Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Please help with malware infection  (Read 15687 times)

0 Members and 1 Guest are viewing this topic.

tongp

    Topic Starter


    Greenhorn

    Please help with malware infection
    « on: June 28, 2010, 02:56:42 PM »
    Hello,

    I would greatly appreciate some help with what I suspect is a virus infection.  This is on a "family desktop" running windows XP.  What I noticed first was that Firefox would spontaneously open new tabs to various commercial websites (go.com was one, I think).  Also, occasionally the appearance of the taskbar seemed odd (different font and background than usual).  My usual security stuff (nightly Symantec Antivirus scans, plus occasional AdAware scans) wasn't finding anything unusual, although Symantec did eventually find a problem but was unable to clean or quarantine it.  The text of the alert is below (if this is of interest):

    Symantec AniVirus Notification

    Scan type:  Manual Scan
    Event:  Risk Found!
    Risk: Downloader
    File:  C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\11\51bd4ccb-78f02e20>>AppleT.class
    Location:  C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\11
    Computer:  MADCAT
    User:  MADCAT\pam
    Action taken:  Cleaned by Deletion
    Date found: Sunday, June 27, 2010  8:15:25 PM

    Anyway, I eventually found this forum and followed the instructions on the "Read this before requesting malware removal help" thread.   The logs from SuperAntiSpyware, Malwarebyte's AntiMalware, and HijackThis are below.

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 06/27/2010 at 07:23 PM

    Application Version : 4.39.1002

    Core Rules Database Version : 5125
    Trace Rules Database Version: 2937

    Scan type       : Complete Scan
    Total Scan Time : 03:20:54

    Memory items scanned      : 632
    Memory threats detected   : 0
    Registry items scanned    : 6881
    Registry threats detected : 13
    File items scanned        : 184338
    File threats detected     : 630

    Browser Hijacker.Deskbar
       HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}
       HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0
       HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\0
       HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\0\win32
       HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\FLAGS
       HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\HELPDIR
       HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
       HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\ProxyStubClsid
       HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\ProxyStubClsid32
       HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\TypeLib
       HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\TypeLib#Version

    Malware.Trace
       HKU\S-1-5-21-1935655697-1659004503-1801674531-1006\SOFTWARE\AVSUITE
       HKLM\SOFTWARE\AVSUITE

    Adware.Tracking Cookie
       cdn4.specificclick.net [ C:\Documents and Settings\Ben\Application Data\Macromedia\Flash Player\#SharedObjects\S4YQVGJP ]
       interclick.com [ C:\Documents and Settings\Ben\Application Data\Macromedia\Flash Player\#SharedObjects\S4YQVGJP ]
       m.media-yoomee.com [ C:\Documents and Settings\Ben\Application Data\Macromedia\Flash Player\#SharedObjects\S4YQVGJP ]
       media.gamook.com [ C:\Documents and Settings\Ben\Application Data\Macromedia\Flash Player\#SharedObjects\S4YQVGJP ]
       memecounter.com [ C:\Documents and Settings\Ben\Application Data\Macromedia\Flash Player\#SharedObjects\S4YQVGJP ]
       spe.atdmt.com [ C:\Documents and Settings\Ben\Application Data\Macromedia\Flash Player\#SharedObjects\S4YQVGJP ]
       .atdmt.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .casalemedia.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .casalemedia.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .casalemedia.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .casalemedia.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .interclick.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .specificclick.net [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .specificclick.net [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .tribalfusion.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .atdmt.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .imrworldwide.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .imrworldwide.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .doubleclick.net [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       ad.yieldmanager.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .tacoda.net [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .tacoda.net [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .advertising.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .at.atwola.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       ad.yieldmanager.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .revsci.net [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .specificclick.net [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .bs.serving-sys.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .serving-sys.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .serving-sys.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .serving-sys.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .serving-sys.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .serving-sys.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .specificclick.net [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .atdmt.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .apmebf.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .fastclick.net [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .fastclick.net [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       www8.addfreestats.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .zedo.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .zedo.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .adrevolver.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .adrevolver.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       media.adrevolver.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .mediaplex.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .mediaplex.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .collective-media.net [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .advertising.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .advertising.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .advertising.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .advertising.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .a1.interclick.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .interclick.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .ads.pointroll.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .ads.pointroll.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .ads.pointroll.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .ads.pointroll.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .ads.pointroll.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .ads.pointroll.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .ads.pointroll.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .questionmarket.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .adinterax.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .adinterax.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .ordie.adbureau.net [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .ordie.adbureau.net [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .ordie.adbureau.net [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       cdn4.specificclick.net [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .specificclick.net [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .specificmedia.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .cracked.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .cracked.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       media.adrevolver.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .adrevolver.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .adrevolver.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       media.adrevolver.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .dmtracker.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .nextag.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .nextag.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .bluestreak.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .stpetersburgtimes.122.2o7.net [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .zedo.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .zedo.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       www.burstbeacon.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .burstbeacon.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .burstnet.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .burstnet.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       ads.gamersmedia.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       ads.gamersmedia.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       ad.yieldmanager.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       server.cpmstar.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .adlegend.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .microsoftwlcashback.112.2o7.net [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .videoegg.adbureau.net [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .ehg-legonewyorkinc.hitbox.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .hitbox.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .ehg-legonewyorkinc.hitbox.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       ad.yieldmanager.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .247realmedia.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .game-advertising-online.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .server.cpmstar.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .revsci.net [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .statcounter.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .247realmedia.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .adbrite.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .adbrite.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .adbrite.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .statcounter.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .lego.112.2o7.net [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .pointroll.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .msnportal.112.2o7.net [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .iacas.adbureau.net [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .iacas.adbureau.net [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .adbureau.net [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .pointroll.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .ads.pointroll.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .eyewonder.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .revsci.net [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .revsci.net [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       ad.yieldmanager.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .media6degrees.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .adserver.adtechus.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .media6degrees.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .media6degrees.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .eyewonder.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .hookedmediagroup.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .hookedmediagroup.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       ad.yieldmanager.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .overture.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .overture.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       cdn4.specificclick.net [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       cdn4.specificclick.net [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       cdn4.specificclick.net [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       cdn4.specificclick.net [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .invitemedia.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .invitemedia.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .specificclick.net [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .questionmarket.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .interclick.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .serving-sys.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .serving-sys.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .server.cpmstar.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .fastclick.net [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       ad.yieldmanager.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       cdn4.specificclick.net [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .hookedmediagroup.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .server.cpmstar.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .xm.xtendmedia.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\s6ltflfs.default\cookies.sqlite ]
       convoad.technoratimedia.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\AAXZ6M4W ]
       core.insightexpressai.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\AAXZ6M4W ]
       media-glam.pictela.net [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\AAXZ6M4W ]
       media.mtvnservices.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\AAXZ6M4W ]
       media.scanscout.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\AAXZ6M4W ]
       media1.break.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\AAXZ6M4W ]
       msnbcmedia.msn.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\AAXZ6M4W ]
       objects.tremormedia.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\AAXZ6M4W ]
       s0.2mdn.net [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\AAXZ6M4W ]
       secure-us.imrworldwide.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\AAXZ6M4W ]
       service.twistage.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\AAXZ6M4W ]
       static.2mdn.net [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\AAXZ6M4W ]
       C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
       C:\Documents and Settings\LocalService\Cookies\[email protected][3].txt
       C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
       C:\Documents and Settings\LocalService\Cookies\system@adcloudmedia[1].txt
       C:\Documents and Settings\LocalService\Cookies\system@adlegend[2].txt
       C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
       C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
       C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
       C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
       C:\Documents and Settings\LocalService\Cookies\[email protected][3].txt
       C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
       C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
       C:\Documents and Settings\LocalService\Cookies\system@apmebf[1].txt
       C:\Documents and Settings\LocalService\Cookies\system@bizzclick[1].txt
       C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
       C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
       C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
       C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
       C:\Documents and Settings\LocalService\Cookies\[email protected][3].txt
       C:\Documents and Settings\LocalService\Cookies\system@doubleclick[1].txt
       C:\Documents and Settings\LocalService\Cookies\system@fastclick[2].txt
       C:\Documents and Settings\LocalService\Cookies\system@imrworldwide[2].txt
       C:\Documents and Settings\LocalService\Cookies\system@invitemedia[1].txt
       C:\Documents and Settings\LocalService\Cookies\system@media6degrees[2].txt
       C:\Documents and Settings\LocalService\Cookies\system@revsci[1].txt
       C:\Documents and Settings\LocalService\Cookies\system@smartadx[1].txt
       C:\Documents and Settings\LocalService\Cookies\system@specificclick[2].txt
       C:\Documents and Settings\LocalService\Cookies\system@specificmedia[1].txt
       C:\Documents and Settings\LocalService\Cookies\system@specificmedia[2].txt
       C:\Documents and Settings\LocalService\Cookies\system@trafficmp[2].txt
       convoad.technoratimedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\F8DT7AEZ ]
       core.insightexpressai.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\F8DT7AEZ ]
       media-glam.pictela.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\F8DT7AEZ ]
       media.entertonement.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\F8DT7AEZ ]
       media.mtvnservices.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\F8DT7AEZ ]
       media.scanscout.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\F8DT7AEZ ]
       media1.break.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\F8DT7AEZ ]
       objects.tremormedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\F8DT7AEZ ]
       s0.2mdn.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\F8DT7AEZ ]
       secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\F8DT7AEZ ]
       C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
       C:\Documents and Settings\NetworkService\Cookies\system@adbrite[2].txt
       C:\Documents and Settings\NetworkService\Cookies\system@adecn[1].txt
       C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
       C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
       C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
       C:\Documents and Settings\NetworkService\Cookies\system@advertise[2].txt
       C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
       C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
       C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
       C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[1].txt
       C:\Documents and Settings\NetworkService\Cookies\system@edgeadx[1].txt
       C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[1].txt
       C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[1].txt
       C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
       C:\Documents and Settings\NetworkService\Cookies\system@pointroll[2].txt
       C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[2].txt
       C:\Documents and Settings\NetworkService\Cookies\system@realmedia[1].txt
       ads1.msn.com [ C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\#SharedObjects\VPA4NPSU ]
       cdn-www.pornhub.com [ C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\#SharedObjects\VPA4NPSU ]
       content.oddcast.com [ C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\#SharedObjects\VPA4NPSU ]
       m1.2mdn.net [ C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\#SharedObjects\VPA4NPSU ]
       macromedia.com [ C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\#SharedObjects\VPA4NPSU ]
       media.mtvnservices.com [ C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\#SharedObjects\VPA4NPSU ]
       media.scanscout.com [ C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\#SharedObjects\VPA4NPSU ]
       media.vmixcore.com [ C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\#SharedObjects\VPA4NPSU ]
       media1.break.com [ C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\#SharedObjects\VPA4NPSU ]
       media1.clubpenguin.com [ C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\#SharedObjects\VPA4NPSU ]
       mediaforgews.com [ C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\#SharedObjects\VPA4NPSU ]
       medianewsgroup.a.mms.mavenapps.net [ C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\#SharedObjects\VPA4NPSU ]
       memecounter.com [ C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\#SharedObjects\VPA4NPSU ]
       stmedia.startribune.com [ C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\#SharedObjects\VPA4NPSU ]
       www.pornhub.com [ C:\Documents and Settings\Pam\Application Data\Macromedia\Flash Player\#SharedObjects\VPA4NPSU ]
       .2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .hitbox.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .bizrate.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .bizrate.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .bizrate.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .bizrate.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .linksynergy.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .linksynergy.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .apmebf.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .apmebf.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .insightexpressai.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .hulu.112.2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .atdmt.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .healthgrades.112.2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .linksynergy.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .nextag.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .nextag.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .nextag.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .nextag.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .linksynergy.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       sales.liveperson.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .doubleclick.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       statse.webtrendslive.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       data.coremetrics.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .linksynergy.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .comparenetworks.112.2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .gandermountain.112.2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       county-map.digital-topo-maps.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .c21sandcounty.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .qksrv.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .qksrv.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .collective-media.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .linksynergy.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .linksynergy.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .linksynergy.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .statcounter.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       sales.liveperson.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       server.iad.liveperson.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .statcounter.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .statcounter.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .tracking.keywordmax.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       counter2.hitslink.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .northwestairlines.112.2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       ad.yieldmanager.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .nextstat.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .nextstat.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .nextstat.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .allegis.122.2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .bluestreak.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .roiservice.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .ticketsnow.112.2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .cookingcom.112.2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .s.clickability.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .s.clickability.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .www-stat.stanford.edu [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .imrworldwide.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .imrworldwide.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .mediafire.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .mediafire.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .mediafire.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .samsclub.112.2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .ge.112.2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .e-2dj6wjkoqidzsfo.stats.esomniture.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .e-2dj6wfmiupdpogp.stats.esomniture.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .e-2dj6wfkyggdzwgq.stats.esomniture.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .e-2dj6wdmicncjsbp.stats.esomniture.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .e-2dj6wmlywlc5chp.stats.esomniture.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .e-2dj6wjk4eldpigo.stats.esomniture.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .paypal.112.2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .stats.paypal.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .revsci.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .nasdaq.122.2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .ehg-aha.hitbox.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .ford.112.2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .statcounter.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .statcounter.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .ehg-zvents.hitbox.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .ehg-zvents.hitbox.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .statcounter.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .e-2dj6whk4kncpsco.stats.esomniture.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .e-2dj6wjlywmd5mkp.stats.esomniture.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .e-2dj6wcmiwgcjikp.stats.esomniture.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .e-2dj6wjkoaiczgbq.stats.esomniture.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .e-2dj6wfmywicjmdq.stats.esomniture.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .e-2dj6wjnycocpacp.stats.esomniture.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .statcounter.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .charmingshoppes.112.2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .dealtime.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       stat.dealtime.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .e-2dj6wglyapdpafp.stats.esomniture.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .millipore.112.2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .dmtracker.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .findinternettv.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .invitemedia.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .invitemedia.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .track.bestbuy.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .track.bestbuy.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .statcounter.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       server.iad.liveperson.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .farecastcom.122.2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .statcounter.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .microsoftoffice.112.2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       tracker.freerun.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .ehg-foxmovies.hitbox.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       stats.manticoretechnology.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       counter.hitslink.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .track.bestbuy.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .datacoremarketing.112.2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .track.bestbuy.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .microsoftwindows.112.2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .e-2dj6wjnygnczibp.stats.esomniture.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .e-2dj6wdlyugajkdo.stats.esomniture.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .e-2dj6walyggajaho.stats.esomniture.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .e-2dj6wcliuldjchp.stats.esomniture.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .accountonline.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .accountonline.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       www.accountonline.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .statcounter.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .wistar.org [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .msnbc.112.2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .e-2dj6wmlokiczaao.stats.esomniture.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .e-2dj6wgkiugc5weo.stats.esomniture.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .e-2dj6wjmiomajehp.stats.esomniture.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .ehg-scheringploughcorp.hitbox.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .ehg-scheringploughcorp.hitbox.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .ehg-scheringploughcorp.hitbox.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .ehg-scheringploughcorp.hitbox.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .e-2dj6wakoejdpsbo.stats.esomniture.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .e-2dj6wjkygpczoao.stats.esomniture.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .e-2dj6wfl4qkazwkp.stats.esomniture.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       caloriecount.about.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       caloriecount.about.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       caloriecount.about.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .caloriecount.about.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       server.lon.liveperson.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       server.lon.liveperson.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .statcounter.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .superarray.112.2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .e-2dj6wgmyeodpalo.stats.esomniture.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .e-2dj6wjkyghazgco.stats.esomniture.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .e-2dj6wjkycgajwgq.stats.esomniture.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .e-2dj6wnkoandjalo.stats.esomniture.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .e-2dj6wjkokjc5afp.stats.esomniture.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .e-2dj6wjmiaic5ofo.stats.esomniture.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .invitemedia.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .invitemedia.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .invitemedia.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .invitemedia.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .invitemedia.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .invitemedia.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .dominionenterprises.112.2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .timeinc.122.2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       find.myrecipes.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .tripod.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .ehg-cskautocorporation.hitbox.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       traffic.prod.cobaltgroup.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .petfinder.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .petfinder.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .petfinder.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .hearstmagazines.112.2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .dardenrestaurants.112.2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .bravenet.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .statcounter.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .e-2dj6wjmikgdzskp.stats.esomniture.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .highbeam.122.2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .statcounter.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .statcounter.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .ehg-becton.hitbox.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .generalelectric.112.2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .phg.hitbox.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .phg.hitbox.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .statcounter.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .jibjab.112.2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .amfam.112.2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .kelleybluebook.112.2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       service.liveperson.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .statcounter.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       server.iad.liveperson.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .allbritton.122.2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       link.mercent.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .2o7.net [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.default\cookies.sqlite ]
       .e-2dj6wmliwic5akp.stats.esomniture.com [ C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\ip1p7w2o.defaul

