME>	REG_SZ         	HP Print Enhancer

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
  <NO NAME>	REG_SZ         	AcroIEHelperStub
  NoExplorer	REG_DWORD      	1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
  <NO NAME>	REG_SZ         	WormRadar.com IESiteBlocker.NavFilter

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}
  <NO NAME>	REG_SZ         	

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}
  NoExplorer	REG_DWORD      	1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}
  <NO NAME>	REG_SZ         	JQSIEStartDetectorImpl
  NoExplorer	REG_DWORD      	1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{EAD3A971-6A23-4246-8691-C9244E858967}
  <NO NAME>	REG_SZ         	

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}
  <NO NAME>	REG_SZ         	HP Smart BHO Class
  NoExplorer	REG_DWORD      	1 (0x1)

    -------------------------------------------------------------------------- 
           Select Policy Keys: 
    -------------------------------------------------------------------------- 



HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer
  NoDriveTypeAutoRun	REG_DWORD      	145 (0x91)
  NoDriveAutoRun	REG_BINARY     	00000000


HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer
  HonorAutoRunSetting	REG_DWORD      	1 (0x1)


HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system
  dontdisplaylastusername	REG_DWORD      	0 (0x0)
  legalnoticecaption	REG_SZ         	
  legalnoticetext	REG_SZ         	
  shutdownwithoutlogon	REG_DWORD      	1 (0x1)
  undockwithoutlogon	REG_DWORD      	1 (0x1)


HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer
  NoDriveTypeAutoRun	REG_DWORD      	145 (0x91)


HKEY_USERS\.default\software\microsoft\windows\currentversion\policies

HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\Explorer


HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer
  NoDriveTypeAutoRun	REG_DWORD      	145 (0x91)

************************************************************************************ 

Checking File System for suspicious Files 

-------------------------------------------------------------------------- 
   Items in the Root Directory: 
-------------------------------------------------------------------------- 

   Locating all files created in C:\ 

"C:\"
36A2AB~1      Aug  8 2009              "36a2aba22fd81d689909e7f9c405dd"
audit_~1      Sep 13 2008           2  "AUDIT_INSTALL_IN_PROGRESS"
autoexec.bat  Aug 26 2004           0  "AUTOEXEC.BAT"
AVENGER       Oct  1 2009              "Avenger"
avenger.txt   Oct  1 2009        1300  "avenger.txt"
avi_log.txt   Dec 16 2008        2694  "avi_log.txt"
boot.ini      Jul 19 2005         201  "boot.ini"
CONFIG.MSI    Sep 13 2008              "Config.Msi"
config.sys    Aug 26 2004           0  "CONFIG.SYS"
debug.log     Dec 22 2008      105885  "debug.log"
DOCUME~1      Aug 26 2004              "Documents and Settings"
dvdlog.txt    Dec 16 2008        2127  "dvdlog.txt"
hiberfil.sys  Oct  1 2009   668626944  "hiberfil.sys"
io.sys        Aug 26 2004           0  "IO.SYS"
iph.ph        Sep 13 2008        1112  "IPH.PH"
ISEEYO~1      Oct  1 2009              "ISeeYouXP"
MACH2         Sep 13 2008              "Mach2"
msdos.sys     Aug 26 2004           0  "MSDOS.SYS"
MSOCACHE      Sep  1 2009              "MSOCache"
MYMUSI~1      Sep 13 2008              "My Music"
MYBACK~1      Sep 13 2008              "My Backup -- 08-09-12 1046PM"
ntdetect.com  Aug  4 2004       47564  "NTDETECT.COM"
ntldr         Sep 13 2008      250048  "ntldr"
pagefile.sys  Oct  1 2009  1006632960  "pagefile.sys"
player~1.txt  Dec  4 2008        1280  "Player Loader_log.txt"
PROGRA~1      Jul 19 2005              "Program Files"
RECYCLER      Sep 13 2008              "RECYCLER"
reques~1      Sep 13 2008           0  "REQUEST_OEMRESET_ENDUSER"
rhdsetup.log  Sep 13 2008         499  "RHDSetup.log"
sq13b0~1.sqm  Oct  1 2009         244  "sqmnoopt12.sqm"
sq13b4~1.sqm  Oct  1 2009         244  "sqmnoopt13.sqm"
sq13b8~1.sqm  Sep 30 2009         244  "sqmnoopt10.sqm"
sq13bc~1.sqm  Oct  1 2009         244  "sqmnoopt11.sqm"
sq23b0~1.sqm  Sep 23 2009         244  "sqmnoopt16.sqm"
sq23b4~1.sqm  Sep 24 2009         244  "sqmnoopt17.sqm"
sq23b8~1.sqm  Oct  1 2009         244  "sqmnoopt14.sqm"
sq23bc~1.sqm  Sep 22 2009         244  "sqmnoopt15.sqm"
sq2fa0~1.sqm  Sep 30 2009         244  "sqmnoopt06.sqm"
sq2fa4~1.sqm  Sep 30 2009         244  "sqmnoopt07.sqm"
sq2fa8~1.sqm  Sep 30 2009         244  "sqmnoopt04.sqm"
sq2fac~1.sqm  Sep 30 2009         244  "sqmnoopt05.sqm"
sq33b8~1.sqm  Sep 25 2009         244  "sqmnoopt18.sqm"
sq33bc~1.sqm  Sep 25 2009         244  "sqmnoopt19.sqm"
sq3fa8~1.sqm  Sep 30 2009         244  "sqmnoopt08.sqm"
sq3fac~1.sqm  Sep 30 2009         244  "sqmnoopt09.sqm"
sqa368~1.sqm  Sep 30 2009         268  "sqmdata10.sqm"
sqa378~1.sqm  Oct  1 2009         268  "sqmdata14.sqm"
sqa37a~1.sqm  Sep 30 2009         268  "sqmdata04.sqm"
sqa388~1.sqm  Sep 25 2009         268  "sqmdata18.sqm"
sqa38a~1.sqm  Sep 30 2009         268  "sqmdata08.sqm"
sqa768~1.sqm  Oct  1 2009         268  "sqmdata11.sqm"
sqa778~1.sqm  Sep 22 2009         268  "sqmdata15.sqm"
sqa77a~1.sqm  Sep 30 2009         268  "sqmdata05.sqm"
sqa788~1.sqm  Sep 25 2009         268  "sqmdata19.sqm"
sqa78a~1.sqm  Sep 30 2009         268  "sqmdata09.sqm"
sqab68~1.sqm  Oct  1 2009         268  "sqmdata12.sqm"
sqab78~1.sqm  Sep 23 2009         268  "sqmdata16.sqm"
sqab7a~1.sqm  Sep 30 2009         268  "sqmdata06.sqm"
sqaf68~1.sqm  Oct  1 2009         268  "sqmdata13.sqm"
sqaf78~1.sqm  Sep 24 2009         268  "sqmdata17.sqm"
sqaf7a~1.sqm  Sep 30 2009         268  "sqmdata07.sqm"
sqmdat~1.sqm  Sep 26 2009         268  "sqmdata00.sqm"
sqmdat~2.sqm  Sep 27 2009         268  "sqmdata01.sqm"
sqmdat~3.sqm  Sep 28 2009         268  "sqmdata02.sqm"
sqmdat~4.sqm  Sep 29 2009         268  "sqmdata03.sqm"
sqmnoo~1.sqm  Sep 26 2009         244  "sqmnoopt00.sqm"
sqmnoo~2.sqm  Sep 27 2009         244  "sqmnoopt01.sqm"
sqmnoo~3.sqm  Sep 28 2009         244  "sqmnoopt02.sqm"
sqmnoo~4.sqm  Sep 29 2009         244  "sqmnoopt03.sqm"
SYSTEM~1      Jul 19 2005              "System Recovery"
SYSTEM~2      Sep 13 2008              "System Volume Information"
TEMP          Aug 28 2004              "TEMP"
TEMPDVD       Dec 16 2008              "TempDVD"
user          Sep 13 2008           2  "USER"
video2~1.log  Dec 16 2008       12087  "video2dvdpro.log"
WINDOWS       Aug 26 2004              "WINDOWS"

76 items found:  60 files (49 H/S), 16 directories (5 H/S).
  Total of file sizes:  1,675,694,945 bytes      1.56 G

-------------------------------------------------------------------------- 
   Items in the C:\TEMP Directory: 
-------------------------------------------------------------------------- 

Locating all files created in C:\TEMP  

"C:\TEMP\"
debug.txt     Dec 16 2008         193  "debug.txt"
enhanc~1.txt  Sep 29 2009           0  "EnhancedDataOutput.txt"

2 items found:  2 files, 0 directories.
  Total of file sizes:  193 bytes      0.19 K

-------------------------------------------------------------------------- 
   Locating all Backup files on C: 
-------------------------------------------------------------------------- 

   Locating all *.BAK* files 

"C:\WINDOWS\"
imsins.bak    Sep 21 2009        1374  "imsins.BAK"

"C:\Program Files\eMule\"
downlo~1.bak  Sep 16 2009        1034  "downloads.bak"

"C:\Program Files\WinRAR\"
winrar~1.bak  Dec 26 2004      847360  "WinRAR.exe.bak"

"C:\Documents and Settings\All Users\DRM\"
drmv1.bak     Sep 19 2009        4348  "DRMv1.bak"

"C:\Program Files\eMule\config\"
client~1.bak  Jan  7 2009      531578  "clients.met.bak"

"C:\Program Files\eMule\Temp\"
002par~1.bak  Sep 18 2009         330  "002.part.met.bak"
009par~1.bak  Sep 18 2009         341  "009.part.met.bak"
011par~1.bak  Sep 18 2009         133  "011.part.met.bak"

"C:\Program Files\regcure\Backup\"
re14d7~1.bak  Oct  1 2009        1157  "RegCureBak_July_09_09_03_08_06.bak"
re1930~1.bak  Oct  1 2009        3500  "RegCureBak_January_08_09_03_06_59.bak"
re2cff~1.bak  Oct  1 2009         608  "RegCureBak_February_12_09_03_05_25.bak"
re7b58~1.bak  Oct  1 2009         145  "RegCureBak_June_11_09_03_22_31.bak"
re8511~1.bak  Oct  1 2009         417  "RegCureBak_June_25_09_03_15_03.bak"
re8b25~1.bak  Oct  1 2009         791  "RegCureBak_June_18_09_03_16_18.bak"
re8bca~1.bak  Oct  1 2009         946  "RegCureBak_September_10_09_03_11_27.bak"
re91ee~1.bak  Oct  1 2009         818  "RegCureBak_November_09_08_00_00_37.bak"
re9e1e~1.bak  Oct  1 2009        1684  "RegCureBak_March_12_09_03_07_24.bak"
rea918~1.bak  Oct  1 2009        1800  "RegCureBak_November_13_08_03_48_53.bak"
reaf10~1.bak  Oct  1 2009         230  "RegCureBak_September_03_09_03_11_06.bak"
rec62c~1.bak  Oct  1 2009         136  "RegCureBak_March_05_09_03_05_00.bak"
rec6c6~1.bak  Oct  1 2009        3189  "RegCureBak_September_24_09_03_09_04.bak"
red236~1.bak  Oct  1 2009         388  "RegCureBak_March_26_09_03_09_57.bak"
regcur~1.bak  Oct  1 2009         264  "RegCureBak_April_23_09_03_12_50.bak"
regcur~2.bak  Oct  1 2009         153  "RegCureBak_August_20_09_05_13_46.bak"
regcur~3.bak  Oct  1 2009         580  "RegCureBak_December_11_08_03_09_38.bak"
regcur~4.bak  Oct  1 2009        6702  "RegCureBak_December_30_08_18_08_02.bak"

"C:\WINDOWS\Debug\Setup\"
updsh.bak     Sep 13 2008      348522  "UpdSh.bak"

"C:\WINDOWS\Debug\Setup\Backup\"
hdaudi~1.bak  Sep 13 2008           0  "HDAUDIO_Backup.bak"
intppm~1.bak  Sep 13 2008           4  "INTPPM_Backup.bak"