    Dr Jay

    • Malware Removal Specialist


    • Specialist
    • Moderator emeritus
    • Thanked: 119
    • Experience: Guru
    • OS: Windows 10
    Re: Please help with malware infection
    « Reply #1 on: June 28, 2010, 05:21:07 PM »
    Hello, and welcome to Computer Hope.

    Please note the following information about the malware forum:
    • Only the Malware Specialist Team is allowed to give advice on removing malware from your computer.
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
    • Please do not attach logs or post them in Quote/Code boxes unless requested.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, reply to this topic with the word BUMP
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Please download MySystem-Search from here: Download mirror
    • Save the file to your Desktop.
    • Double-click on mss.exe
    • Allow it to run, and follow the prompts.
    • Once done, it will launch a log.
    • Post it in your next reply.
    Note: the logs are long. Please use more than one post, if necessary.
    ~Dr Jay

    tongp

      Topic Starter


      Greenhorn

      Re: Please help with malware infection
      « Reply #2 on: June 28, 2010, 08:23:51 PM »
      MySystem-Search
       
       
      MSS v1.5
       
       
      Basic System Information
       
      Username: pam - Date: 06/28/2010 - Time: 21:17:55

      Microsoft Windows XP [Version 5.1.2600]
      Processor type: x86 Family 15 Model 35 Stepping 2, AuthenticAMD
      Total processors: 2
      Computer Name: MADCAT
      Logon Server: \\MADCAT
       
       
      CD Emulation Drivers running?
       
      Nero found!
       
       
      Peer-to-Peer applications?
       
       
       
      File associations
       
      .exe=exefile
      .scr=scrfile
      .pif=piffile
      .com=comfile
      .bat=batfile
      .cmd=cmdfile
      .log=txtfile
      .txt=txtfile
      .reg=regfile
      .sys=sysfile
      .dll=dllfile
      .ini=inifile
      .inf=inffile
       
       
      Running processes
       

      Image Name                   PID Session Name     Session#    Mem Usage
      ========================= ====== ================ ======== ============
      System Idle Process            0 Console                 0         28 K
      System                         4 Console                 0         60 K
      smss.exe                     728 Console                 0        244 K
      csrss.exe                    792 Console                 0      2,196 K
      winlogon.exe                 816 Console                 0      4,476 K
      services.exe                 864 Console                 0      1,840 K
      lsass.exe                    876 Console                 0      1,768 K
      svchost.exe                 1044 Console                 0      2,148 K
      svchost.exe                 1132 Console                 0      1,948 K
      svchost.exe                 1304 Console                 0     19,352 K
      svchost.exe                 1360 Console                 0        208 K
      svchost.exe                 1524 Console                 0      1,756 K
      svchost.exe                 1632 Console                 0        188 K
      ccSetMgr.exe                1692 Console                 0     26,576 K
      ccEvtMgr.exe                1736 Console                 0     36,344 K
      SPBBCSvc.exe                1844 Console                 0     39,160 K
      oacat.exe                   1872 Console                 0      1,192 K
      oasrv.exe                   1964 Console                 0      9,092 K
      AAWService.exe               136 Console                 0     12,840 K
      spoolsv.exe                  308 Console                 0      2,592 K
      cvpnd.exe                    624 Console                 0      1,448 K
      DefWatch.exe                 788 Console                 0     32,876 K
      GoogleUpdate.exe             424 Console                 0        324 K
      lxdeserv.exe                 248 Console                 0        200 K
      lxdecoms.exe                 692 Console                 0      3,532 K
      lxdicoms.exe                1004 Console                 0      2,140 K
      nvsvc32.exe                 2116 Console                 0      1,864 K
      GravitixService.exe         2228 Console                 0        728 K
      SavRoam.exe                 2736 Console                 0     26,004 K
      SeaPort.exe                 3112 Console                 0      1,204 K
      svchost.exe                 3268 Console                 0        208 K
      Rtvscan.exe                 3804 Console                 0    187,348 K
      WLService.exe               3960 Console                 0        148 K
      WUSB54GC.exe                 256 Console                 0      2,328 K
      PDSched.exe                  272 Console                 0        260 K
      unsecapp.exe                2768 Console                 0        228 K
      alg.exe                     2808 Console                 0        232 K
      wmiprvse.exe                3188 Console                 0        532 K
      explorer.exe                1484 Console                 0     10,032 K
      NvMixerTray.exe             3144 Console                 0        540 K
      pddm.exe                    3552 Console                 0        664 K
      E_FATIALA.EXE               3652 Console                 0        800 K
      lxdemon.exe                 3724 Console                 0        544 K
      lxdeamon.exe                3736 Console                 0      2,048 K
      acrotray.exe                4000 Console                 0        416 K
      sprtcmd.exe                  492 Console                 0        672 K
      lxdimon.exe                 1476 Console                 0        544 K
      lxdiamon.exe                1752 Console                 0      2,800 K
      AAWTray.exe                  540 Console                 0        412 K
      ccApp.exe                   2720 Console                 0     10,432 K
      VPTray.exe                  3828 Console                 0     10,864 K
      oaui.exe                     796 Console                 0      5,516 K
      ctfmon.exe                  3956 Console                 0      1,068 K
      SetPoint.exe                3876 Console                 0        756 K
      oahlp.exe                   2164 Console                 0      1,024 K
      KHALMNPR.exe                2784 Console                 0      2,548 K
      jusched.exe                 5192 Console                 0        196 K
      jqs.exe                     4232 Console                 0      1,420 K
      wmiprvse.exe                3252 Console                 0      4,576 K
      mDNSResponder.exe            580 Console                 0        180 K
      AppleMobileDeviceService.   4504 Console                 0      1,796 K
      iPodService.exe             4548 Console                 0      2,088 K
      iTunesHelper.exe            3520 Console                 0        884 K
      mss.exe                     5392 Console                 0      5,784 K
      cmd.exe                     5488 Console                 0      4,416 K
      tasklist.exe                4496 Console                 0      7,292 K
       