"C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\"
brndlog.bak   Aug 26 2004         439  "brndlog.bak"

"C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\"
brndlog.bak   Aug 26 2004         439  "brndlog.bak"

"C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\"
brndlog.bak   Aug 26 2004         439  "brndlog.bak"

"C:\Documents and Settings\Owner\Desktop\Diggity Designs\emachine Files\"
caster~1.bak  Jul 27 2009        9971  "Caster_EX1_RearUpperDeck.bak"
caster~2.bak  Jul 27 2009       15708  "Caster_EX1_FrontUpperDeck.bak"
tc5bat~1.bak  Mar 19 2009       13930  "TC5 Battery Brace 500 over.bak"

"C:\Documents and Settings\Owner\My Documents\My Music\License Backup\"
drmv1key.bak  Sep 19 2009        4348  "drmv1key.bak"
drmv1lic.bak  Sep 19 2009          20  "drmv1lic.bak"
drmv2key.bak  Sep 19 2009         400  "drmv2key.bak"
drmv2lic.bak  Sep 19 2009           0  "drmv2lic.bak"

"C:\Program Files\Macromedia\Dreamweaver MX 2004\Configuration\Menus\"
menus.bak     Mar  1 2004      337224  "menus.bak"

"C:\WINDOWS\pchealth\helpctr\Config\Cache\"
person~1.bak  Dec 16 2008      142762  "Personal_32_1033.dat.bak"

"C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Cache\"
mcsubdb.bak   Sep 13 2008         953  "McSubDB.Bak"

"C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\"
opa12.bak     Oct 17 2002        8200  "OPA12.BAK"

"C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Internet Explorer\"
brndlog.bak   Jun 18 2009        7917  "brndlog.bak"

"C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\"
brndlog.bak   Aug 26 2004         439  "brndlog.bak"

45 items found:  45 files (4 H/S), 0 directories.
  Total of file sizes:  2,301,721 bytes      2.19 M

-------------------------------------------------------------------------- 
   Locating all copies of Internet Explorer on C: 
-------------------------------------------------------------------------- 

   Locating all copies of Internet Explorer 

"C:\Program Files\Internet Explorer\"
iexplore.exe  Mar  8 2009      638816  "iexplore.exe"

"C:\WINDOWS\$NtServicePackUninstall$\"
iexplore.exe  Aug  4 2004       93184  "iexplore.exe"

"C:\WINDOWS\ie8\"
iexplore.exe  Apr 13 2008       93184  "iexplore.exe"

"C:\WINDOWS\ServicePackFiles\i386\"
iexplore.exe  Apr 13 2008       93184  "iexplore.exe"

"C:\WINDOWS\system32\dllcache\"
iexplore.exe  Mar  8 2009      638816  "iexplore.exe"

"C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\"
iexplore.exe  Jun 23 2008      625664  "iexplore.exe"

"C:\WINDOWS\SoftwareDistribution\Download\b4e75dba041bc21ee94fbcfa88cb49de\SP2GDR\"
iexplore.exe  Jun 23 2008      625664  "iexplore.exe"

"C:\WINDOWS\SoftwareDistribution\Download\b4e75dba041bc21ee94fbcfa88cb49de\SP2QFE\"
iexplore.exe  Jun 23 2008      625664  "iexplore.exe"

8 items found:  8 files, 0 directories.
  Total of file sizes:  3,434,176 bytes      3.27 M

-------------------------------------------------------------------------- 
   Locating all copies of beep.sy_ on C: 
-------------------------------------------------------------------------- 

   Locating all copies of Internet Explorer 

"C:\WINDOWS\I386\"
beep.sy_      Aug  4 2004        2123  "BEEP.SY_"

1 item found:  1 file, 0 directories.
  Total of file sizes:  2,123 bytes      2.07 K

-------------------------------------------------------------------------- 
   Locating all copies of beep.sys on C: 
-------------------------------------------------------------------------- 

   Locating all copies of Internet Explorer 

"C:\WINDOWS\system32\dllcache\"
beep.sys      Aug  4 2004        4224  "beep.sys"

"C:\WINDOWS\system32\drivers\"
beep.sys      Aug  4 2004        4224  "beep.sys"

2 items found:  2 files, 0 directories.
  Total of file sizes:  8,448 bytes      8.25 K

-------------------------------------------------------------------------- 
   Locating all copies of Windows Explorer on C: 
-------------------------------------------------------------------------- 

   Locating all copies of Windows Explorer 

"C:\WINDOWS\"
explorer.exe  Apr 13 2008     1033728  "explorer.exe"

"C:\WINDOWS\$NtServicePackUninstall$\"
explorer.exe  Aug  4 2004     1032192  "explorer.exe"

"C:\WINDOWS\ServicePackFiles\i386\"
explorer.exe  Apr 13 2008     1033728  "explorer.exe"

3 items found:  3 files, 0 directories.
  Total of file sizes:  3,099,648 bytes      2.95 M

--------------------------------------------------------------------------
   Items in Document and Settings: 
--------------------------------------------------------------------------

    Listing contents of C:\Documents and Settings 

"C:\Documents and Settings\"
ADMINI~1      Sep 20 2009              "Administrator"
ALLUSE~1      Aug 26 2004              "All Users"
DEFAUL~1      Aug 26 2004              "Default User"
LOCALS~1      Aug 26 2004              "LocalService"
NETWOR~1      Aug 26 2004              "NetworkService"
OWNER         Aug 26 2004              "Owner"

6 items found:  0 files, 6 directories (3 H/S).

    --------------------------------------------------------------------------
           Desktop Items: 
    --------------------------------------------------------------------------

   Locating all files created in C:\Documents and Settings\Owner\Desktop within the last 90 days. 

"C:\Documents and Settings\Owner\Desktop\"
a2scan~1.txt  Oct  2 2009        4302  "a2scan_091002-000804.txt"
atf-cl~1.exe  Oct  1 2009       50688  "ATF-Cleaner.exe"
BEATLE~1      Sep  7 2009              "Beatles Remastered"
ca7484~1.jpg  Jul 17 2009      168281  "Caster_TopPlate_V2_1.jpg"
ca8480~1.jpg  Jul 17 2009      173272  "Caster_TopPlate_V2_4.jpg"
ca8484~1.jpg  Jul 17 2009      227017  "Caster_TopPlate_V2_5.jpg"
ca8488~1.jpg  Jul 17 2009      161514  "Caster_TopPlate_V2_2.jpg"
ca848c~1.jpg  Jul 17 2009      188496  "Caster_TopPlate_V2_3.jpg"
explor~1.exe  Oct  1 2009      420137  "explorerxpsetup.exe"
explor~1.lnk  Oct  1 2009        1580  "ExplorerXP.lnk"
hudyof~1.pdf  Jul 21 2009     3839736  "HUDY Off-road & Truggy Set-up Book.pdf"
iseeyo~1.exe  Oct  1 2009     1106604  "ISeeYouXP.exe"
iseeyo~1.lnk  Oct  2 2009         534  "ISeeYouXP.lnk"
kidsco~1.odt  Aug 26 2009       18399  "Kids Comp.odt"
killbo~1.exe  Oct  1 2009       93696  "KillBox-Beta.exe"
protoc~1.odt  Aug 18 2009       24622  "protocal_rootcanaledteeth.odt"
shippi~1.odt  Aug  3 2009       12343  "SHIPPING LABEL.odt"
teeth.odt     Aug 18 2009       37879  "TEETH.odt"
teethi~1.odt  Aug 15 2009       20247  "TeethInfo.odt"
tekin-~1.pdf  Jul  6 2009      570119  "Tekin-RS-setup-sheet-v1.pdf"
tekin-~2.pdf  Jul  6 2009      615852  "Tekin-RS-setup_DamonConverse_6.5Mod4wdBuggy.pdf"
tekin-~3.pdf  Jul  6 2009      615858  "Tekin-RS-setup_DamonConverse_13.5Truck.pdf"
TEKINH~1      Aug  5 2009              "TekinHotWire_Beta3_30_RS_V200"
ultra_ob.pdf  Sep 13 2009     2689968  "ultra_ob.pdf"
ultra_qr.pdf  Sep 13 2009      831938  "ultra_qr.pdf"
win32k~1.exe  Oct  1 2009       47616  "Win32kDiag.exe"
YO            Oct  1 2009              "YO"

27 items found:  24 files, 3 directories.
  Total of file sizes:  11,920,698 bytes     11.37 M

   Locating all files created in C:\Documents and Settings\All Users\Desktop\ within the last 90 days. 

"C:\Documents and Settings\All Users\Desktop\"
a-squa~1.lnk  Sep 30 2009         648  "a-squared Free.lnk"
a-squa~2.lnk  Oct  1 2009         710  "a-squared HiJackFree.lnk"
adober~1.lnk  Aug 15 2009        1729  "Adobe Reader 9.lnk"
aviraa~1.lnk  Oct  1 2009        1707  "Avira AntiVir Control Center.lnk"
emachi~1.lnk  Jul 27 2009         670  "eMachineShop.lnk"
itunes.lnk    Sep 19 2009        2137  "iTunes.lnk"

6 items found:  6 files, 0 directories.
  Total of file sizes:  7,601 bytes      7.42 K

    --------------------------------------------------------------------------
           Start Menu Items: 
    --------------------------------------------------------------------------

   Locating all files created inC:\Documents and Settings\Owner\Start Menu within the last 90 days. 

No matches found.

   Locating all files created in C:\Documents and Settings\Owner\Start Menu\Programs\Startup within the last 90 days. 

No matches found.

   Locating all files created in C:\Documents and Settings\All Users\Start Menu within the last 90 days. 

No matches found.

   Locating all files created in C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ within the last 90 days. 

No matches found.

    --------------------------------------------------------------------------
           Application Data Items: 
    --------------------------------------------------------------------------

   Locating all files created in C:\Documents and Settings\Owner\Application Data\ within the last 90 days. 

"C:\Documents and Settings\Owner\Application Data\"
HPAPPD~1      Sep 21 2009              "HPAppData"
INSTAL~1      Jul 24 2009              "InstallShield"
MALWAR~1      Sep 30 2009              "Malwarebytes"
SUPERA~1.COM  Sep 21 2009              "SUPERAntiSpyware.com"

4 items found:  0 files, 4 directories.

   Locating all files created in C:\Documents and Settings\Owner\Local Settings\Application Data\ within the last 90 days. 

"C:\Documents and Settings\Owner\Local Settings\Application Data\"
CONDUIT       Aug 31 2009              "Conduit"
gdipfo~1.dat  Sep  5 2009      298680  "GDIPFONTCACHEV1.DAT"
iconca~1.db   Oct  1 2009     6421590  "IconCache.db"
MICROS~2      Sep  1 2009              "Microsoft Help"
SHIPPI~1      Sep 30 2009              "ShippingAssistant"

5 items found:  2 files (1 H/S), 3 directories.
  Total of file sizes:  6,720,270 bytes      6.41 M

   Locating all files created in C:\Documents and Settings\All Users\Application Data\ within the last 90 days. 

"C:\Documents and Settings\All Users\Application Data\"
AVIRA         Oct  1 2009              "Avira"
hpzins~1.log  Jul 23 2009        1725  "hpzinstall.log"
MALWAR~1      Sep 30 2009              "Malwarebytes"
micros~1.bc   Sep 30 2009         133  "Microsoft.SqlServer.Compact.351.32.bc"
MICROS~2      Sep  1 2009              "Microsoft Help"
PCTOOL~1      Sep 21 2009              "PC Tools"
SUPERA~1.COM  Sep 21 2009              "SUPERAntiSpyware.com"
TEMP          Sep 21 2009              "TEMP"

8 items found:  2 files, 6 directories.
  Total of file sizes:  1,858 bytes      1.81 K

    --------------------------------------------------------------------------
           C:\Documents and Settings\Owner\Local Settings\TEMP: 
    --------------------------------------------------------------------------

   Locating all files created in C:\Documents and Settings\Owner\Local Settings\TEMP within the last 90 days. 

    --------------------------------------------------------------------------
           Items in Templates Folder: 
    --------------------------------------------------------------------------

   Locating all files created in C:\Documents and Settings\Owner\Templates 

"C:\Documents and Settings\Owner\Templates\"
amipro.sam    Aug  4 2004        4570  "amipro.sam"
excel.xls     Aug  4 2004        5632  "excel.xls"
excel4.xls    Aug  4 2004        1518  "excel4.xls"
lotus.wk4     Aug  4 2004        2448  "lotus.wk4"
powerpnt.ppt  Aug  4 2004       12288  "powerpnt.ppt"
presenta.shw  Aug  4 2004         461  "presenta.shw"
quattro.wb2   Aug  4 2004        4017  "quattro.wb2"
sndrec.wav    Aug  4 2004          58  "sndrec.wav"
winword.doc   Aug  4 2004        4608  "winword.doc"
winword2.doc  Aug  4 2004        1769  "winword2.doc"
wordpfct.wpd  Aug  4 2004          30  "wordpfct.wpd"
wordpfct.wpg  Aug  4 2004          57  "wordpfct.wpg"

12 items found:  12 files, 0 directories.
  Total of file sizes:  37,456 bytes     36.58 K

--------------------------------------------------------------------------
           Items in Program Files: 
--------------------------------------------------------------------------

   Locating all files created in C:\Program Files\ within the last 90 days. 

"C:\Program Files\"
A-SQUA~1      Sep 30 2009              "a-squared Free"
A-SQUA~2      Oct  1 2009              "a-squared HiJackFree"
ALWILS~1      Oct  1 2009              "Alwil Software"
AVIRA         Oct  1 2009              "Avira"
EXPLOR~1      Oct  1 2009              "ExplorerXP"
MICROS~1.NET  Sep  1 2009              "Microsoft.NET"
PAYPAL        Jul 24 2009              "PayPal"
REGCURE       Oct  1 2009              "regcure"
TEKINH~1      Aug  5 2009              "Tekin HotWire"

9 items found:  0 files, 9 directories.

   Locating all files created in C:\Program Files\Common Files\ within the last 90 days. 

"C:\Program Files\Common Files\"
DESIGNER      Sep  1 2009              "DESIGNER"

1 item found:  0 files, 1 directory.

   Locating all files created in C:\Program Files\Common Files\Microsoft Shared\Web Folders within the last 90 days. 

No matches found.

--------------------------------------------------------------------------
           Items in the Windows Directory: 
--------------------------------------------------------------------------

    Locating all files created in C:\WINDOWS\ within the last 90 days.  

"C:\WINDOWS\"
$N10EC~1      Aug 26 2009              "$NtUninstallKB970653-v3$"
$N24DA~1      Jul 29 2009              "$NtUninstallKB972260$"
$N38DC~2      Jul 15 2009              "$NtUninstallKB961371$"
$N3945~1      Aug 13 2009              "$NtUninstallKB973540_WM9$"
$N48C7~1      Sep  8 2009              "$NtUninstallKB968816_WM9$"
$N50D6~2      Aug 13 2009              "$NtUninstallKB973354$"
$N50D6~3      Sep  8 2009              "$NtUninstallKB971961$"
$N54DA~1      Aug 13 2009              "$NtUninstallKB956744$"
$N58B2~1      Jul 15 2009              "$NtUninstallKB971633$"
$N60BA~1      Aug 13 2009              "$NtUninstallKB973815$"
$N64D6~1      Sep  8 2009              "$NtUninstallKB956844$"
$N68AC~1      Aug  9 2009              "$NtUninstallKB961118$"
$N68C6~1      Jul 15 2009              "$NtUninstallKB973346$"
$N78A6~1      Aug 13 2009              "$NtUninstallKB973507$"
$N78C2~1      Aug 13 2009              "$NtUninstallKB971657$"
$N78C6~1      Aug 13 2009              "$NtUninstallKB971557$"
$N7CFC~1      Aug 15 2009              "$NtUninstallKB968389$"
$N84C0~1      Aug 13 2009              "$NtUninstallKB960859$"
$N88DA~1      Aug 13 2009              "$NtUninstallKB973869$"
0.log         Oct  1 2009           0  "0.log"
bootstat.dat  Oct  1 2009        2048  "bootstat.dat"
comsetup.log  Oct  1 2009      228409  "comsetup.log"
faxsetup.log  Oct  1 2009      651030  "FaxSetup.log"
hpoins14.dat  Jul 23 2009      141206  "hpoins14.dat"
ie4err~1.txt  Aug 16 2009        1611  "IE4 Error Log.txt"
IE8           Sep 21 2009              "ie8"
ie8.log       Sep 21 2009      171261  "ie8.log"
ie8_main.log  Sep 21 2009      125324  "ie8_main.log"
iis6.log      Oct  1 2009       99484  "iis6.log"
imsins.bak    Sep 21 2009        1374  "imsins.BAK"
imsins.log    Oct  1 2009        4566  "imsins.log"
kb956744.log  Aug 13 2009        8835  "KB956744.log"
kb956844.log  Sep  8 2009        6961  "KB956844.log"
kb960859.log  Aug 13 2009       13835  "KB960859.log"
kb961118.log  Aug  9 2009        4888  "KB961118.log"
kb961371.log  Jul 15 2009       14732  "KB961371.log"
kb968389.log  Aug 15 2009       19379  "KB968389.log"
kb968816.log  Sep  8 2009        6192  "KB968816.log"
kb9706~1.log  Aug 26 2009        4051  "KB970653-v3.log"
kb971557.log  Aug 13 2009       13258  "KB971557.log"
kb971633.log  Jul 15 2009       13853  "KB971633.log"
kb971657.log  Aug 13 2009       13754  "KB971657.log"
kb971961.log  Sep  8 2009        7370  "KB971961.log"
kb9719~1.log  Sep 22 2009        2819  "KB971961-IE8.log"
kb972260.log  Jul 29 2009       18037  "KB972260.log"
kb9722~1.log  Sep 22 2009       27685  "KB972260-IE8.log"
kb973346.log  Jul 15 2009        8661  "KB973346.log"
kb973354.log  Aug 13 2009        8428  "KB973354.log"
kb973507.log  Aug 13 2009       13561  "KB973507.log"
kb973540.log  Aug 13 2009        7664  "KB973540.log"
kb973815.log  Aug 13 2009       12418  "KB973815.log"
kb973869.log  Aug 13 2009        8293  "KB973869.log"
kb9738~1.log  Sep 21 2009       22392  "KB973874-IE8.log"
msgsocm.log   Oct  1 2009       39200  "msgsocm.log"
ntbtlog.txt   Sep 30 2009     1551904  "ntbtlog.txt"
ntdtcs~1.log  Oct  1 2009      141085  "ntdtcsetup.log"
ocgen.log     Oct  1 2009      364515  "ocgen.log"
ocmsn.log     Oct  1 2009       37946  "ocmsn.log"
randseed.rnd  Jul 28 2009         512  "randseed.rnd"
schedlgu.txt  Oct  1 2009       32156  "SchedLgU.Txt"
setupapi.log  Oct  1 2009      844170  "setupapi.log"
SHELLNEW      Sep  1 2009              "SHELLNEW"
spupdsvc.log  Sep 21 2009       57875  "spupdsvc.log"
system.ini    Oct  1 2009         455  "system.ini"
tsoc.log      Oct  1 2009      267353  "tsoc.log"
updspapi.log  Sep 21 2009      227396  "updspapi.log"
wiadebug.log  Oct  2 2009         211  "wiadebug.log"
wiaservc.log  Oct  1 2009          49  "wiaservc.log"
win.ini       Jul 23 2009         696  "win.ini"
win32k.sys    Oct  1 2009           0  "win32k.sys"
window~1.log  Oct  1 2009     1743050  "WindowsUpdate.log"
wmsetup.log   Aug 13 2009       67130  "wmsetup.log"
yacs.log      Sep  3 2009       12517  "yacs.log"

73 items found:  52 files (1 H/S), 21 directories (20 H/S).
  Total of file sizes:  7,071,599 bytes      6.74 M

    --------------------------------------------------------------------------
           C:\WINDOWS\Downloaded Program Files: 
    --------------------------------------------------------------------------

    Locating all files created in C:\WINDOWS\Downloaded Program Files\ within the last 90 days.  

"C:\WINDOWS\Downloaded Program Files\"
epuwal~1.dll  Sep 18 2009     3170072  "EPUWALcontrol.dll"

1 item found:  1 file, 0 directories.
  Total of file sizes:  3,170,072 bytes      3.02 M

    --------------------------------------------------------------------------
           C:\WINDOWS\PCHealth\HelpCtr\Binaries: 
    --------------------------------------------------------------------------

   Locating all files in C:\WINDOWS\PCHealth\HelpCtr\Binaries 

"C:\WINDOWS\pchealth\helpctr\binaries\"
brpinfo.dll   Aug  4 2004       21504  "brpinfo.dll"
hcappres.dll  Aug  4 2004        6656  "HCAppRes.dll"
helpctr.exe   Apr 13 2008      769024  "helpctr.exe"
helphost.exe  Aug  4 2004       99840  "HelpHost.exe"
helpsvc.exe   Apr 13 2008      744448  "helpsvc.exe"
hscsp_p3.cab  Dec 28 2006      290594  "hscsp_p3.cab"
hscupd.exe    Apr 13 2008       18432  "hscupd.exe"
msconfig.exe  Apr 13 2008      169984  "msconfig.exe"
msinfo.dll    Apr 13 2008      376832  "msinfo.dll"
notiflag.exe  Aug  4 2004       35328  "notiflag.exe"
pchdt_p3.cab  Aug  4 2004     2334260  "pchdt_p3.cab"
pchshell.dll  Apr 13 2008      102912  "pchshell.dll"
pchsvc.dll    Apr 13 2008       38400  "pchsvc.dll"

13 items found:  13 files, 0 directories.
  Total of file sizes:  5,008,214 bytes      4.77 M

    --------------------------------------------------------------------------
           C:\WINDOWS\system: 
    --------------------------------------------------------------------------

   Locating all files created in C:\WINDOWS\system within the last 90 days.  

No matches found.

    --------------------------------------------------------------------------
           C:\WINDOWS\system32: 
    --------------------------------------------------------------------------

   Locating all files created in C:\WINDOWS\system32 within the last 90 days.  

"C:\WINDOWS\system32\"
atl.dll       Jul 17 2009       58880  "atl.dll"
config.nt     Oct  1 2009        2577  "CONFIG.NT"
d3d8caps.dat  Sep 20 2009         552  "d3d8caps.dat"
d3d9caps.dat  Sep 21 2009         664  "d3d9caps.dat"
deploytk.dll  Jul 25 2009      411368  "deploytk.dll"
fntcache.dat  Sep  1 2009     1999368  "FNTCACHE.DAT"
java.exe      Jul 25 2009      145184  "java.exe"
javacpl.cpl   Jul 25 2009       73728  "javacpl.cpl"
javaw.exe     Jul 25 2009      145184  "javaw.exe"
javaws.exe    Jul 25 2009      149280  "javaws.exe"
ju6480~1.log  Aug  5 2009        3903  "jupdate-1.6.0_15-b03.log"
mrt.exe       Aug 28 2009    24689600  "MRT.exe"
mswebdvd.dll  Aug  5 2009      204800  "mswebdvd.dll"
perfc009.dat  Oct  1 2009       67516  "perfc009.dat"
perfh009.dat  Oct  1 2009      432686  "perfh009.dat"
perfst~1.ini  Oct  1 2009      508296  "PerfStringBackup.INI"
shdocvw.dll   Jul 18 2009     1509888  "shdocvw.dll"
tzchange.exe  Jul 14 2009       46080  "tzchange.exe"
tzlog.log     Aug 26 2009      436838  "TZLog.log"
wmp.dll       Jul 13 2009     5537792  "wmp.dll"
wmpdxm.dll    Jul 13 2009      286720  "wmpdxm.dll"
wpa.dbl       Sep 22 2009        1170  "wpa.dbl"

22 items found:  22 files, 0 directories.
  Total of file sizes:  36,712,074 bytes     35.01 M

    --------------------------------------------------------------------------
           C:\WINDOWS\system32\com: 
    --------------------------------------------------------------------------

   Locating all files created in C:\WINDOWS\system32\com within the last 90 days.  