       
      Hidden objects
       
      PATH: C:\windows
       
      $hf_mig$
      $MSI31Uninstall_KB893803v2$
      $NtServicePackUninstall$
      $NtServicePackUninstallIDNMitigationAPIs$
      $NtServicePackUninstallNLSDownlevelMapping$
      $NtUninstallbasecsp$
      $NtUninstallKB873339$
      $NtUninstallKB885835$
      $NtUninstallKB885836$
      $NtUninstallKB886185$
      $NtUninstallKB887472$
      $NtUninstallKB888302$
      $NtUninstallKB890046$
      $NtUninstallKB890046_0$
      $NtUninstallKB890859$
      $NtUninstallKB891781$
      $NtUninstallKB893756$
      $NtUninstallKB894391$
      $NtUninstallKB896344$
      $NtUninstallKB896358$
      $NtUninstallKB896423$
      $NtUninstallKB896424$
      $NtUninstallKB896428$
      $NtUninstallKB898461$
      $NtUninstallKB899587$
      $NtUninstallKB899589$
      $NtUninstallKB899591$
      $NtUninstallKB900485$
      $NtUninstallKB900725$
      $NtUninstallKB900930$
      $NtUninstallKB901017$
      $NtUninstallKB901214$
      $NtUninstallKB902400$
      $NtUninstallKB904706$
      $NtUninstallKB904942$
      $NtUninstallKB905414$
      $NtUninstallKB905749$
      $NtUninstallKB908519$
      $NtUninstallKB908531$
      $NtUninstallKB910437$
      $NtUninstallKB911280$
      $NtUninstallKB911562$
      $NtUninstallKB911564$
      $NtUninstallKB911567$
      $NtUninstallKB911927$
      $NtUninstallKB912919$
      $NtUninstallKB913580$
      $NtUninstallKB914388$
      $NtUninstallKB914389$
      $NtUninstallKB914440$
      $NtUninstallKB915865$
      $NtUninstallKB916595$
      $NtUninstallKB917344$
      $NtUninstallKB917422$
      $NtUninstallKB917734_WMP10$
      $NtUninstallKB917953$
      $NtUninstallKB918118$
      $NtUninstallKB918439$
      $NtUninstallKB918899$
      $NtUninstallKB919007$
      $NtUninstallKB920213$
      $NtUninstallKB920214$
      $NtUninstallKB920342$
      $NtUninstallKB920670$
      $NtUninstallKB920683$
      $NtUninstallKB920685$
      $NtUninstallKB920872$
      $NtUninstallKB921398$
      $NtUninstallKB921503$
      $NtUninstallKB921883$
      $NtUninstallKB922582$
      $NtUninstallKB922616$
      $NtUninstallKB922819$
      $NtUninstallKB923191$
      $NtUninstallKB923414$
      $NtUninstallKB923561$
      $NtUninstallKB923689$
      $NtUninstallKB923694$
      $NtUninstallKB923980$
      $NtUninstallKB924191$
      $NtUninstallKB924270$
      $NtUninstallKB924496$
      $NtUninstallKB924667$
      $NtUninstallKB925398_WMP64$
      $NtUninstallKB925454$
      $NtUninstallKB925486$
      $NtUninstallKB925902$
      $NtUninstallKB926239$
      $NtUninstallKB926255$
      $NtUninstallKB926436$
      $NtUninstallKB927779$
      $NtUninstallKB927802$
      $NtUninstallKB927891$
      $NtUninstallKB928090$
      $NtUninstallKB928255$
      $NtUninstallKB928843$
      $NtUninstallKB929123$
      $NtUninstallKB929338$
      $NtUninstallKB929399$
      $NtUninstallKB929969$
      $NtUninstallKB930178$
      $NtUninstallKB930916$
      $NtUninstallKB931261$
      $NtUninstallKB931768$
      $NtUninstallKB931784$
      $NtUninstallKB931836$
      $NtUninstallKB932168$
      $NtUninstallKB933360$
      $NtUninstallKB933566$
      $NtUninstallKB933729$
      $NtUninstallKB935839$
      $NtUninstallKB935840$
      $NtUninstallKB936021$
      $NtUninstallKB936782_WMP11$
      $NtUninstallKB937143$
      $NtUninstallKB937894$
      $NtUninstallKB938127$
      $NtUninstallKB938464$
      $NtUninstallKB938828$
      $NtUninstallKB938829$
      $NtUninstallKB939653$
      $NtUninstallKB939683$
      $NtUninstallKB941202$
      $NtUninstallKB941568$
      $NtUninstallKB941569$
      $NtUninstallKB941644$
      $NtUninstallKB941693$
      $NtUninstallKB942615$
      $NtUninstallKB942763$
      $NtUninstallKB942840$
      $NtUninstallKB943055$
      $NtUninstallKB943460$
      $NtUninstallKB943485$
      $NtUninstallKB944338$
      $NtUninstallKB944533$
      $NtUninstallKB944653$
      $NtUninstallKB945553$
      $NtUninstallKB946026$
      $NtUninstallKB946627$
      $NtUninstallKB946648$
      $NtUninstallKB947864$
      $NtUninstallKB948590$
      $NtUninstallKB948881$
      $NtUninstallKB950749$
      $NtUninstallKB950759$
      $NtUninstallKB950759_0$
      $NtUninstallKB950760$
      $NtUninstallKB950762$
      $NtUninstallKB950762_0$
      $NtUninstallKB950974$
      $NtUninstallKB950974_0$
      $NtUninstallKB951066$
      $NtUninstallKB951066_0$
      $NtUninstallKB951072-v2$
      $NtUninstallKB951376$
      $NtUninstallKB951376-v2$
      $NtUninstallKB951376-v2_0$
      $NtUninstallKB951376_0$
      $NtUninstallKB951698$
      $NtUninstallKB951698_0$
      $NtUninstallKB951748$
      $NtUninstallKB951748_0$
      $NtUninstallKB951978$
      $NtUninstallKB952004$
      $NtUninstallKB952069_WM9$
      $NtUninstallKB952287$
      $NtUninstallKB952287_0$
      $NtUninstallKB952954$
      $NtUninstallKB952954_0$
      $NtUninstallKB953838$
      $NtUninstallKB953838_0$
      $NtUninstallKB953839$
      $NtUninstallKB954154_WM11$
      $NtUninstallKB954155_WM9$
      $NtUninstallKB954211$
      $NtUninstallKB954459$
      $NtUninstallKB954600$
      $NtUninstallKB954708$
      $NtUninstallKB955069$
      $NtUninstallKB955759$
      $NtUninstallKB955839$
      $NtUninstallKB956390$
      $NtUninstallKB956391$
      $NtUninstallKB956572$
      $NtUninstallKB956744$
      $NtUninstallKB956802$
      $NtUninstallKB956803$
      $NtUninstallKB956841$
      $NtUninstallKB956844$
      $NtUninstallKB957095$
      $NtUninstallKB957097$
      $NtUninstallKB958215$
      $NtUninstallKB958644$
      $NtUninstallKB958687$
      $NtUninstallKB958690$
      $NtUninstallKB958869$
      $NtUninstallKB959426$
      $NtUninstallKB959772_WM11$
      $NtUninstallKB960225$
      $NtUninstallKB960714$
      $NtUninstallKB960715$
      $NtUninstallKB960803$
      $NtUninstallKB960859$
      $NtUninstallKB961118$
      $NtUninstallKB961371$
      $NtUninstallKB961373$
      $NtUninstallKB961501$
      $NtUninstallKB961503$
      $NtUninstallKB963027$
      $NtUninstallKB967715$
      $NtUninstallKB968389$
      $NtUninstallKB968537$
      $NtUninstallKB968816_WM9$
      $NtUninstallKB969059$
      $NtUninstallKB969897$
      $NtUninstallKB969898$
      $NtUninstallKB969947$
      $NtUninstallKB970238$
      $NtUninstallKB970430$
      $NtUninstallKB970653-v3$
      $NtUninstallKB971468$
      $NtUninstallKB971486$
      $NtUninstallKB971557$
      $NtUninstallKB971633$
      $NtUninstallKB971657$
      $NtUninstallKB971737$
      $NtUninstallKB972270$
      $NtUninstallKB973346$
      $NtUninstallKB973354$
      $NtUninstallKB973507$
      $NtUninstallKB973525$
      $NtUninstallKB973540_WM9$
      $NtUninstallKB973687$
      $NtUninstallKB973815$
      $NtUninstallKB973869$
      $NtUninstallKB973904$
      $NtUninstallKB974112$
      $NtUninstallKB974318$
      $NtUninstallKB974392$
      $NtUninstallKB974571$
      $NtUninstallKB975025$
      $NtUninstallKB975467$
      $NtUninstallKB975560$
      $NtUninstallKB975561$
      $NtUninstallKB975713$
      $NtUninstallKB976098-v2$
      $NtUninstallKB977165$
      $NtUninstallKB977816$
      $NtUninstallKB977914$
      $NtUninstallKB978037$
      $NtUninstallKB978251$
      $NtUninstallKB978262$
      $NtUninstallKB978338$
      $NtUninstallKB978542$
      $NtUninstallKB978601$
      $NtUninstallKB978706$
      $NtUninstallKB979306$
      $NtUninstallKB979309$
      $NtUninstallKB979683$
      $NtUninstallKB980232$
      $NtUninstallKB981793$
      $NtUninstallMSCompPackV1$
      $NtUninstallWdf01005$
      $NtUninstallWMFDist11$
      $NtUninstallwmp11$
      $NtUninstallWudf01000$
      ftpcache
      ie8
      inf
      Installer
      msdownld.tmp
      QTFont.qfn
      WindowsShell.Manifest
      winnt.bmp
      winnt256.bmp
       