No matches found.

    --------------------------------------------------------------------------
           C:\WINDOWS\system32\components: 
    --------------------------------------------------------------------------
   Locating all files created in C:\WINDOWS\system32\components within the last 90 days.  

No matches found.

    --------------------------------------------------------------------------
           C:\WINDOWS\system32\drivers: 
    --------------------------------------------------------------------------

    Locating all files created in C:\WINDOWS\system32\drivers within the last 90 days.  

"C:\WINDOWS\system32\drivers\"
avgntflt.sys  Jul 28 2009       55656  "avgntflt.sys"

1 item found:  1 file, 0 directories.
  Total of file sizes:  55,656 bytes     54.35 K

    --------------------------------------------------------------------------
           C:\WINDOWS\system32\drivers\etc: 
    --------------------------------------------------------------------------

   Locating all files created in C:\WINDOWS\system32\drivers\etc within the last 90 days.  

"C:\WINDOWS\system32\drivers\etc\"
hosts         Sep 21 2009         734  "hosts"

1 item found:  1 file, 0 directories.
  Total of file sizes:  734 bytes      0.71 K

    --------------------------------------------------------------------------
           C:\WINDOWS\TEMP: 
    --------------------------------------------------------------------------

   Locating all files created in C:\WINDOWS\TEMP within the last 90 days.  

"C:\WINDOWS\Temp\"
d0ec13~1.tmp  Sep 24 2009           0  "d0ec13da-c287-4c0c-b0ec-731a5c229f70.tmp"
d27f90~1.tmp  Sep 29 2009           0  "d27f90c5-dd9d-4031-adac-89db18f70491.tmp"
d83093~1.tmp  Sep 29 2009           0  "d8309359-a78e-40d8-8791-e198ef1fe1d6.tmp"
dd0960~1.tmp  Sep 26 2009           0  "dd0960bb-b60b-4f8f-b94b-59126b43c031.tmp"
dd_clw~1.txt  Aug  8 2009        8739  "dd_clwireg.txt"
dd_dep~1.txt  Aug  8 2009      204253  "dd_depcheck_NETFX_EXP_35.txt"
dd_dot~1.txt  Aug  8 2009      275026  "dd_dotnetfx35install.txt"
dd_dot~2.txt  Aug  8 2009           2  "dd_dotnetfx35error.txt"
dd_net~1.txt  Aug  8 2009    19013754  "dd_NET_Framework20_Setup46C9.txt"
dd_net~2.txt  Aug  8 2009     4003162  "dd_NET_Framework30_Setup4ACA.txt"
dd_net~3.txt  Aug  8 2009     1441980  "dd_NET_Framework35_MSI4C3B.txt"
dd_wcf~1.txt  Aug  8 2009        4326  "dd_wcf_retCA6315.txt"
dd_wcf~2.txt  Aug  8 2009        4326  "dd_wcf_retCA299.txt"
dd_xps.txt    Aug  8 2009       21278  "dd_XPS.txt"
de60c6~1.tmp  Sep 30 2009           0  "de60c6c6-5f36-4946-8e5b-784799d43ca6.tmp"
df00fb~1.tmp  Sep 24 2009           0  "df00fbe1-dc53-4a9e-8677-997d26a07fe8.tmp"
e0b7df~1.tmp  Sep 29 2009           0  "e0b7df8b-8c29-40c0-84c0-e5978f30a088.tmp"
e17b09~1.tmp  Sep 26 2009           0  "e17b0942-2058-487d-9e90-ecae183a5f42.tmp"
e21c2d~1.tmp  Sep 24 2009           0  "e21c2def-3765-4b44-bb16-75f3187dbde6.tmp"
e30127~1.tmp  Sep 27 2009           0  "e30127e5-118a-45bf-8bba-a5edef8d3854.tmp"
e36dc0~1.tmp  Sep 23 2009           0  "e36dc020-6610-4fc8-ad3d-82c248930cc3.tmp"
e3ff92~1.tmp  Sep 26 2009           0  "e3ff9258-f7fa-4dbe-9088-8263c53bfa8b.tmp"
e60262~1.tmp  Sep 30 2009           0  "e602625c-9232-4b53-a453-d4572951f6de.tmp"
e7653a~1.tmp  Sep 30 2009           0  "e7653a3d-5d76-4298-8c6a-4c21e5c5d211.tmp"
ed55e4~1.tmp  Sep 30 2009           0  "ed55e452-6508-4753-b26e-5f10216e354a.tmp"
f17213~1.tmp  Sep 30 2009           0  "f1721333-74c0-41e0-ac22-21308cca4b89.tmp"
f97a9b~1.tmp  Sep 30 2009           0  "f97a9bb5-a413-4fc4-87f8-e9f9ce319435.tmp"
fa9476~1.tmp  Sep 30 2009           0  "fa947634-7820-4e51-868d-74fa6134d60c.tmp"
fc799c~1.tmp  Sep 30 2009           0  "fc799c93-fc84-42a6-a235-590235c29db5.tmp"
fe81c5~1.tmp  Sep 30 2009           0  "fe81c501-e36c-47d3-b3e6-47e67766e5f4.tmp"
google~1.log  Jul 23 2009       14526  "GoogleToolbarInstaller2.log"
google~2.log  Jul 23 2009       14304  "GoogleToolbarInstaller1.log"
hpzids~4.log  Aug  8 2009         383  "HPZIDS003.log"
pe2d87~1.dat  Jul 15 2009       16384  "Perflib_Perfdata_da4.dat"
pe31da~1.dat  Aug  9 2009       16384  "Perflib_Perfdata_d28.dat"
pe7591~1.dat  Oct  1 2009       16384  "Perflib_Perfdata_1cc.dat"
peb0d0~1.dat  Sep 20 2009       16384  "Perflib_Perfdata_720.dat"
peb49b~1.dat  Sep 21 2009       16384  "Perflib_Perfdata_6c0.dat"
pec4e6~1.dat  Sep 20 2009       16384  "Perflib_Perfdata_674.dat"
pec8c6~1.dat  Sep 20 2009       16384  "Perflib_Perfdata_604.dat"
ped0e6~1.dat  Sep 20 2009       16384  "Perflib_Perfdata_668.dat"
ped8d6~1.dat  Sep 21 2009       16384  "Perflib_Perfdata_648.dat"
ped8e6~1.dat  Sep 20 2009       16384  "Perflib_Perfdata_688.dat"
perfli~4.dat  Oct  1 2009       16384  "Perflib_Perfdata_6e4.dat"
produc~1.log  Jul 23 2009      353474  "ProductContextF4100.log"
update~1.log  Aug  8 2009         605  "update000.log"
uxeven~1.txt  Aug  8 2009       49796  "uxeventlog.txt"
_AVAST4_      Sep 20 2009              "_avast4_"

48 items found:  47 files, 1 directory.
  Total of file sizes:  25,590,158 bytes     24.40 M

************************************************************************************  

Checking for .COM files to Delete. They will only print if deleted! 

   Locating .COM files in the C:\WINDOWS\System32 folder 

"C:\WINDOWS\system32\"
chcp.com      Aug  4 2004        7680  "chcp.com"
command.com   Aug  4 2004       50620  "command.com"
diskcomp.com  Aug  4 2004        9216  "diskcomp.com"
diskcopy.com  Aug  4 2004        7168  "diskcopy.com"
edit.com      Aug  4 2004       69886  "edit.com"
format.com    Apr 13 2008       29696  "format.com"
graftabl.com  Aug  4 2004       26112  "graftabl.com"
graphics.com  Aug  4 2004       19694  "graphics.com"
kb16.com      Aug  4 2004       14710  "kb16.com"
loadfix.com   Aug  4 2004        1131  "loadfix.com"
locate.com    Jan 14 2005       11254  "locate.com"
mode.com      Aug  4 2004       19456  "mode.com"
more.com      Apr 13 2008       16896  "more.com"
tree.com      Apr 13 2008       12800  "tree.com"
win.com       Aug  4 2004       18432  "win.com"

15 items found:  15 files, 0 directories.
  Total of file sizes:  314,751 bytes    307.37 K

************************************************************************************  

Miscellaneous Malware Detections: 
------------------------------------------------------------------------------------  


   **** Delfin Media  {31EE3286-D785-4E3F-95FC-51D00FDABC01} NOT FOUND by this tool! ****  

   **** SmitFraud {0BC9BC01-54D4-4CCE-2B7D-955164314CD4} NOT FOUND by this tool! ****  

   **** SpywareStrike {C1A2FDA2-1A5B-2A8F-F3A2-B22DA1A3C41D} NOT FOUND by this tool! ****  

   **** SpywareStrike {C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C} NOT FOUND by this tool! ****   

   **** SpywareStrike {D81E2FC4-B0A2-11D3-21AC-07C04C21A18A} NOT FOUND by this tool! ****  

   **** SpyAxe {A1D9D3F0-8C2A-9A1D-A376-2CACFB10AB72} NOT FOUND by this tool! ****  

   **** SpyAxe {A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} NOT FOUND by this tool! ****  

   **** SpyAxe {A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} NOT FOUND by this tool! ****  

   **** SpyAxe {A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} NOT FOUND by this tool! ****  

   **** SpyAxe {A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F} NOT FOUND by this tool! ****  

   **** SpyFalcon {A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F} NOT FOUND by this tool! ****  

   **** SpyFalcon {C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D} NOT FOUND by this tool! ****  

   **** SpyFalcon {CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E} NOT FOUND by this tool! ****  

   **** SpyFalcon {35a88e51-b53d-43e9-b8a7-75d4c31b4676} NOT FOUND by this tool! ****  

   **** SpyFalcon {64ba30a2-811a-4597-b0af-d551128be340} NOT FOUND by this tool! ****  

   **** SpyFalcon {89aef01d-d237-49c7-84dc-4e1904c1fd31} NOT FOUND by this tool! ****  

   **** SpyFalcon {e04408db-4812-4478-8d4d-e46edcffd3b6} NOT FOUND by this tool! ****  

   **** SpyFalcon {336ec37f-54bf-4f13-8237-03f64fa591e7} NOT FOUND by this tool! ****  

   **** SpyFalcon {5bc82bdb-bc03-4671-9a78-3ef2b68449de} NOT FOUND by this tool! ****  

   **** SpyFalcon {24c60b9b-26b5-4201-9f7a-fb9219356ae9} NOT FOUND by this tool! ****  

   **** SpyFalcon {a0c51615-738a-4542-801a-5af61614e182} NOT FOUND by this tool! ****  

   **** SpyFalcon {70fbd528-2d3c-4a00-9b8c-bbf441e534be} NOT FOUND by this tool! ****  

   **** SpyFalcon {a566f298-05a6-4b3d-b672-da7c27316430} NOT FOUND by this tool! ****  

   **** SpyFalcon {f5947202-e9cb-4a72-88e7-22f2cbd2b124} NOT FOUND by this tool! ****  

   **** SpyFalcon {5aaf6542-f4ba-4df4-873d-4902ecbe794c} NOT FOUND by this tool! ****  

   **** SpyFalcon {3e4155b8-5a4a-4e95-83b2-ab032da9acbc} NOT FOUND by this tool! ****  

   **** SpyFalcon {9952355f-fefb-4764-bcd7-a993d03dd7e2} NOT FOUND by this tool! ****  

   **** SpyFalcon {55059d4f-a1ac-4837-ae07-4859101f598d} NOT FOUND by this tool! ****  

   **** SpyFalcon {c3786a8d-6426-4c29-a23f-f36e47b31e0c} NOT FOUND by this tool! ****  

   **** SpyLocked {25b7d2fd-4f71-46d1-801a-7de323e4ec82} NOT FOUND by this tool! ****  

   **** SpyLocked {4233AC08-A2C4-4742-A0B4-83719613D62C} NOT FOUND by this tool! ****  

   **** SpyLocked {716002DB-288C-4BF0-80CD-A467E78D8B55} NOT FOUND by this tool! ****  

   **** SpyLocked {735E980D-45D2-4777-AF82-9923D3C8D3AE} NOT FOUND by this tool! ****  

   **** SpyLocked {B23DC537-3E13-44C7-BF67-D8405EB377F7} NOT FOUND by this tool! ****  

   **** SpyLocked {B292EC9F-A074-4115-8342-1F459702D8D2} NOT FOUND by this tool! ****  

   **** SpyLocked {CECA6F2B-247B-4ECE-9B7A-D0135C8036FC} NOT FOUND by this tool! ****  

   **** SpyLocked {DA3B49F6-8C54-4429-A275-21A86DCCA413} NOT FOUND by this tool! ****  

   **** SpyLocked {EDE8BED5-92CF-4482-8F51-A01CD9B3EA37} NOT FOUND by this tool! ****  

   **** SpyLocked {FA4FBF53-C766-4622-8011-A87A805EEBF0} NOT FOUND by this tool! ****  

   **** SpywareLocked {0E4E5110-A772-4C4A-A7DC-137FE10ABD6E} NOT FOUND by this tool! ****  

   **** SpywareLocked {07A582E8-BAE3-457D-9D29-2048DE45A369} NOT FOUND by this tool! ****  

   **** SpywareLocked {3BAA1AD8-EE49-4772-BF0B-F55083E0F7AA} NOT FOUND by this tool! ****  

   **** SpywareLocked {9D6FAC42-A7BE-4702-87EF-75D8DC14249E} NOT FOUND by this tool! ****  

   **** SpywareLocked {ABEF791F-947E-4CDF-83C3-E72A240AFB67} NOT FOUND by this tool! ****  

   **** SpywareLocked {BD0FC212-0A36-4232-83CC-2063FB9282E0} NOT FOUND by this tool! ****  

   **** SpywareLocked {B0DED443-5E68-4001-A81B-0A0001621AB8} NOT FOUND by this tool! ****  

   **** SpywareLocked {F38B1B2B-4976-46DD-9FE5-60FDE72F0B4D} NOT FOUND by this tool! ****  

   **** SpywareQuake {0c7416f0-dd23-420f-97f5-aae352ea2bf1} NOT FOUND by this tool! ****  

   **** SpywareQuake {E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} NOT FOUND by this tool! ****  

   **** SpywareQuake {AC1B4DA2-12FA-31F2-1A7D-CD2B14E6AD4E} NOT FOUND by this tool! ****  

   **** SpywareQuake {CD5E2AC9-25CE-A1C5-D1E2-DC6B28A6ED5A} NOT FOUND by this tool! ****  

   **** SpywareQuake {EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E} NOT FOUND by this tool! ****  

   **** SpywareQuake {e5b1e382-817e-4b74-8a96-ec78751e6acf} NOT FOUND by this tool! ****  

   **** SpywareQuake {a0aa3e4b-31cb-4ea2-9049-22b7f5b65edb} NOT FOUND by this tool! ****  

   **** SpywareQuake {cbb430e6-5b1b-474a-9d7e-160d4fe74bea} NOT FOUND by this tool! ****  

   **** SpywareQuake {62eb0924-19d2-4226-b4b9-8ad1f70904c1} NOT FOUND by this tool! ****  

   **** SpywareQuake {6c69e319-0d03-47da-997a-36586cbc53b3} NOT FOUND by this tool! ****  

   **** SpywareQuake {aea3d2df-2b2c-4d7b-81a0-d975c6dc088e} NOT FOUND by this tool! ****  

   **** SpywareSheriff {1C3B31AE-FD16-D2CE-43FF-DC4CD5C1BC5E} NOT FOUND by this tool! ****  

   **** VirusBurster {9d635a36-6b3c-4146-8625-f3aaf507bbf8} NOT FOUND by this tool! ****  

   **** TrustCleaner {24E27EA9-FCF3-444F-BD80-20543BA5D946} NOT FOUND by this tool! ****  

   **** Troj/Small-ER {4F141CBA-1457-6CCA-03A7-7AA21B61EA0F} NOT FOUND by this tool! ****  

   **** Troj/Spabot-E {429F4BB8-7BF7-4152-8011-3C6F9EB7E892} NOT FOUND by this tool! ****  

   **** Troj/Dloader-OF {203B1C4D9-BC71-8916-38AD-9DEA5D213614} NOT FOUND by this tool! ****  

   **** Troj/Crafted-A  {0BC9BC01-54D4-4CCE-2B7D-955164314CD4} NOT FOUND by this tool! ****  

   **** Troj/Agent-FG {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} NOT FOUND by this tool! ****  

   **** TX 4 BrowserAd adware {8e99f990-b75a-4568-b3c8-24cbc8cbbfc1} NOT FOUND by this tool! ****  

   **** Trojan-Proxy.Win32.Small {87A3E824-A726-4CF4-8A66-6314B11BDA0C} NOT FOUND by this tool! ****  

   **** Trojan-Downloader.Win32.Delf.ks {786C369D-409A-456f-A13C-971EADA850C6} NOT FOUND by this tool! ****  

   **** W32/Almanahe.a Worm NOT FOUND by this tool! **** 

   **** msctl32.dll SpamBot NOT FOUND by this tool! **** 

   **** KeyLogger NOT FOUND by this tool! ****  

--------------------------------------------------------------------------
       CHECKING FOR BOT-TYPE WORMS: 
--------------------------------------------------------------------------

   **** W32/Sdbot Worm NOT FOUND by this tool! ****  

--------------------------------------------------------------------------
       CHECKING FOR KNOWN ROOTKIT STEALTHING AGENTS: 
--------------------------------------------------------------------------

   **** i386p.* Stealthing Agent NOT FOUND by this tool! **** 

   **** ErrorSafe erssdd.* Stealthing Agent NOT FOUND by this tool! **** 

   **** VUNDO DP.* Stealthing Agent NOT FOUND by this tool! **** 

   **** Troj/NTRootK-BP main.* Stealthing Agent NOT FOUND by this tool! **** 

   **** W32/Almanahe.sys RioDrvrs.* Stealthing Agent NOT FOUND by this tool! **** 

   **** W32/Almanahe.sys DKIS6.* Stealthing Agent NOT FOUND by this tool! **** 

--------------------------------------------------------------------------
       CHECKING FOR VISIBLE ROOTKIT-TYPE REGISTRY KEYS: 
--------------------------------------------------------------------------