       
      PATH: C:\windows\system32
       
      cdplayer.exe.manifest
      dllcache
      GroupPolicy
      h6o8qxt.dll
      logonui.exe.manifest
      mlfcache.dat
      ncpa.cpl.manifest
      nwc.cpl.manifest
      sapi.cpl.manifest
      WindowsLogon.manifest
      wuaucpl.cpl.manifest
       
       
      PATH: C:\windows\system32\drivers
       
      MsftWdf_Kernel_01005_Coinstaller_Critic al.Wdf
      Msft_Kernel_LMouFilt_01005.Wdf
      Msft_Kernel_NuidFltr_01005.Wdf
       
       
      PATH: C:\
       
      boot.ini
      Config.Msi
      IO.SYS
      MSDOS.SYS
      NTDETECT.COM
      ntldr
      pagefile.sys
      RECYCLER
      System Volume Information
       
       
      User Profile check
       
      public
       

      ! REG.EXE VERSION 3.0

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
          ProfilesDirectory   REG_EXPAND_SZ   %SystemDrive%\Documents and Settings
          DefaultUserProfile   REG_SZ   Default User
          AllUsersProfile   REG_SZ   All Users

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
          Flags   REG_DWORD   0xc
          State   REG_DWORD   0x0
          RefCount   REG_DWORD   0x1
          Sid   REG_BINARY   010100000000000512000000
          ProfileImagePath   REG_EXPAND_SZ   %systemroot%\system32\config\systemprofile

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
          ProfileImagePath   REG_EXPAND_SZ   %SystemDrive%\Documents and Settings\LocalService
          Sid   REG_BINARY   010100000000000513000000
          Flags   REG_DWORD   0x9
          State   REG_DWORD   0x0
          CentralProfile   REG_SZ   
          ProfileLoadTimeLow   REG_DWORD   0x625d2c6e
          ProfileLoadTimeHigh   REG_DWORD   0x1cb16fe
          RefCount   REG_DWORD   0x2

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
          ProfileImagePath   REG_EXPAND_SZ   %SystemDrive%\Documents and Settings\NetworkService
          Sid   REG_BINARY   010100000000000514000000
          Flags   REG_DWORD   0x9
          State   REG_DWORD   0x0
          CentralProfile   REG_SZ   
          ProfileLoadTimeLow   REG_DWORD   0x5eaf6b90
          ProfileLoadTimeHigh   REG_DWORD   0x1cb16fe
          RefCount   REG_DWORD   0x2

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1935655697-1659004503-1801674531-1003
          ProfileImagePath   REG_EXPAND_SZ   %SystemDrive%\Documents and Settings\Pam
          Sid   REG_BINARY   01050000000000051500000011C35F735766E26 2235F636BEB030000
          Flags   REG_DWORD   0x0
          State   REG_DWORD   0x100
          CentralProfile   REG_SZ   
          ProfileLoadTimeLow   REG_DWORD   0x773acc0a
          ProfileLoadTimeHigh   REG_DWORD   0x1cb13e7
          RefCount   REG_DWORD   0x1
          RunLogonScriptSync   REG_DWORD   0x0
          OptimizedLogonStatus   REG_DWORD   0xb

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1935655697-1659004503-1801674531-1006
          ProfileImagePath   REG_EXPAND_SZ   %SystemDrive%\Documents and Settings\pam.D6813
          Sid   REG_BINARY   01050000000000051500000011C35F735766E26 2235F636BEE030000
          Flags   REG_DWORD   0x0
          State   REG_DWORD   0x100
          CentralProfile   REG_SZ   
          ProfileLoadTimeLow   REG_DWORD   0xb99c39de
          ProfileLoadTimeHigh   REG_DWORD   0x1cb16fe
          RefCount   REG_DWORD   0x1
          RunLogonScriptSync   REG_DWORD   0x0
          OptimizedLogonStatus   REG_DWORD   0xb
          NextLogonCacheable   REG_DWORD   0x1

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1935655697-1659004503-1801674531-1008
          ProfileImagePath   REG_EXPAND_SZ   %SystemDrive%\Documents and Settings\Ben
          Sid   REG_BINARY   01050000000000051500000011C35F735766E26 2235F636BF0030000
          Flags   REG_DWORD   0x0
          State   REG_DWORD   0x0
          CentralProfile   REG_SZ   
          ProfileLoadTimeLow   REG_DWORD   0xd4ef89d6
          ProfileLoadTimeHigh   REG_DWORD   0x1cb172e
          RefCount   REG_DWORD   0x0
          RunLogonScriptSync   REG_DWORD   0x0
          OptimizedLogonStatus   REG_DWORD   0xb
          NextLogonCacheable   REG_DWORD   0x1

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1935655697-1659004503-1801674531-500
          ProfileImagePath   REG_EXPAND_SZ   %SystemDrive%\Documents and Settings\Administrator
          Sid   REG_BINARY   01050000000000051500000011C35F735766E26 2235F636BF4010000
          Flags   REG_DWORD   0x0
          State   REG_DWORD   0x100
          CentralProfile   REG_SZ   
          ProfileLoadTimeLow   REG_DWORD   0x5aa73f3c
          ProfileLoadTimeHigh   REG_DWORD   0x1c71af9
          RefCount   REG_DWORD   0x0
          RunLogonScriptSync   REG_DWORD   0x0

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1935655697-1659004503-1801674531-501
          ProfileImagePath   REG_EXPAND_SZ   %SystemDrive%\Documents and Settings\Guest
          Sid   REG_BINARY   01050000000000051500000011C35F735766E26 2235F636BF5010000
          Flags   REG_DWORD   0x0
          State   REG_DWORD   0x80
          CentralProfile   REG_SZ   
          ProfileLoadTimeLow   REG_DWORD   0xf65c4ea0
          ProfileLoadTimeHigh   REG_DWORD   0x1cb0dd9
          RefCount   REG_DWORD   0x0
          RunLogonScriptSync   REG_DWORD   0x0
          OptimizedLogonStatus   REG_DWORD   0xb
       
       
      Current Scheduled Tasks
       
      PATH: C:\Windows\Tasks
       
      Ad-Aware Update (Weekly).job
      AppleSoftwareUpdate.job
      GoogleUpdateTaskMachineCore1cb0c9868f98 95c.job
      RealUpgradeLogonTaskS-1-5-21-1935655697-1659004503-1801674531-1003.job
      RealUpgradeLogonTaskS-1-5-21-1935655697-1659004503-1801674531-1006.job
      RealUpgradeLogonTaskS-1-5-21-1935655697-1659004503-1801674531-1008.job
      RealUpgradeScheduledTaskS-1-5-21-1935655697-1659004503-1801674531-1003.job
      RealUpgradeScheduledTaskS-1-5-21-1935655697-1659004503-1801674531-1006.job
      RealUpgradeScheduledTaskS-1-5-21-1935655697-1659004503-1801674531-1008.job
      WGASetup.job
      desktop.ini
      SA.DAT
       
       
      Windows Drivers and NT-Services
       
       Volume in drive C is Hard Disk
       Volume Serial Number is 5C24-151F

       Directory of C:\Windows\System32\Drivers

      04/03/2007  03:30 PM                 0 MsftWdf_Kernel_01005_Coinstaller_Critic al.Wdf
      04/03/2007  03:30 PM                 0 Msft_Kernel_LMouFilt_01005.Wdf
      07/04/2009  04:00 PM                 0 Msft_Kernel_NuidFltr_01005.Wdf
                     3 File(s)              0 bytes
                     0 Dir(s)  23,335,501,824 bytes free
       Volume in drive C is Hard Disk
       Volume Serial Number is 5C24-151F

       Directory of C:\Windows\System32\Drivers

      08/17/2001  08:46 AM             6,400 enum1394.sys
      08/17/2001  08:51 AM             3,328 pciide.sys
      08/17/2001  08:59 AM             3,072 audstub.sys
      08/17/2001  01:48 PM            12,160 mouhid.sys
      08/17/2001  02:12 PM             2,944 BrFilt.sys
      08/17/2001  02:12 PM            60,416 BrSerWdm.sys
      08/17/2001  02:12 PM            11,008 BrUsbMdm.sys
      08/17/2001  02:12 PM            10,368 BrUsbScn.sys
      07/17/2004  11:35 AM            67,866 netwlan5.img
      07/17/2004  11:36 AM            64,352 ativmc20.cod
      07/17/2004  10:55 PM           129,045 cxthsfs2.cty
      08/03/2004  10:29 PM           701,440 ati2mtag.sys
      08/03/2004  10:29 PM            57,856 atinbtxx.sys
      08/03/2004  10:29 PM           327,040 ati2mtaa.sys
      08/03/2004  10:29 PM            12,047 ati1pdxx.sys
      08/03/2004  10:29 PM            56,623 ati1btxx.sys
      08/03/2004  10:29 PM            11,615 ati1mdxx.sys
      08/03/2004  10:29 PM            13,824 atinmdxx.sys
      08/03/2004  10:29 PM            52,224 atinraxx.sys
      08/03/2004  10:29 PM            14,336 atinpdxx.sys
      08/03/2004  10:29 PM           104,960 atinrvxx.sys
      08/03/2004  10:29 PM            28,672 atinsnxx.sys
      08/03/2004  10:29 PM            73,216 atintuxx.sys
      08/03/2004  10:29 PM            31,744 atinxbxx.sys
      08/03/2004  10:29 PM            34,735 ati1xsxx.sys
      08/03/2004  10:29 PM            29,455 ati1xbxx.sys
      08/03/2004  10:29 PM            36,463 ati1tuxx.sys
      08/03/2004  10:29 PM            21,343 ati1ttxx.sys
      08/03/2004  10:29 PM            63,488 atinxsxx.sys
      08/03/2004  10:29 PM            63,663 ati1rvxx.sys
      08/03/2004  10:29 PM            13,824 atinttxx.sys
      08/03/2004  10:29 PM            30,671 ati1raxx.sys
      08/03/2004  10:29 PM            26,367 ati1snxx.sys
      08/03/2004  10:29 PM           452,736 mtxparhm.sys
      08/03/2004  10:29 PM            11,295 wadv08nt.sys
      08/03/2004  10:29 PM            11,807 wadv07nt.sys
      08/03/2004  10:29 PM            11,871 wadv09nt.sys
      08/03/2004  10:29 PM            11,935 wadv11nt.sys
      08/03/2004  10:29 PM            22,271 watv06nt.sys
      08/03/2004  10:29 PM            25,471 watv10nt.sys
      08/03/2004  10:29 PM           166,912 s3gnbm.sys
      08/03/2004  10:41 PM         1,309,184 mtlstrm.sys
      08/03/2004  10:41 PM           180,360 ntmtlfax.sys
      08/03/2004  10:41 PM           126,686 mtlmnt5.sys
      08/03/2004  10:41 PM            13,776 recagent.sys
      08/03/2004  10:41 PM           129,535 slnt7554.sys
      08/03/2004  10:41 PM           404,990 slntamr.sys
      08/03/2004  10:41 PM            95,424 slnthal.sys
      08/03/2004  10:41 PM            13,240 slwdmsup.sys
      08/03/2004  10:41 PM           220,032 hsfbs2s2.sys
      08/03/2004  10:41 PM           685,056 hsfcxts2.sys
      08/03/2004  10:41 PM            11,868 mdmxsdk.sys
      08/03/2004  10:41 PM         1,041,536 hsfdpsp2.sys
      08/04/2004  07:00 AM             4,736 usbd.sys
      08/04/2004  07:00 AM           352,256 atmuni.sys
      08/04/2004  07:00 AM             4,224 rdpcdd.sys
      08/04/2004  07:00 AM            34,432 rawwan.sys
      08/04/2004  07:00 AM            16,512 raspti.sys
      08/04/2004  07:00 AM             8,832 rasacd.sys
      08/04/2004  07:00 AM            31,360 atmepvc.sys
      08/04/2004  07:00 AM            21,376 tsbvcap.sys
      08/04/2004  07:00 AM         3,440,660 gm.dls
      08/04/2004  07:00 AM             4,224 beep.sys
      08/04/2004  07:00 AM             7,680 mcd.sys
      08/04/2004  07:00 AM            12,032 rio8drv.sys
      08/04/2004  07:00 AM               646 gmreadme.txt
      08/04/2004  07:00 AM            51,712 tosdvd.sys
      08/04/2004  07:00 AM            32,896 ipfltdrv.sys
      08/04/2004  07:00 AM            17,792 ptilink.sys
      08/04/2004  07:00 AM             6,784 parvdm.sys
      08/04/2004  07:00 AM             3,456 oprghdlr.sys
      08/04/2004  07:00 AM            55,936 nwlnkspx.sys
      08/04/2004  07:00 AM            63,232 nwlnknb.sys
      08/04/2004  07:00 AM            32,512 nwlnkfwd.sys
      08/04/2004  07:00 AM            13,952 cbidf2k.sys
      08/04/2004  07:00 AM            18,688 cdaudio.sys
      08/04/2004  07:00 AM            12,416 nwlnkflt.sys
      08/04/2004  07:00 AM            12,032 riodrv.sys
      08/04/2004  07:00 AM             4,224 mnmdd.sys
      08/04/2004  07:00 AM           262,528 cinemst2.sys
      08/04/2004  07:00 AM           125,056 ftdisk.sys
      08/04/2004  07:00 AM            11,776 cpqdap01.sys
      08/04/2004  07:00 AM             7,936 fs_rec.sys
      08/04/2004  07:00 AM            12,160 fsvga.sys
      08/04/2004  07:00 AM            58,112 vdmindvd.sys
      08/04/2004  07:00 AM            11,648 acpiec.sys
      08/04/2004  07:00 AM             5,888 rootmdm.sys
      08/04/2004  07:00 AM            12,032 ws2ifsl.sys
      08/04/2004  07:00 AM             4,352 wmilib.sys
      08/04/2004  07:00 AM             3,328 dxgthk.sys
      08/04/2004  07:00 AM            12,032 nikedrv.sys
      08/04/2004  07:00 AM            10,496 dxapi.sys
      08/04/2004  07:00 AM            14,592 smclib.sys
      08/04/2004  07:00 AM             5,888 dmload.sys
      08/04/2004  07:00 AM             2,944 null.sys
      02/01/2005  07:18 PM            17,992 bcm42rly.sys
      02/23/2005  02:58 PM            11,776 afc.sys
      06/22/2005  01:47 AM             6,016 ALLOW-IO.SYS
      07/26/2005  07:58 AM            53,376 nvax.sys
      07/26/2005  08:01 AM           415,360 nvapu.sys
      07/26/2005  08:02 AM            66,688 nvarm.sys
      07/26/2005  08:02 AM           923,520 nvmcp.sys
      08/18/2005  12:52 PM            93,568 nvatabus.sys
      11/22/2005  12:33 PM            61,456 defrag32.sys
      11/22/2005  12:33 PM            61,456 defrag32b.sys
      11/24/2005  08:51 PM           245,248 rt73.sys
      12/01/2005  06:57 PM            21,760 point32.sys
      01/01/2006  04:13 PM    <DIR>          disdn
      01/01/2006  04:14 PM    <DIR>          etc
      05/01/2006  06:27 PM           100,736 nvata.sys
      05/16/2006  08:24 PM           261,120 nvsnpu.sys
      05/16/2006  08:24 PM         1,075,328 nvnrm.sys
      05/16/2006  08:24 PM           109,568 nvtcp.sys
      05/16/2006  08:25 PM            52,736 NVENETFD.sys
      05/16/2006  08:25 PM            18,944 nvnetbus.sys
      06/27/2006  03:24 PM            31,744 AmdTools.sys
      07/01/2006  11:39 PM            36,864 AmdK8.sys
      07/12/2006  02:19 PM         3,934,592 nv4_mini.sys
      09/28/2006  07:55 PM            77,568 WudfPf.sys
      09/28/2006  08:00 PM            82,944 WudfRd.sys
      10/18/2006  09:00 PM            38,528 wpdusb.sys
      11/02/2006  07:22 AM            32,224 wdfldr.sys
      11/02/2006  07:22 AM           492,000 wdf01000.sys
      11/12/2006  09:09 PM           114,048 snapman.sys
      11/12/2006  09:09 PM           395,744 timntr.sys
      11/12/2006  09:09 PM            39,264 tifsfilt.sys
      12/12/2006  08:01 PM             8,413 mcstrm.sys
      12/31/2006  08:28 PM    <DIR>          UMDF
      01/18/2007  05:28 PM             5,275 CVirtA.sys
      01/23/2007  03:45 PM            34,576 LHidFilt.Sys
      01/23/2007  03:45 PM            33,296 LMouFilt.Sys
      11/13/2007  05:25 AM            20,480 secdrv.sys
      02/29/2008  03:12 AM            20,240 L8042Kbd.sys
      02/29/2008  03:12 AM            63,120 L8042mou.Sys
      02/29/2008  03:13 AM            79,120 LMouKE.Sys
      03/03/2008  07:46 PM            20,747 AegisP.sys
      03/29/2008  05:36 PM           125,328 dne2000.sys
      04/13/2008  11:36 AM           144,384 hdaudbus.sys
      04/13/2008  11:39 AM           142,592 aec.sys
      04/13/2008  01:31 PM            35,840 processr.sys
      04/13/2008  01:31 PM            42,752 p3.sys
      04/13/2008  01:31 PM            37,376 amdk6.sys
      04/13/2008  01:31 PM            36,352 intelppm.sys
      04/13/2008  01:31 PM            36,736 crusoe.sys
      04/13/2008  01:31 PM            37,760 amdk7.sys
      04/13/2008  01:32 PM            66,048 udfs.sys
      04/13/2008  01:32 PM            30,848 npfs.sys
      04/13/2008  01:32 PM            19,072 msfs.sys
      04/13/2008  01:32 PM           180,608 mrxdav.sys
      04/13/2008  01:32 PM           196,224 rdpdr.sys
      04/13/2008  01:32 PM           129,792 fltmgr.sys
      04/13/2008  01:33 PM            44,544 fips.sys
      04/13/2008  01:34 PM           163,584 nwrdr.sys
      04/13/2008  01:36 PM             5,888 smbali.sys
      04/13/2008  01:36 PM           187,776 acpi.sys
      04/13/2008  01:36 PM            42,368 agp440.sys
      04/13/2008  01:36 PM            42,752 alim1541.sys
      04/13/2008  01:36 PM            40,960 sisagp.sys
      04/13/2008  01:36 PM            43,008 amdagp.sys
      04/13/2008  01:36 PM            44,928 agpcpq.sys
      04/13/2008  01:36 PM            46,464 gagp30kx.sys
      04/13/2008  01:36 PM            44,672 uagp35.sys
      04/13/2008  01:36 PM            42,240 viaagp.sys
      04/13/2008  01:36 PM            63,744 mf.sys
      04/13/2008  01:36 PM            37,248 isapnp.sys
      04/13/2008  01:36 PM           120,192 pcmcia.sys
      04/13/2008  01:36 PM            79,232 sdbus.sys
      04/13/2008  01:36 PM            68,224 pci.sys
      04/13/2008  01:36 PM            15,488 mssmbios.sys
      04/13/2008  01:36 PM            73,472 sr.sys
      04/13/2008  01:38 PM            71,168 dxg.sys