   **** Rustock.B trojan, PE386 rootkit NOT FOUND by this tool! ****  

   **** Rustock.B trojan, huy32 rootkit NOT FOUND by this tool! ****  

   **** Rustock.B trojan, lzx32 rootkit NOT FOUND by this tool! ****  

   **** Rustock.B trojan, msguard rootkit NOT FOUND by this tool! ****  

   **** Rustock.B trojan, xpdt.sy_ rootkit NOT FOUND by this tool! ****  

   **** Rustock.B trojan, xpdt.sys rootkit NOT FOUND by this tool! ****  

   **** CmdService adware NOT FOUND by this tool! ****  

   **** Network_Monitor adware NOT FOUND by this tool! ****  

   **** Trojan.Peacomm NOT FOUND by this tool! ****  

   **** Trojan.Peacomm windev NOT FOUND by this tool! ****  

   **** AVPE Haxdoor NOT FOUND by this tool! ****  

   **** MEMLOW Haxdoor NOT FOUND by this tool! ****  

   **** VDMT Haxdoor NOT FOUND by this tool! ****  

   **** YCSVGA Haxdoor NOT FOUND by this tool! ****  

   **** PPTP Haxdoor NOT FOUND by this tool! ****  

   **** DVB Haxdoor  NOT FOUND by this tool! ****  

   **** YVBB Haxdoor NOT FOUND by this tool! ****  

   **** YVPP Haxdoor NOT FOUND by this tool! ****  

   **** NKGFS Haxdoor NOT FOUND by this tool! ****  

   **** XMSK Haxdoor NOT FOUND by this tool! ****  

   **** AVPX Haxdoor NOT FOUND by this tool! ****  

   **** MMXF Haxdoor NOT FOUND by this tool! ****  

   **** DP1112 Vundo Rootkit NOT FOUND by this tool! ****  

   **** SYSBUS32 Rootkit Driver NOT FOUND by this tool! ****  

   **** I386P Rootkit Driver NOT FOUND by this tool! ****  

   **** ERSSDD Rootkit NOT FOUND by this tool! ****  

   **** GencTurK RootKit NOT FOUND by this tool! ****  

   **** Troj/NTRootK-BP RootKit NOT FOUND by this tool! ****  

   **** W32/Almanahe.sys NOT FOUND by this tool! ****  

************************************************************************************  

Dumping HKLM Uninstall Programs list 

  DisplayName	REG_SZ         	32 Bit HP CIO Components Installer
  DisplayName	REG_SZ         	a-squared Free 4.5
  DisplayName	REG_SZ         	a-squared HiJackFree 3.1
  DisplayName	REG_SZ         	Adobe AIR
  DisplayName	REG_SZ         	Adobe AIR
  DisplayName	REG_SZ         	Adobe Anchor Service CS3
  DisplayName	REG_SZ         	Adobe Asset Services CS3
  DisplayName	REG_SZ         	Adobe Bridge CS3
  DisplayName	REG_SZ         	Adobe Bridge Start Meeting
  DisplayName	REG_SZ         	Adobe Camera Raw 4.0
  DisplayName	REG_SZ         	Adobe CMaps
  DisplayName	REG_SZ         	Adobe Color - Photoshop Specific
  DisplayName	REG_SZ         	Adobe Color Common Settings
  DisplayName	REG_SZ         	Adobe Color EU Extra Settings
  DisplayName	REG_SZ         	Adobe Color JA Extra Settings
  DisplayName	REG_SZ         	Adobe Color NA Recommended Settings
  DisplayName	REG_SZ         	Adobe Default Language CS3
  DisplayName	REG_SZ         	Adobe Device Central CS3
  DisplayName	REG_SZ         	Adobe ExtendScript Toolkit 2
  DisplayName	REG_SZ         	Adobe Extension Manager CS3
  DisplayName	REG_SZ         	Adobe Fireworks CS3
  DisplayName	REG_SZ         	Adobe Fireworks CS3
  DisplayName	REG_SZ         	Adobe Flash Player 10 ActiveX
  DisplayName	REG_SZ         	Adobe Fonts All
  DisplayName	REG_SZ         	Adobe Help Viewer CS3
  DisplayName	REG_SZ         	Adobe Illustrator CS3
  DisplayName	REG_SZ         	Adobe Illustrator CS3
  DisplayName	REG_SZ         	Adobe Linguistics CS3
  DisplayName	REG_SZ         	Adobe PDF Library Files
  DisplayName	REG_SZ         	Adobe Photoshop CS3
  DisplayName	REG_SZ         	Adobe Photoshop CS3
  DisplayName	REG_SZ         	Adobe Reader 9.1.3
  DisplayName	REG_SZ         	Adobe Setup
  DisplayName	REG_SZ         	Adobe Setup
  DisplayName	REG_SZ         	Adobe Setup
  DisplayName	REG_SZ         	Adobe Stock Photos CS3
  DisplayName	REG_SZ         	Adobe Type Support
  DisplayName	REG_SZ         	Adobe Update Manager CS3
  DisplayName	REG_SZ         	Adobe Version Cue CS3 Client
  DisplayName	REG_SZ         	Adobe WinSoft Linguistics Plugin
  DisplayName	REG_SZ         	Adobe XMP Panels CS3
  DisplayName	REG_SZ         	AIO_Scan
  DisplayName	REG_SZ         	Apple Mobile Device Support
  DisplayName	REG_SZ         	Apple Software Update
  DisplayName	REG_SZ         	ATI Display Driver
  DisplayName	REG_SZ         	AutoUpdate
  DisplayName	REG_SZ         	Avira AntiVir Personal - Free Antivirus
  DisplayName	REG_SZ         	BufferChm
  DisplayName	REG_SZ         	Compatibility Pack for the 2007 Office system
  DisplayName	REG_SZ         	Copy
  DisplayName	REG_SZ         	Destination Component
  DisplayName	REG_SZ         	DeviceDiscovery
  DisplayName	REG_SZ         	DeviceManagementQFolder
  DisplayName	REG_SZ         	Digital Media Reader
  DisplayName	REG_SZ         	Digital Media Reader
  DisplayName	REG_SZ         	DivX Codec
  DisplayName	REG_SZ         	DJ_AIO_ProductContext
  DisplayName	REG_SZ         	DJ_AIO_Software
  DisplayName	REG_SZ         	DJ_AIO_Software_min
  DisplayName	REG_SZ         	Dr.STIKA PLUS
  DisplayName	REG_SZ         	DVD Solution
  DisplayName	REG_SZ         	eMachineShop
  DisplayName	REG_SZ         	eMule
  DisplayName	REG_SZ         	ExplorerXP (remove only)
  DisplayName	REG_SZ         	F4100
  DisplayName	REG_SZ         	F4100_doccd
  DisplayName	REG_SZ         	F4100_Help
  DisplayName	REG_SZ         	getPlus(R) for Adobe
  DisplayName	REG_SZ         	High Definition Audio Driver Package - KB888111
  DisplayName	REG_SZ         	Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
  DisplayName	REG_SZ         	Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
  DisplayName	REG_SZ         	Hotfix for Windows XP (KB952287)
  DisplayName	REG_SZ         	Hotfix for Windows XP (KB954550-v5)
  DisplayName	REG_SZ         	Hotfix for Windows XP (KB961118)
  DisplayName	REG_SZ         	Hotfix for Windows XP (KB970653-v3)
  DisplayName	REG_SZ         	HP Deskjet All-In-One Software 9.0
  DisplayName	REG_SZ         	HP Imaging Device Functions 9.0
  DisplayName	REG_SZ         	HP Smart Web Printing
  DisplayName	REG_SZ         	HP Smart Web Printing
  DisplayName	REG_SZ         	iTunes
  DisplayName	REG_SZ         	J2SE Runtime Environment 5.0 Update 2
  DisplayName	REG_SZ         	Java(TM) 6 Update 15
  DisplayName	REG_SZ         	Java(TM) 6 Update 4
  DisplayName	REG_SZ         	Java(TM) 6 Update 7
  DisplayName	REG_SZ         	Linksys Wireless-G USB Network Adapter
  DisplayName	REG_SZ         	Mach2 Mach2Release 6.12N
  DisplayName	REG_SZ         	Macromedia Dreamweaver MX 2004
  DisplayName	REG_SZ         	Macromedia Extension Manager
  DisplayName	REG_SZ         	Microsoft .NET Framework 2.0 Service Pack 2
  DisplayName	REG_SZ         	Microsoft .NET Framework 3.0 Service Pack 2
  DisplayName	REG_SZ         	Microsoft .NET Framework 3.5 SP1
  DisplayName	REG_SZ         	Microsoft .NET Framework 3.5 SP1
  DisplayName	REG_SZ         	Microsoft Digital Image Library 9 - Blocker
  DisplayName	REG_SZ         	Microsoft Digital Image Starter Edition 2006
  DisplayName	REG_SZ         	Microsoft Digital Image Starter Edition 2006 Editor
  DisplayName	REG_SZ         	Microsoft Digital Image Starter Edition 2006 Library
  DisplayName	REG_SZ         	Microsoft Internationalized Domain Names Mitigation APIs
  DisplayName	REG_SZ         	Microsoft National Language Support Downlevel APIs
  DisplayName	REG_SZ         	Microsoft Office Excel MUI (English) 2007
  DisplayName	REG_SZ         	Microsoft Office Home and Student 2007
  DisplayName	REG_SZ         	Microsoft Office Home and Student 2007
  DisplayName	REG_SZ         	Microsoft Office OneNote MUI (English) 2007
  DisplayName	REG_SZ         	Microsoft Office PowerPoint MUI (English) 2007
  DisplayName	REG_SZ         	Microsoft Office Proof (English) 2007
  DisplayName	REG_SZ         	Microsoft Office Proof (French) 2007
  DisplayName	REG_SZ         	Microsoft Office Proof (Spanish) 2007
  DisplayName	REG_SZ         	Microsoft Office Proofing (English) 2007
  DisplayName	REG_SZ         	Microsoft Office Shared MUI (English) 2007
  DisplayName	REG_SZ         	Microsoft Office Shared Setup Metadata MUI (English) 2007
  DisplayName	REG_SZ         	Microsoft Office Word MUI (English) 2007
  DisplayName	REG_SZ         	Microsoft Office Word Viewer 2003
  DisplayName	REG_SZ         	Microsoft Software Update for Web Folders  (English) 12
  DisplayName	REG_SZ         	Microsoft Visual C++ 2005 Redistributable
  DisplayName	REG_SZ         	Microsoft Visual C++ 2005 Redistributable
  DisplayName	REG_SZ         	Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
  DisplayName	REG_SZ         	Microsoft Works
  DisplayName	REG_SZ         	MP3 Player Utilities 4.00
  DisplayName	REG_SZ         	MSXML 4.0 SP2 (KB936181)
  DisplayName	REG_SZ         	MSXML 4.0 SP2 (KB954430)
  DisplayName	REG_SZ         	MSXML 6.0 Parser (KB925673)
  DisplayName	REG_SZ         	OpenOffice.org 2.4
  DisplayName	REG_SZ         	PayPal Plug-In
  DisplayName	REG_SZ         	PayPal Plug-In
  DisplayName	REG_SZ         	PayPal Plug-In
  DisplayName	REG_SZ         	PayPal Plug-In
  DisplayName	REG_SZ         	PDF Settings
  DisplayName	REG_SZ         	Power2Go 4.0
  DisplayName	REG_SZ         	PowerDVD
  DisplayName	REG_SZ         	QuickTime
  DisplayName	REG_SZ         	RealPlayer Basic
  DisplayName	REG_SZ         	REALTEK GbE & FE Ethernet PCI NIC Driver
  DisplayName	REG_SZ         	Realtek High Definition Audio Driver
  DisplayName	REG_SZ         	Recovery Software Suite eMachines
  DisplayName	REG_SZ         	RegCure 1.5.0.0
  DisplayName	REG_SZ         	Scan
  DisplayName	REG_SZ         	Security Update for Step By Step Interactive Training (KB898458)
  DisplayName	REG_SZ         	Security Update for Windows Media Player (KB911564)
  DisplayName	REG_SZ         	Security Update for Windows Media Player (KB952069)
  DisplayName	REG_SZ         	Security Update for Windows Media Player (KB968816)
  DisplayName	REG_SZ         	Security Update for Windows Media Player (KB973540)
  DisplayName	REG_SZ         	Security Update for Windows Media Player 10 (KB911565)
  DisplayName	REG_SZ         	Security Update for Windows Media Player 10 (KB936782)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB923561)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB923689)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB938464)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB941569)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB946648)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB950762)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB950974)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB951066)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB951376-v2)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB951698)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB951748)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB952004)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB952954)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB953838)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB953839)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB954211)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB954459)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB954600)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB955069)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB956390)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB956391)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB956572)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB956744)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB956802)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB956803)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB956841)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB956844)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB957095)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB957097)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB958215)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB958644)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB958687)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB958690)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB959426)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB960225)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB960714)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB960715)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB960803)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB960859)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB961371)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB961373)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB961501)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB963027)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB968537)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB969897)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB969898)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB970238)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB971557)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB971633)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB971657)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB971961)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB972260)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB973346)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB973354)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB973507)
  DisplayName	REG_SZ         	Security Update for Windows XP (KB973869)
  DisplayName	REG_SZ         	Soft Data Fax Modem with SmartCP
  DisplayName	REG_SZ         	Status
  DisplayName	REG_SZ         	SUPER © Version 2009.bld.35 (Jan 5, 2009)
  DisplayName	REG_SZ         	Tekin HotWire
  DisplayName	REG_SZ         	Toolbox
  DisplayName	REG_SZ         	TrayApp
  DisplayName	REG_SZ         	UnloadSupport
  DisplayName	REG_SZ         	Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
  DisplayName	REG_SZ         	Update for Windows XP (KB951072-v2)
  DisplayName	REG_SZ         	Update for Windows XP (KB951978)
  DisplayName	REG_SZ         	Update for Windows XP (KB955839)
  DisplayName	REG_SZ         	Update for Windows XP (KB967715)
  DisplayName	REG_SZ         	Update for Windows XP (KB968389)
  DisplayName	REG_SZ         	Update for Windows XP (KB973815)
  DisplayName	REG_SZ         	Viewpoint Media Player
  DisplayName	REG_SZ         	Visual C++ 2008 x86 Runtime - (v9.0.30729)
  DisplayName	REG_SZ         	Visual C++ 2008 x86 Runtime - v9.0.30729.01
  DisplayName	REG_SZ         	WebFldrs XP
  DisplayName	REG_SZ         	WebReg
  DisplayName	REG_SZ         	Winamp
  DisplayName	REG_SZ         	WinAVIVideoConverter
  DisplayName	REG_SZ         	Windows Backup Utility
  DisplayName	REG_SZ         	Windows Genuine Advantage Validation Tool (KB892130)
  DisplayName	REG_SZ         	Windows Genuine Advantage Validation Tool (KB892130)
  DisplayName	REG_SZ         	Windows Internet Explorer 8
  DisplayName	REG_SZ         	Windows Live Messenger
  DisplayName	REG_SZ         	Windows Media Format Runtime
  DisplayName	REG_SZ         	Windows Media Player 10
  DisplayName	REG_SZ         	Windows Presentation Foundation
  DisplayName	REG_SZ         	Windows XP Service Pack 3
  DisplayName	REG_SZ         	WinFF 0.45
  DisplayName	REG_SZ         	WinRAR archiver
  DisplayName	REG_SZ         	XML Paper Specification Shared Components Pack 1.0
  ParentDisplayName	REG_SZ         	Microsoft .NET Framework 3.5 SP1
  ParentDisplayName	REG_SZ         	Microsoft .NET Framework 3.5 SP1
  ParentDisplayName	REG_SZ         	Microsoft .NET Framework 3.5 SP1
  ParentDisplayName	REG_SZ         	Microsoft Learning - Software Updates
  ParentDisplayName	REG_SZ         	Visual C++ 9.0
  ParentDisplayName	REG_SZ         	Windows Updates
  ParentDisplayName	REG_SZ         	Windows Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates


#####################################################################################################


  -- All DONE! 