      04/13/2008  01:39 PM            92,544 mqac.sys
      04/13/2008  01:39 PM           384,768 update.sys
      04/13/2008  01:39 PM            42,368 mountmgr.sys
      04/13/2008  01:39 PM            23,040 mouclass.sys
      04/13/2008  01:39 PM            24,576 kbdclass.sys
      04/13/2008  01:39 PM            14,592 kbdhid.sys
      04/13/2008  01:39 PM             5,376 mspclock.sys
      04/13/2008  01:39 PM             4,992 mspqm.sys
      04/13/2008  01:39 PM             7,552 mskssrv.sys
      04/13/2008  01:39 PM             4,352 swenum.sys
      04/13/2008  01:40 PM            80,128 parport.sys
      04/13/2008  01:40 PM            15,744 serenum.sys
      04/13/2008  01:40 PM            27,392 fdc.sys
      04/13/2008  01:40 PM            20,480 flpydisk.sys
      04/13/2008  01:40 PM            57,600 redbook.sys
      04/13/2008  01:40 PM            24,960 pciidex.sys
      04/13/2008  01:40 PM            96,384 scsiport.sys
      04/13/2008  01:40 PM            96,512 atapi.sys
      04/13/2008  01:40 PM            14,208 diskdump.sys
      04/13/2008  01:40 PM            62,976 cdrom.sys
      04/13/2008  01:40 PM            36,352 disk.sys
      04/13/2008  01:40 PM            11,008 sffp_sd.sys
      04/13/2008  01:40 PM            11,904 sffdisk.sys
      04/13/2008  01:40 PM            10,240 sffp_mmc.sys
      04/13/2008  01:40 PM            11,392 sfloppy.sys
      04/13/2008  01:40 PM            19,712 partmgr.sys
      04/13/2008  01:40 PM            14,976 tape.sys
      04/13/2008  01:40 PM            42,112 imapi.sys
      04/13/2008  01:41 PM            52,352 volsnap.sys
      04/13/2008  01:43 PM            14,208 wacompen.sys
      04/13/2008  01:43 PM            12,672 mutohpen.sys
      04/13/2008  01:44 PM            20,992 vga.sys
      04/13/2008  01:44 PM            81,664 videoprt.sys
      04/13/2008  01:44 PM           153,344 dmio.sys
      04/13/2008  01:44 PM           799,744 dmboot.sys
      04/13/2008  01:45 PM            52,864 dmusic.sys
      04/13/2008  01:45 PM             6,272 splitter.sys
      04/13/2008  01:45 PM            56,576 swmidi.sys
      04/13/2008  01:45 PM           172,416 kmixer.sys
      04/13/2008  01:45 PM            60,032 USBAUDIO.sys
      04/13/2008  01:45 PM             2,944 drmkaud.sys
      04/13/2008  01:45 PM            60,160 drmk.sys
      04/13/2008  01:45 PM            49,408 stream.sys
      04/13/2008  01:45 PM            24,960 hidparse.sys
      04/13/2008  01:45 PM            36,864 hidclass.sys
      04/13/2008  01:45 PM            19,200 hidir.sys
      04/13/2008  01:45 PM            10,368 hidusb.sys
      04/13/2008  01:45 PM            46,592 irbus.sys
      04/13/2008  01:45 PM            15,104 usbscan.sys
      04/13/2008  01:45 PM            17,152 usbohci.sys
      04/13/2008  01:45 PM            30,208 usbehci.sys
      04/13/2008  01:45 PM           143,872 usbport.sys
      04/13/2008  01:45 PM            59,520 usbhub.sys
      04/13/2008  01:45 PM            26,368 usbstor.sys
      04/13/2008  01:45 PM            32,128 usbccgp.sys
      04/13/2008  01:45 PM            25,600 usbcamd.sys
      04/13/2008  01:45 PM            25,728 usbcamd2.sys
      04/13/2008  01:45 PM            15,872 usbintel.sys
      04/13/2008  01:46 PM            25,344 sonydcam.sys
      04/13/2008  01:46 PM            61,696 ohci1394.sys
      04/13/2008  01:46 PM            53,376 1394bus.sys
      04/13/2008  01:46 PM           121,984 usbvideo.sys
      04/13/2008  01:46 PM            18,944 bthusb.sys
      04/13/2008  01:46 PM            25,600 hidbth.sys
      04/13/2008  01:46 PM            36,480 bthprint.sys
      04/13/2008  01:46 PM            59,136 rfcomm.sys
      04/13/2008  01:46 PM            37,888 bthmodem.sys
      04/13/2008  01:46 PM            17,024 bthenum.sys
      04/13/2008  01:47 PM            25,856 usbprint.sys
      04/13/2008  01:51 PM            60,800 arp1394.sys
      04/13/2008  01:51 PM            61,824 nic1394.sys
      04/13/2008  01:51 PM            59,904 atmarpc.sys
      04/13/2008  01:51 PM            55,808 atmlane.sys
      04/13/2008  01:51 PM           101,120 bthpan.sys
      04/13/2008  01:53 PM            40,320 nmnt.sys
      04/13/2008  01:53 PM            71,552 bridge.sys
      04/13/2008  01:53 PM            36,608 ip6fw.sys
      04/13/2008  01:54 PM            11,264 irenum.sys
      04/13/2008  01:55 PM            14,592 ndisuio.sys
      04/13/2008  01:56 PM            12,288 tunmp.sys
      04/13/2008  01:56 PM            34,688 netbios.sys
      04/13/2008  01:56 PM            88,320 nwlnkipx.sys
      04/13/2008  01:56 PM            35,072 msgpc.sys
      04/13/2008  01:56 PM            69,120 psched.sys
      04/13/2008  01:56 PM            30,592 rndismpx.sys
      04/13/2008  01:56 PM            12,800 usb8023x.sys
      04/13/2008  01:56 PM            12,800 usb8023.sys
      04/13/2008  01:56 PM            30,592 rndismp.sys
      04/13/2008  01:57 PM            20,864 ipinip.sys
      04/13/2008  01:57 PM           152,832 ipnat.sys
      04/13/2008  01:57 PM            34,560 wanarp.sys
      04/13/2008  01:57 PM            10,112 ndistapi.sys
      04/13/2008  01:57 PM            14,336 asyncmac.sys
      04/13/2008  01:57 PM            40,576 ndproxy.sys
      04/13/2008  01:57 PM            41,472 raspppoe.sys
      04/13/2008  02:00 PM            19,072 tdi.sys
      04/13/2008  02:00 PM            30,080 modem.sys
      04/13/2008  02:14 PM            63,744 cdfs.sys
      04/13/2008  02:14 PM           143,744 fastfat.sys
      04/13/2008  02:15 PM            64,512 serial.sys
      04/13/2008  02:15 PM           574,976 ntfs.sys
      04/13/2008  02:15 PM            60,800 sysaudio.sys
      04/13/2008  02:16 PM            49,536 classpnp.sys
      04/13/2008  02:16 PM           141,056 ks.sys
      04/13/2008  02:17 PM           105,344 mup.sys
      04/13/2008  02:17 PM            83,072 wdmaud.sys
      04/13/2008  02:18 PM            52,480 i8042prt.sys
      04/13/2008  02:19 PM            75,264 ipsec.sys
      04/13/2008  02:19 PM           146,048 portcls.sys
      04/13/2008  02:19 PM            51,328 rasl2tp.sys
      04/13/2008  02:19 PM            48,384 raspptp.sys
      04/13/2008  02:20 PM           182,656 ndis.sys
      04/13/2008  02:20 PM            91,520 ndiswan.sys
      04/13/2008  02:21 PM           162,816 netbt.sys
      04/13/2008  02:28 PM           175,744 rdbss.sys
      04/13/2008  07:11 PM             3,135 adv08nt5.dll
      04/13/2008  07:11 PM             3,775 adv11nt5.dll
      04/13/2008  07:11 PM             3,647 adv07nt5.dll
      04/13/2008  07:11 PM             3,615 adv05nt5.dll
      04/13/2008  07:11 PM             3,967 adv02nt5.dll
      04/13/2008  07:11 PM             4,255 adv01nt5.dll
      04/13/2008  07:11 PM             3,711 adv09nt5.dll
      04/13/2008  07:11 PM            14,143 atv06nt5.dll
      04/13/2008  07:11 PM            25,471 atv04nt5.dll
      04/13/2008  07:11 PM            11,359 atv02nt5.dll
      04/13/2008  07:11 PM            15,423 ch7xxnt5.dll
      04/13/2008  07:11 PM            21,183 atv01nt5.dll
      04/13/2008  07:11 PM            17,279 atv10nt5.dll
      04/13/2008  07:11 PM            21,504 hidserv.dll
      04/13/2008  07:12 PM             3,901 siint5.dll
      04/13/2008  07:12 PM            11,325 vchnt5.dll
      04/13/2008  07:13 PM            40,840 termdd.sys
      04/13/2008  07:13 PM            12,040 tdpipe.sys
      04/13/2008  07:13 PM            21,896 tdtcp.sys
      04/13/2008  07:13 PM           139,656 rdpwd.sys
      05/08/2008  09:02 AM           203,136 rmcast.sys
      06/02/2008  06:01 PM            64,144 NEOFLTR_550_13237.sys
      06/13/2008  06:05 AM           272,128 bthport.sys
      06/19/2008  06:07 PM           306,299 CVPNDRVA.sys
      06/20/2008  06:51 AM           361,600 tcpip.sys
      08/14/2008  05:04 AM           138,496 afd.sys
      12/17/2008  04:02 PM                20 SymRedir.cat
      12/17/2008  04:02 PM             1,133 SymRedir.inf
      12/17/2008  04:20 PM            12,680 symdns.sys
      12/17/2008  04:20 PM            99,208 symfw.sys
      12/17/2008  04:20 PM            28,040 symndis.sys
      12/17/2008  04:20 PM            31,624 symids.sys
      12/17/2008  04:20 PM            23,944 symredrv.sys
      12/17/2008  04:20 PM           188,808 symtdi.sys
      05/09/2009  01:14 AM            14,736 nuidfltr.sys
      05/18/2009  03:17 PM            26,600 GEARAspiWDM.sys
      06/24/2009  06:18 AM            92,928 ksecdd.sys
      10/16/2009  02:33 AM            41,472 usbaapl.sys
      10/20/2009  11:20 AM           265,728 http.sys
      12/31/2009  11:50 AM           353,792 srv.sys
      02/11/2010  07:02 AM           226,880 tcpip6.sys
      02/16/2010  09:04 PM            95,024 SBREDrv.sys
      02/24/2010  08:11 AM           455,680 mrxsmb.sys
      02/27/2010  03:20 PM           123,952 SYMEVENT.SYS
      02/27/2010  03:20 PM               805 SYMEVENT.INF
      02/27/2010  03:20 PM            10,671 SYMEVENT.CAT
      04/20/2010  04:13 AM           228,216 OADriver.sys
      04/20/2010  04:13 AM            29,560 OAnet.sys
      04/20/2010  04:13 AM            24,440 OAmon.sys
      04/29/2010  03:39 PM            20,952 mbam.sys
      04/29/2010  03:39 PM            38,224 mbamswissarmy.sys
      06/20/2010  10:08 AM            64,288 Lbd.sys
      06/28/2010  02:42 PM    <DIR>          .
      06/28/2010  02:42 PM    <DIR>          ..
                   335 File(s)     35,216,096 bytes
                     5 Dir(s)  23,335,473,152 bytes free
       
       
      Virtual drives found?
       
       
       
      Environment variables
       
      ALLUSERSPROFILE=C:\Documents and Settings\All Users
      APPDATA=C:\Documents and Settings\pam.D6813\Application Data
      asl.log=Destination=file;OnFirstLog=command,environment
      CLASSPATH=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
      CommonProgramFiles=C:\Program Files\Common Files
      COMPUTERNAME=MADCAT
      ComSpec=C:\WINDOWS\system32\cmd.exe
      FP_NO_HOST_CHECK=NO
      HOMEDRIVE=C:
      HOMEPATH=\Documents and Settings\pam.D6813
      LOGONSERVER=\\MADCAT
      NUMBER_OF_PROCESSORS=2
      OS=Windows_NT
      Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
      PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
      PROCESSOR_ARCHITECTURE=x86
      PROCESSOR_IDENTIFIER=x86 Family 15 Model 35 Stepping 2, AuthenticAMD
      PROCESSOR_LEVEL=15
      PROCESSOR_REVISION=2302
      ProgramFiles=C:\Program Files
      PROMPT=$P$G
      QTJAVA=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
      SESSIONNAME=Console
      SystemDrive=C:
      SystemRoot=C:\WINDOWS
      TEMP=C:\DOCUME~1\PAM~1.D68\LOCALS~1\Temp
      TMP=C:\DOCUME~1\PAM~1.D68\LOCALS~1\Temp
      USERDOMAIN=MADCAT
      USERNAME=pam
      USERPROFILE=C:\Documents and Settings\pam.D6813
      windir=C:\WINDOWS
       
       
      Stealth malware?
       
       
      Internet Explorer
       

      ! REG.EXE VERSION 3.0

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
          Default_Page_URL   REG_SZ   http://go.microsoft.com/fwlink/?LinkId=69157
          Default_Search_URL   REG_SZ   http://go.microsoft.com/fwlink/?LinkId=54896
          Search Page   REG_SZ   http://go.microsoft.com/fwlink/?LinkId=54896
          Enable_Disk_Cache   REG_SZ   yes
          Cache_Percent_of_Disk   REG_BINARY   0A000000
          Delete_Temp_Files_On_Exit   REG_SZ   yes
          Local Page   REG_SZ   C:\WINDOWS\system32\blank.htm
          Anchor_Visitation_Horizon   REG_BINARY   01000000
          Use_Async_DNS   REG_SZ   yes
          Placeholder_Width   REG_BINARY   1A000000
          Placeholder_Height   REG_BINARY   1A000000
          Start Page   REG_SZ   http://go.microsoft.com/fwlink/?LinkId=69157
          CompanyName   REG_SZ   Microsoft Corporation
          Custom_Key   REG_SZ   MICROSO
          Wizard_Version   REG_SZ   6.0.2600.0000
          FullScreen   REG_SZ   no
          Default_Secondary_Page_URL   REG_MULTI_SZ   \0
          Extensions Off Page   REG_SZ   about:NoAdd-ons
          Security Risk Page   REG_SZ   about:SecurityRisk
          Check_Associations   REG_SZ   yes

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\ErrorThresholds

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\UrlTemplate

      ! REG.EXE VERSION 3.0

      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
          User Agent   REG_SZ   Mozilla/4.0 (compatible; MSIE 8.0; Win32)
          IE5_UA_Backup_Flag   REG_SZ   5.0
          NoNetAutodial   REG_DWORD   0x1
          MigrateProxy   REG_DWORD   0x1
          EnableNegotiate   REG_DWORD   0x1
          EmailName   REG_SZ   IEUser@
          AutoConfigProxy   REG_SZ   wininet.dll
          MimeExclusionListForCache   REG_SZ   multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
          WarnOnPost   REG_BINARY   01000000
          UseSchannelDirectly   REG_BINARY   01000000
          EnableHttp1_1   REG_DWORD   0x1
          PrivacyAdvanced   REG_DWORD   0x0
          ProxyEnable   REG_DWORD   0x0
          UrlEncoding   REG_DWORD   0x0
          SecureProtocols   REG_DWORD   0xa0
          PrivDiscUiShown   REG_DWORD   0x1
          ZonesSecurityUpgrade   REG_BINARY   6C6F91C794F7C901
          DisableCachingOfSSLPages   REG_DWORD   0x0
          WarnonZoneCrossing   REG_DWORD   0x0
          ProxyOverride   REG_SZ   <local>;*.local

      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0

      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache

      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones

      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P

      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport

      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies

      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap

      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

      ! REG.EXE VERSION 3.0

      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
          NoUpdateCheck   REG_DWORD   0x1
          NoJITSetup   REG_DWORD   0x1
          Disable Script Debugger   REG_SZ   yes
          Show_ChannelBand   REG_SZ   No
          Anchor Underline   REG_SZ   yes
          Cache_Update_Frequency   REG_SZ   Once_Per_Session
          Display Inline Images   REG_SZ   yes
          Do404Search   REG_BINARY   01000000
          Local Page   REG_SZ   C:\WINDOWS\system32\blank.htm
          Save_Session_History_On_Exit   REG_SZ   no
          Show_FullURL   REG_SZ   no
          Show_StatusBar   REG_SZ   yes
          Show_ToolBar   REG_SZ   yes
          Show_URLinStatusBar   REG_SZ   yes
          Show_URLToolBar   REG_SZ   yes
          Start Page   REG_SZ   http://www.google.com/
          Use_DlgBox_Colors   REG_SZ   yes
          Search Page   REG_SZ   http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
          XMLHTTP   REG_DWORD   0x1
          UseClearType   REG_SZ   yes
          Enable Browser Extensions   REG_SZ   yes
          Play_Background_Sounds   REG_SZ   yes
          Play_Animations   REG_SZ   yes
          Window Title   REG_SZ   Windows Internet Explorer provided by Qwest
          Default_Secondary_Page_URL   REG_MULTI_SZ   http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome\0\0
          Default_Page_URL   REG_SZ   http://qwest.live.com
          SearchDefaultBranded   REG_DWORD   0x1
          Search Bar

      Dr Jay

      • Malware Removal Specialist


      • Specialist
      • Moderator emeritus
      • Thanked: 119
      • Experience: Guru
      • OS: Windows 10
      Re: Please help with malware infection
      « Reply #3 on: June 28, 2010, 08:45:37 PM »
      You did not post a full log.

      Was the scanner stopped? Or did you not post all the info?

      Please re-run it and post a new log.
      ~Dr Jay

      tongp

        Topic Starter


        Greenhorn

        Re: Please help with malware infection
        « Reply #4 on: June 29, 2010, 03:04:33 PM »
        Sorry, let me try again (posting log from where the last one left off....)

            Search Bar   REG_SZ   http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
            SearchAssistant   REG_SZ   http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
            CompatibilityFlags   REG_DWORD   0x0
            IE8TourNoShow   REG_DWORD   0x1
            FullScreen   REG_SZ   no
            Window_Placement   REG_BINARY   2C0000000200000003000000FFFFFFFFFFFFFFF FFFFFFFFFFFFFFFFF2C0100002C0100004C0400 00AC030000
            IE8RunOnceLastShown   REG_DWORD   0x1
            IE8RunOnceLastShown_TIMESTAMP   REG_BINARY   3B58F6121016CB01
            NotifyDownloadComplete   REG_SZ   yes
            Check_Associations   REG_SZ   no
            Use FormSuggest   REG_SZ   no

        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default Feeds

        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch

        ! REG.EXE VERSION 3.0

        HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search
            SearchAssistant   REG_SZ   http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
            CustomizeSearch   REG_SZ   http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

        ! REG.EXE VERSION 3.0

        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
            {CFBFAE00-17A6-11D0-99CB-00C04FD64497}   REG_SZ   

        ! REG.EXE VERSION 3.0

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31816979-F864-4acf-919F-D0B3B56432E6}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E12A882B-F14F-4440-9BC0-84A5EB766605}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

        ! REG.EXE VERSION 3.0

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
            {EF99BD32-C1FB-11D2-892F-0090271D4F88}   REG_BINARY   00
            {47833539-D0C5-4125-9FA8-0819E2EAAC93}   REG_BINARY   00
            {21FA44EF-376D-4D53-9B0F-8A89D3229068}   REG_BINARY   00
            {1BB22D38-A411-4B13-A746-C2A4F4EC7344}   REG_BINARY   00
            {6F60C5C5-61B3-4378-8902-ED9497663AC9}   REG_SZ   DictateBar

        ! REG.EXE VERSION 3.0

        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt

        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Append Link Target to Existing PDF

        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Append to Existing PDF

        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Convert Link Target to Adobe PDF

        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Convert to Adobe PDF

        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel

        HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...
         
         
        Protocol hijack?
         
         
         
        Security Center
         

        ! REG.EXE VERSION 3.0

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
            FirstRunDisabled   REG_DWORD   0x1
            AntiVirusDisableNotify   REG_DWORD   0x0
            FirewallDisableNotify   REG_DWORD   0x0
            UpdatesDisableNotify   REG_DWORD   0x0
            AntiVirusOverride   REG_DWORD   0x0
            FirewallOverride   REG_DWORD   0x0

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring

        ! REG.EXE VERSION 3.0

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall

        ! REG.EXE VERSION 3.0

        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications

        ! REG.EXE VERSION 3.0

        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
            EnableFirewall   REG_DWORD   0x0
            DoNotAllowExceptions   REG_DWORD   0x0
            DisableNotifications   REG_DWORD   0x0