  ~ ShadowPuterDude ~

HiJackFree SCAN:

Logfile of HiJackFree v3.0
Scan saved at 5:32:46 AM, on 10/2/2009
Platform: Windows XP Service Pack 3 (Windows NT 5.1.2600)
MSIE: Internet Explorer v 8.0 Service Pack 3 (8.0.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\a-squared HiJackFree\a2hijackfree.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.diggitydesigns.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO:  - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - 
O2 - BHO:  - {7E853D72-626A-48EC-A868-BA8D5E23E045} - 
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Easy Dock] 
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKLM\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O7 - Regedit - Enabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra "Tools" menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFBAR.ICO
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Program Files\Real\RealPlayer\eb_inact.ico
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra "Tools" menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: SearchAssistant=http://www.google.com/ie
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O14 - IERESET.INF: SEARCH_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
O14 - IERESET.INF: MS_START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://live.amsterdamlivexxx.com/cab/securelogin-devel.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O20 - Winlogon Notify: AtiExtEvent - C:\WINDOWS\System32\Ati2evxx.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\
O21 - ShellServiceObjectDelayLoad: PostBootReminder - 
O21 - ShellServiceObjectDelayLoad: CDBurn - 
O21 - ShellServiceObjectDelayLoad: WebCheck - 
O21 - ShellServiceObjectDelayLoad: SysTray - 
O22 - SharedTaskScheduler: Browseui preloader - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Free Service - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Alerter - C:\WINDOWS\system32\svchost.exe
O23 - Service: Application Layer Gateway Service - C:\WINDOWS\System32\alg.exe
O23 - Service: Avira AntiVir Scheduler - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Application Management - C:\WINDOWS\system32\svchost.exe
O23 - Service: ASP.NET State Service - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
O23 - Service: ATI Smart - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Windows Audio - C:\WINDOWS\System32\svchost.exe
O23 - Service: Background Intelligent Transfer Service - C:\WINDOWS\system32\svchost.exe
O23 - Service: Bonjour Service - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Computer Browser - C:\WINDOWS\system32\svchost.exe
O23 - Service: Indexing Service - C:\WINDOWS\system32\cisvc.exe
O23 - Service: ClipBook - C:\WINDOWS\system32\clipsrv.exe
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
O23 - Service: COM+ System Application - C:\WINDOWS\system32\dllhost.exe
O23 - Service: Cryptographic Services - C:\WINDOWS\system32\svchost.exe
O23 - Service: DCOM Server Process Launcher - C:\WINDOWS\system32\svchost
O23 - Service: DHCP Client - C:\WINDOWS\system32\svchost.exe
O23 - Service: Logical Disk Manager Administrative Service - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Logical Disk Manager - C:\WINDOWS\System32\svchost.exe
O23 - Service: DNS Client - C:\WINDOWS\system32\svchost.exe
O23 - Service: Wired AutoConfig - C:\WINDOWS\System32\svchost.exe
O23 - Service: Extensible Authentication Protocol Service - C:\WINDOWS\System32\svchost.exe
O23 - Service: Error Reporting Service - C:\WINDOWS\System32\svchost.exe
O23 - Service: Event Log - C:\WINDOWS\system32\services.exe
O23 - Service: COM+ Event System - C:\WINDOWS\system32\svchost.exe
O23 - Service: Fast User Switching Compatibility - C:\WINDOWS\System32\svchost.exe
O23 - Service: FLEXnet Licensing Service - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Windows Presentation Foundation Font Cache 3.0.0.0 - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
O23 - Service: getPlus(R) Helper - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Help and Support - C:\WINDOWS\System32\svchost.exe
O23 - Service: Human Interface Device Access - C:\WINDOWS\System32\svchost.exe
O23 - Service: Health Key and Certificate Management Service - C:\WINDOWS\System32\svchost.exe
O23 - Service: hpqcxs08 - C:\WINDOWS\system32\svchost.exe
O23 - Service: HP CUE DeviceDiscovery Service - C:\WINDOWS\system32\svchost.exe
O23 - Service: HTTP SSL - C:\WINDOWS\System32\svchost.exe
O23 - Service: Windows CardSpace - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
O23 - Service: IMAPI CD-Burning COM Service - C:\WINDOWS\system32\imapi.exe
O23 - Service: iPod Service - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Server - C:\WINDOWS\system32\svchost.exe
O23 - Service: Workstation - C:\WINDOWS\system32\svchost.exe
O23 - Service: TCP/IP NetBIOS Helper - C:\WINDOWS\system32\svchost.exe
O23 - Service: Macromedia Licensing Service - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Messenger - C:\WINDOWS\system32\svchost.exe
O23 - Service: NetMeeting Remote Desktop Sharing - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Distributed Transaction Coordinator - C:\WINDOWS\system32\msdtc.exe
O23 - Service: Windows Installer - C:\WINDOWS\system32\msiexec.exe
O23 - Service: Network Access Protection Agent - C:\WINDOWS\System32\svchost.exe
O23 - Service: Network DDE - C:\WINDOWS\system32\netdde.exe
O23 - Service: Network DDE DSDM - C:\WINDOWS\system32\netdde.exe
O23 - Service: Net Logon - C:\WINDOWS\system32\lsass.exe
O23 - Service: Network Connections - C:\WINDOWS\System32\svchost.exe
O23 - Service: Net.Tcp Port Sharing Service - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
O23 - Service: Network Location Awareness (NLA) - C:\WINDOWS\system32\svchost.exe
O23 - Service: NT LM Security Support Provider - C:\WINDOWS\system32\lsass.exe
O23 - Service: Removable Storage - C:\WINDOWS\system32\svchost.exe
O23 - Service: Microsoft Office Diagnostics Service - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
O23 - Service: Office Source Engine - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
O23 - Service: Plug and Play - C:\WINDOWS\system32\services.exe
O23 - Service: IPSEC Services - C:\WINDOWS\system32\lsass.exe
O23 - Service: Protected Storage - C:\WINDOWS\system32\lsass.exe
O23 - Service: Remote Access Auto Connection Manager - C:\WINDOWS\system32\svchost.exe
O23 - Service: Remote Access Connection Manager - C:\WINDOWS\system32\svchost.exe
O23 - Service: Remote Desktop Help Session Manager - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Routing and Remote Access - C:\WINDOWS\system32\svchost.exe
O23 - Service: Remote Procedure Call (RPC) Locator - C:\WINDOWS\system32\locator.exe
O23 - Service: Remote Procedure Call (RPC) - C:\WINDOWS\system32\svchost
O23 - Service: QoS RSVP - C:\WINDOWS\system32\rsvp.exe
O23 - Service: Security Accounts Manager - C:\WINDOWS\system32\lsass.exe
O23 - Service: Smart Card - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Task Scheduler - C:\WINDOWS\System32\svchost.exe
O23 - Service: Secondary Logon - C:\WINDOWS\System32\svchost.exe
O23 - Service: System Event Notification - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) - C:\WINDOWS\system32\svchost.exe
O23 - Service: Shell Hardware Detection - C:\WINDOWS\System32\svchost.exe
O23 - Service: Print Spooler - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: System Restore Service - C:\WINDOWS\system32\svchost.exe
O23 - Service: SSDP Discovery Service - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Image Acquisition (WIA) - C:\WINDOWS\system32\svchost.exe
O23 - Service: MS Software Shadow Copy Provider - C:\WINDOWS\system32\dllhost.exe
O23 - Service: Performance Logs and Alerts - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telephony - C:\WINDOWS\System32\svchost.exe
O23 - Service: Terminal Services - C:\WINDOWS\System32\svchost
O23 - Service: Themes - C:\WINDOWS\System32\svchost.exe
O23 - Service: Distributed Link Tracking Client - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows User Mode Driver Framework - C:\WINDOWS\system32\wdfmgr.exe
O23 - Service: Universal Plug and Play Device Host - C:\WINDOWS\system32\svchost.exe
O23 - Service: Uninterruptible Power Supply - C:\WINDOWS\System32\ups.exe
O23 - Service: Messenger Sharing Folders USN Journal Reader service - C:\Program Files\MSN Messenger\usnsvc.exe
O23 - Service: Volume Shadow Copy - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Windows Time - C:\WINDOWS\System32\svchost.exe
O23 - Service: WebClient - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Management Instrumentation - C:\WINDOWS\system32\svchost.exe
O23 - Service: Portable Media Serial Number Service - C:\WINDOWS\System32\svchost.exe
O23 - Service: WMI Performance Adapter - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Security Center - C:\WINDOWS\System32\svchost.exe
O23 - Service: Automatic Updates - C:\WINDOWS\system32\svchost.exe
O23 - Service: WUSB54GSv2SVC - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
O23 - Service: Wireless Zero Configuration - C:\WINDOWS\System32\svchost.exe
O23 - Service: Network Provisioning Service - C:\WINDOWS\System32\svchost.exe

Let me know what you think.

Share this post


Link to post
Share on other sites

Download ComboFix from one of these locations:

Link 1

Link 2

Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    See HERE for help
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. (C:\ComboFix.txt)

-----------------------------------------------------------

Post fresh logs for:

  • ComboFix (C:\combofix.txt)
  • a-squared Free

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Share this post


Link to post
Share on other sites

Downloaded ComboFix and ran, it did have to install 'Windows Recovery Console'. Here are the logs you wanted:

ComboFix log:

ComboFix 09-10-01.05 - Owner 10/02/2009 19:53.1.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.638.302 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1123796451-2654254777-2988347196-1003
c:\windows\Installer\1324b.msi
c:\windows\system32\AutoRun.inf
E:\Autorun.inf
F:\Autorun.inf

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


(((((((((((((((((((((((((   Files Created from 2009-09-03 to 2009-10-03  )))))))))))))))))))))))))))))))
.

2009-10-02 03:59 . 2009-10-02 03:59	--------	d-----w-	c:\program files\regcure
2009-10-02 03:51 . 2009-10-02 03:51	--------	d-----w-	c:\program files\ExplorerXP
2009-10-02 03:48 . 2009-10-02 09:31	--------	d-----w-	c:\program files\a-squared HiJackFree
2009-10-02 03:27 . 2005-01-14 06:41	11254	----a-w-	c:\windows\system32\locate.com
2009-10-02 03:27 . 2009-10-02 03:27	--------	d-----w-	C:\ISeeYouXP
2009-10-01 05:35 . 2009-03-30 14:33	96104	----a-w-	c:\windows\system32\drivers\avipbb.sys
2009-10-01 05:35 . 2009-02-13 16:29	22360	----a-w-	c:\windows\system32\drivers\avgntmgr.sys
2009-10-01 05:35 . 2009-02-13 16:17	45416	----a-w-	c:\windows\system32\drivers\avgntdd.sys
2009-10-01 05:35 . 2009-10-01 05:35	--------	d-----w-	c:\program files\Avira
2009-10-01 05:35 . 2009-10-01 05:35	--------	d-----w-	c:\documents and settings\All Users\Application Data\Avira
2009-10-01 04:37 . 2009-10-01 04:37	--------	d-----w-	c:\program files\Alwil Software
2009-09-30 07:37 . 2009-10-02 06:53	--------	d-----w-	c:\program files\a-squared Free
2009-09-30 07:06 . 2009-09-30 07:06	--------	d-----w-	c:\documents and settings\Owner\Application Data\Malwarebytes
2009-09-30 07:06 . 2009-09-30 07:06	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-30 05:22 . 2009-09-30 05:24	--------	d-----w-	c:\documents and settings\Owner\Local Settings\Application Data\ShippingAssistant
2009-09-22 03:21 . 2009-10-02 21:29	--------	d-----w-	c:\documents and settings\Owner\Application Data\HPAppData
2009-09-22 03:06 . 2009-09-22 03:07	--------	dc-h--w-	c:\windows\ie8
2009-09-21 11:24 . 2009-09-21 11:25	664	----a-w-	c:\windows\system32\d3d9caps.dat
2009-09-21 08:42 . 2009-09-21 08:42	--------	d-----w-	c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-21 08:42 . 2009-09-21 08:42	--------	d-----w-	c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-09-21 05:03 . 2009-10-02 02:44	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP
2009-09-21 05:02 . 2009-10-01 09:45	--------	d-----w-	c:\documents and settings\All Users\Application Data\PC Tools
2009-09-20 23:58 . 2009-09-20 23:58	552	----a-w-	c:\windows\system32\d3d8caps.dat
2009-09-20 22:04 . 2009-07-28 20:33	55656	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2009-09-20 08:04 . 2003-03-18 21:20	1060864	----a-w-	c:\windows\system32\MFC71.dll
2009-09-20 00:20 . 2009-10-02 03:06	0	----a-w-	c:\windows\win32k.sys
2009-09-08 21:26 . 2009-06-21 21:44	153088	-c----w-	c:\windows\system32\dllcache\triedit.dll
2009-09-08 21:26 . 2009-06-22 06:44	726528	-c--a-w-	c:\windows\system32\dllcache\jscript.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-02 08:42 . 2008-09-14 09:02	--------	d-----w-	c:\documents and settings\Owner\Application Data\OpenOffice.org2
2009-09-30 03:34 . 2009-08-05 04:05	--------	d-----w-	c:\program files\Tekin HotWire
2009-09-22 03:19 . 2008-09-13 08:32	--------	d-----w-	c:\program files\HP
2009-09-22 03:02 . 2008-09-13 06:50	--------	d-----w-	c:\program files\Google
2009-09-21 06:08 . 2008-09-15 18:08	--------	d-----w-	c:\documents and settings\All Users\Application Data\Lavasoft
2009-09-18 02:01 . 2008-09-13 09:31	--------	d-----w-	c:\program files\eMule
2009-09-06 01:31 . 2008-09-13 08:22	298680	----a-w-	c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-01 05:44 . 2009-09-01 05:38	--------	d-----w-	c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-01 05:43 . 2008-09-13 07:00	--------	d-----w-	c:\program files\Microsoft Works
2009-09-01 05:41 . 2009-09-01 05:41	--------	d-----w-	c:\program files\Microsoft.NET
2009-08-05 09:01 . 2008-09-13 05:30	204800	----a-w-	c:\windows\system32\mswebdvd.dll
2009-08-05 04:02 . 2008-09-13 06:56	--------	d-----w-	c:\program files\Java
2009-07-25 09:23 . 2008-12-12 22:33	411368	----a-w-	c:\windows\system32\deploytk.dll
2009-07-23 20:33 . 2008-09-13 08:28	141206	----a-w-	c:\windows\hpoins14.dat
2009-07-17 19:01 . 2008-09-13 05:24	58880	----a-w-	c:\windows\system32\atl.dll
2009-07-13 14:08 . 2008-09-13 05:32	286720	----a-w-	c:\windows\system32\wmpdxm.dll
2006-05-03 10:06 . 2009-01-07 05:06	163328	--sh--r-	c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2009-01-07 05:06	31232	--sh--r-	c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2009-01-07 05:06	216064	--sh--r-	c:\windows\system32\nbDX.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-04-05 16120832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/1/2009 1:35 AM 108289]
R2 WUSB54GSv2SVC;WUSB54GSv2SVC;c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [9/13/2008 5:13 AM 41025]
R3 Mach2;Mach2 Pulseing Service;c:\windows\system32\drivers\Mach2.sys [9/13/2008 4:59 AM 99936]
R3 XIRLINK;IBM PC Camera;c:\windows\system32\drivers\C-itNT.sys [9/13/2008 4:22 AM 587588]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; [x]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-10-03 c:\windows\Tasks\regcure program check.job
- c:\program files\RegCure\RegCure.exe [2009-10-02 03:59]

2009-10-02 c:\windows\Tasks\regcure.job
- c:\program files\RegCure\RegCure.exe [2009-10-02 03:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.diggitydesigns.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=W3502
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.23/cfweb_activex.camfrogweb.com-advanced-2.0.2.23_instmodule.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKLM-Run-Easy Dock - (no file)
Notify-avgrsstarter - avgrsstx.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-02 20:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(632)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1748)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\wdfmgr.exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-10-03 20:11 - machine was rebooted
ComboFix-quarantined-files.txt  2009-10-03 00:11

Pre-Run: 32,491,945,984 bytes free
Post-Run: 38,337,343,488 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

192	--- E O F ---	2009-10-02 19:08

A-Squared log:

a-squared Free - Version 4.5
Last update: 10/2/2009 8:22:13 PM

Scan settings:

Scan type: Deep Scan
Objects: Memory, Traces, Cookies, C:\, D:\, E:\, F:\
Scan archives: On
Heuristics: Off
ADS Scan: On

Scan start:	10/2/2009 8:22:44 PM

Value: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Emule --> Order 	detected: Trace.Registry.Emule 5.0!A2
Value: HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Emule --> Order 	detected: Trace.Registry.Emule 5.0!A2
Key: HKEY_USERS\.DEFAULT\software\PopRock\ 	detected: Trace.Registry.FraudPack!A2
Key: HKEY_USERS\S-1-5-18\software\PopRock\ 	detected: Trace.Registry.FraudPack!A2
c:\program files\regcure\ 	detected: Trace.Directory.RegCure!A2
c:\documents and settings\all users\start menu\programs\regcure\ 	detected: Trace.Directory.RegCure!A2
c:\documents and settings\owner\start menu\programs\regcure\ 	detected: Trace.Directory.RegCure!A2
c:\windows\tasks\regcure.job 	detected: Trace.File.RegCure!A2
c:\windows\tasks\regcure program check.job 	detected: Trace.File.RegCure!A2
Key: HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\RegCure 	detected: Trace.Registry.RegCure!A2
Key: HKEY_LOCAL_MACHINE\software\RegCure 	detected: Trace.Registry.RegCure!A2
c:\documents and settings\owner\application data\microsoft\internet explorer\quick launch\emule.lnk 	detected: Trace.File.Emule 5.0!A2
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt 	detected: Trace.TrackingCookie.atdmt!A2
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt 	detected: Trace.TrackingCookie.doubleclick!A2
E:\i386\Apps\App17981\comps\toolbar\toolbr.exe 	detected: Adware.Win32.SearchIt.t!A2

Scanned

Files: 	358394
Traces: 	642944
Cookies: 	30
Processes: 	42

Found

Files: 	1
Traces: 	12
Cookies: 	2
Processes: 	0
Registry keys: 	0

Scan end:	10/2/2009 10:37:16 PM
Scan time:	2:14:32

Share this post


Link to post
Share on other sites

RegCure is considered a "Potentially Unsafe Program", it is highly recommended that you uninstall RegCure. To do so:

Using Add or Remove Programs in the Control Panel; uninstall the following:

RegCure 1.5.0.0

-----------------------------------------------------------

If you have uninstalled RegCure; allow a-squred to delete the following:

Key: HKEY_USERS\.DEFAULT\software\PopRock\ 	detected: Trace.Registry.FraudPack!A2
Key: HKEY_USERS\S-1-5-18\software\PopRock\ 	detected: Trace.Registry.FraudPack!A2
c:\program files\regcure\ 	detected: Trace.Directory.RegCure!A2
c:\documents and settings\all users\start menu\programs\regcure\ 	detected: Trace.Directory.RegCure!A2
c:\documents and settings\owner\start menu\programs\regcure\ 	detected: Trace.Directory.RegCure!A2
c:\windows\tasks\regcure.job 	detected: Trace.File.RegCure!A2
c:\windows\tasks\regcure program check.job 	detected: Trace.File.RegCure!A2
Key: HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\RegCure 	detected: Trace.Registry.RegCure!A2
Key: HKEY_LOCAL_MACHINE\software\RegCure 	detected: Trace.Registry.RegCure!A2

In any course you should have a-squared delete the following:

E:\i386\Apps\App17981\comps\toolbar\toolbr.exe 	detected: Adware.Win32.SearchIt.t!A2

-----------------------------------------------------------

Post fresh logs for:

  • a-squared Free

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Share this post


Link to post
Share on other sites

Uninstalled and removed RegCure, deleted the specified items and ran a new scan.

A2 Scan:

a-squared Free - Version 4.5
Last update: 10/3/2009 9:34:15 PM

Scan settings:

Scan type: Deep Scan
Objects: Memory, Traces, Cookies, C:\, D:\, E:\, F:\
Scan archives: On
Heuristics: Off
ADS Scan: On

Scan start:	10/3/2009 9:47:28 PM

Value: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Emule --> Order 	detected: Trace.Registry.Emule 5.0!A2
Value: HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Emule --> Order 	detected: Trace.Registry.Emule 5.0!A2
c:\documents and settings\owner\application data\microsoft\internet explorer\quick launch\emule.lnk 	detected: Trace.File.Emule 5.0!A2
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt 	detected: Trace.TrackingCookie.247realmedia!A2
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt 	detected: Trace.TrackingCookie.2o7!A2
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt 	detected: Trace.TrackingCookie.advertising!A2
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt 	detected: Trace.TrackingCookie.atdmt!A2
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt 	detected: Trace.TrackingCookie.atdmt!A2
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt 	detected: Trace.TrackingCookie.bs.serving-sys!A2
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt 	detected: Trace.TrackingCookie.com!A2
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt 	detected: Trace.TrackingCookie.dealtime!A2
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt 	detected: Trace.TrackingCookie.doubleclick!A2
C:\Documents and Settings\Owner\Cookies\[email protected][3].txt 	detected: Trace.TrackingCookie.doubleclick!A2
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt 	detected: Trace.TrackingCookie.fastclick!A2
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt 	detected: Trace.TrackingCookie.media!A2
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt 	detected: Trace.TrackingCookie.media!A2
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt 	detected: Trace.TrackingCookie.pricegrabber!A2
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt 	detected: Trace.TrackingCookie.questionmarket!A2
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt 	detected: Trace.TrackingCookie.serving-sys!A2
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt 	detected: Trace.TrackingCookie.specificclick!A2
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt 	detected: Trace.TrackingCookie.stat.dealtime!A2
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt 	detected: Trace.TrackingCookie.tribalfusion!A2
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt 	detected: Trace.TrackingCookie.valueclick!A2
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt 	detected: Trace.TrackingCookie.zedo!A2
E:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP432\A0061978.exe 	detected: Adware.Win32.SearchIt.t!A2

Scanned

Files: 	368146
Traces: 	642944
Cookies: 	195
Processes: 	41

Found

Files: 	1
Traces: 	3
Cookies: 	22
Processes: 	0
Registry keys: 	0

Scan end:	10/4/2009 12:09:59 AM
Scan time:	2:22:31

Looking better yet? Computer is running allot faster and no signs of problems..Thanks...

Share this post


Link to post
Share on other sites

Your logs look fine.

Unless you are having problems from Malware it is time to do the final steps.

If you used ComboFix, uninstall ComboFix:

  • Click START then RUN and enter the below into the run box and then click OK. (Use only the command of the same name as your copy of combofix.)
  • AvoidTDSS /u or combofix /u
    Note: The space before /u, must be there.
    This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
  • Delete the C:\AvoidTDSS or C:\ComboFix folder from combofix.
    Delete everything in C:\!KillBox

Delete the following from your Desktop (If they exist)

Avenger.exe

Avenger.txt

Avenger.zip

DisableAutoRuns.reg

FixMe.reg

FixReg.reg

ISeeYouXP.exe

ISeeYouXP.lnk

ISeeYouXP.txt

Anything else I had you use

Delete the following: (If they exist)

C:\Avenger.txt

C:\Avenger

C:\ComboFix.txt

C:\ComboFix

C:\SDFix

C:\Qoobox

You can delete and uninstall any programs I had you download, that you do not wish to keep on the system.

Empty the Recycle Bin

Run ATF Cleaner

In the ISeeYouXP folder double-click HideIT.bat.

Turn off System restore to flush all your restore points then turn system restore back on.

To manually turn off System Restore, follow these steps:

1. Click Start, right-click My Computer, and then click Properties.

2. Click the System Restore tab.

3. Click to select the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.

4 Click Yes when you receive the prompt to the turn off System Restore.

To turn on System Restore, follow these steps:

1. Click Start, right-click My Computer, and then click Properties.

2. Click the System Restore tab.

3. Click to clear the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.

Delete C:\ISeeYouXP

Run Windows Update and update your Windows Operating System.

Run the Secunia Online Software Inspector, this will inspect your system for software that is out-of-date and in need of updating. Update anything program/application detected as being out-dated.

That should take care of everything.

Safe Surfing!

Share this post


Link to post
Share on other sites

Thanks a million ShadowPuterDude, everything seems to be A-OK... Hopefully I wont have to re-visit anytime soon... You guys do EXCELLENT work and I will highly recommend this service to anyone I know... Keep up the great work!!

thanks.......

Share this post


Link to post
Share on other sites

Thread Closed

Reason: Resolved

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.