        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications

        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts

        ! REG.EXE VERSION 3.0

        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
            %windir%\system32\sessmgr.exe   REG_SZ   %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
            %windir%\Network Diagnostic\xpnetdiag.exe   REG_SZ   %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
            C:\Program Files\Invitrogen\Vector NTI Advance 10\Vector NTI 10.exe   REG_SZ   C:\Program Files\Invitrogen\Vector NTI Advance 10\Vector NTI 10.exe:*:Enabled:Vector NTI 10.0.1
            C:\Program Files\Mozilla Firefox\firefox.exe   REG_SZ   C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
            C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE   REG_SZ   C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE:*:Enabled:Microsoft Office Word
            C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE   REG_SZ   C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE:*:Enabled:Microsoft Office Excel
            C:\WINDOWS\system32\lxdecoms.exe   REG_SZ   C:\WINDOWS\system32\lxdecoms.exe:*:Enabled:4800 Series Server
            C:\Program Files\Lexmark 4800 Series\lxdemon.exe   REG_SZ   C:\Program Files\Lexmark 4800 Series\lxdemon.exe:*:Enabled:Printer Device Monitor
            C:\Documents and Settings\Pam\Local Settings\Temp\lxde\wireless\ENGLISH\lxdewpss.exe   REG_SZ   C:\Documents and Settings\Pam\Local Settings\Temp\lxde\wireless\ENGLISH\lxdewpss.exe:*:Enabled:
            C:\WINDOWS\system32\lxdecfg.exe   REG_SZ   C:\WINDOWS\system32\lxdecfg.exe:*:Enabled:Printer Communication System
            C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdepswx.exe   REG_SZ   C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdepswx.exe:*:Enabled:Printer Status Window Interface
            C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdetime.exe   REG_SZ   C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdetime.exe:*:Enabled:Lexmark Connect Time Executable
            C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdejswx.exe   REG_SZ   C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdejswx.exe:*:Enabled:Job Status Window Interface
            C:\Program Files\Lexmark 4800 Series\frun.exe   REG_SZ   C:\Program Files\Lexmark 4800 Series\frun.exe:*:Enabled:Printing Application
            C:\Program Files\Lexmark 4800 Series\app4r.exe   REG_SZ   C:\Program Files\Lexmark 4800 Series\app4r.exe:*:Enabled:Lexmark Productivity Studio
            C:\WINDOWS\twain_32\escndv\escndv.exe   REG_SZ   C:\WINDOWS\twain_32\escndv\escndv.exe:*:Disabled:EPSON Scan
            C:\Documents and Settings\Pam\My Documents\refworks\RWDesktop.exe   REG_SZ   C:\Documents and Settings\Pam\My Documents\refworks\RWDesktop.exe:*:Enabled:RWDesktop
            C:\Program Files\Windows Live\Messenger\wlcsdk.exe   REG_SZ   C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
            C:\Program Files\Windows Live\Messenger\msnmsgr.exe   REG_SZ   C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
            C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe   REG_SZ   C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync
            C:\WINDOWS\system32\lxdicoms.exe   REG_SZ   C:\WINDOWS\system32\lxdicoms.exe:*:Enabled:3500-4500 Series Server
            C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe   REG_SZ   C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe:*:Enabled:Device Monitor
            C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe   REG_SZ   C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe:*:Enabled:Device Monitor Application
            C:\Program Files\Lexmark 3500-4500 Series\App4R.exe   REG_SZ   C:\Program Files\Lexmark 3500-4500 Series\App4R.exe:*:Enabled:Printing Application
            C:\Documents and Settings\Pam\Local Settings\Temp\lxdi\wireless\ENGLISH\lxdiwpss.exe   REG_SZ   C:\Documents and Settings\Pam\Local Settings\Temp\lxdi\wireless\ENGLISH\lxdiwpss.exe:*:Enabled:
            C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdewbgw.exe   REG_SZ   C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdewbgw.exe:*:Enabled:Lexmark Web Gateway
            C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe   REG_SZ   C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe:*:Enabled:Secure Application Manager Proxy
            C:\Program Files\Qwest\QuickConnect\QuickConnect.exe   REG_SZ   C:\Program Files\Qwest\QuickConnect\QuickConnect.exe:*:Enabled:QuickConnect
            C:\Program Files\Bonjour\mDNSResponder.exe   REG_SZ   C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service
            C:\Program Files\iTunes\iTunes.exe   REG_SZ   C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
         
         
        Uninstall List
         

        ! REG.EXE VERSION 3.0

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
            <NO NAME>   REG_SZ   

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\53F13DB4D9611FD63BE580F06F0729BF236ABE68

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Aware

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Aware SE Professional

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Illustrator CS2

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe SVG Viewer

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Branding

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectAnimation

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EndNote

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EPSON Printer and Utilities

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICW

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IDNMitigationAPIs

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ie7

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ie8

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InterActual Player

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISI ResearchSoft - Export Helper

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Java Web Start

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB884016

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB884267

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB885353

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB886612

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB887078

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB887626

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB888656

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB889858

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB891122

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB892313

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893240

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893241

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893803

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895181

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895316

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895572

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB897586

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB898549

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB900399

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB902344

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB907658

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB909520

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911564

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911565

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911854

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB917734_WMP10

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB923561

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB923689

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB923789

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB925398_WMP64

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB929399

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB931906

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB936782_WMP11

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB938464

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB939683

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB941569

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB946648

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950759

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950760

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950762

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950974

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951066

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951072-v2

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951376

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951376-v2

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951698

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951748

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951978

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952004

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952069_WM9

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952287

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952954

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB953838

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB953839

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954154_WM11

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954155_WM9

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954211

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954459

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954550-v5

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954600

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954708

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955069

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955759

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955839

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956390

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956391

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956572

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956744

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956802

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956803

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956841

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956844

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB957095

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB957097

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958215

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958644

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958687

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958690

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958869

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB959426

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB959772_WM11

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960225

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960714

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960715

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960803

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960859

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961118

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961371

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961373

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961501

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961503

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB963027

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB967715

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB968389

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB968537

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB968816_WM9

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969059

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969897

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969897-IE8

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969898

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969947

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB970238

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB970430

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB970653-v3

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971180-IE8

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971468

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971486

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971557

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971633

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971657

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971737

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971961-IE8

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB972260-IE8

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB972270

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973346

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973354

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973507

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973525

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973540_WM9

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973687

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973815

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973869

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973904

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974112

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974318

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974392

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974455-IE8

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974571

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975025

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975467

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975560

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975561

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975713

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976098-v2

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976325-IE8

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976662-IE8

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976749-IE8

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB977165

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB977816

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB977914

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978037

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978207-IE8

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978251

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978262

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978338

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978542

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978601

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978706

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979306

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979309

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979683

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980182-IE8

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980232

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB981332-IE8

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB981793

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lexmark 3500-4500 Series

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lexmark 4800 Series

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lexmark Fax Solutions

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveUpdate

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\M953297

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 1.1  (1033)

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 3.5 SP1

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (3.5.10)

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird (3.0.1)

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSCompPackV1

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta1

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta2

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-KB884016

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC1

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC2

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30a-KB884016

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-Beta

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-RC1

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Neoteris_Secure_Application_Manager

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetMeeting

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Netscape (7.2)

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NLSDownlevelMapping

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIA Drivers

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OLYMPUS FV1000

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OLYMPUS FV1000 Viewer

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OnlineArmor_is1

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OutlookExpress

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCHealth

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pdf995

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PdfEdit995

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QwestQuickCare_is1

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\R (D)COM Server_is1

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\R for Windows_is1

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegSupreme_is1

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rhapsody

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SAM for Excel (Academic Version)_is1

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sevinst

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Silent Package Run-Time Sample

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Stanford Tools_is1

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TaxCut Premium 2006

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TBSB07183.TBSB07183Toolbar

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wdf01000

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wdf01001

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wdf01005

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WGA

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WgaNotify

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Format Runtime

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Player

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows XP Service Pack

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuite_Wave3

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WMCSetup

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WMFDist11

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wmp11

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Write-N-Cite

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wudf01000

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\xp-AntiSpy

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Anti-Spy

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00203668-8170-44A0-BE44-B632FA4D780F}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0134A1A1-C283-4A47-91A1-92F19F960372}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0AAA9C97-74D4-47CE-B089-0B147EF3553C}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0B073228-62C7-41A6-84EC-9D6DD9A28E4D}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0C826C5B-B131-423A-A229-C71B3CACCD6A}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0CB9668D-F979-4F31-B8B8-67FE90F929F8}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0CDE246F-1197-4374-91BE-1C8927755298}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0FC497E5-4EC1-4FE7-98C0-9AF57021F818}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15A5F982-D731-4432-9A06-83624CC23AE7}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{205C6BDD-7B73-42DE-8505-9A093F35A238}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{20FEBEA9-A318-4339-B8FA-7755FED22A93}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{236BB7C4-4419-42FD-0409-1E257A25E34D}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216013FB}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216014FB}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216015FB}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216017FB}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216020FF}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2A6F1DE4-47DA-4452-8C90-5F3D4813C6DD}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2CCBABCB-6427-4A55-B091-49864623C43F}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3101CB58-3482-4D21-AF1A-7057FC935355}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{338F08AB-C262-42C7-B000-34DE1A475273}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3B4E636E-9D65-4D67-BA61-189800823F52}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3C52E7DA-C431-4239-B66B-1BF703D5B194}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{43224D30-5941-47A4-9AD7-9250EE794396}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{45A66726-69BC-466B-A7A4-12FCBA4883D7}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4998FF95-709A-430A-B104-92A009ABB848}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{51F96AEC-D902-4434-A0DC-B9692A21AE7C}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{693EF7BC-C5CA-43E6-AFA8-1F3FB63A8D92}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6E04A7BF-65E9-4B74-85A0-929B100E1D04}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{770657D0-A123-3C07-8E44-1C83EC895118}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{77DCDCE3-2DED-62F3-8154-05E745472D07}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7AB3A249-FB81-416B-917A-A2A10E74C503}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7F72902B-5166-4522-8610-76BD903F8584}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{81BF6FB0-34E7-4897-A544-61AA6C3B1284}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{85991ED2-010C-4930-96FA-52F43C2CE98A}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{886C92E6-4AF1-4290-BB86-4B5064A1BB7D}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8EDBA74D-0686-4C99-BFDD-F894678E5B39}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90110409-6000-11D3-8CFE-0150048383C9}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0020-0409-0000-0000000FF1CE}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92C5DB3D-9D6F-4324-BB11-57825F4C2635}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{95120000-00B9-0409-0000-0000000FF1CE}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9611D325-5333-4415-8338-CA957D8564D0}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9876E8C6-F8D7-4F43-84D3-B97D177F9466}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{995F1E2E-F542-4310-8E1D-9926F5A279B3}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9F91B6C4-E892-4978-A571-B5A32BC2082C}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB958483

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A49F249F-0C91-497F-86DF-B2585E8E76B7}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A7091E1D-36A4-47F1-A739-173CC341414F}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-1033-F400-7760-000000000004}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-1033-F400-7760-000000000004}_932

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-A93000000001}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AFAC914D-9E83-4A89-8ABE-427521C82CCF}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B017026E-FC02-4CD4-A848-52447D60676B}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2D328BE-45AD-4D92-96F9-2151490A203E}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B74D4E10-6884-0000-0000-000000000103}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BB8B979E-E336-47E7-96BC-1031C1B94561}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BCE72AED-3332-4863-9567-C5DCB9052CA2}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C04E32E0-0416-434D-AFB9-6969D703A9EF}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB200003

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB431780

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB946922

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB947748

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB949272

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952137

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952677

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953300

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953990

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB954832

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB956860

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957541

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957542

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957543

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958129

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958481

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB960043

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB974417

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C190CB55-817E-4713-84F4-0BBB8961CED9}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C6AA3FB7-804F-4808-AD91-B62D6ED9B788}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C6CA8874-5F22-4AF0-9BE3-016BF299C536}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB350003

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB960043

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D6E92BCC-717B-4B2A-A82E-8368D4B5F45F}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D7A6C517-11F2-419F-B5BB-27772B939698}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E0000600-0600-0600-0600-000000000600}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9787678-1033-0000-8E67-000000000001}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EA19EDB3-DF71-448F-AFBF-1EEB3ACB9B31}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EBC91840-41E1-4CC3-AC11-0B889546223C}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EFCE5837-FC21-11D6-9D24-00010240CE95}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F02CF4B0-05EC-4938-A8D2-F739AF3B4363}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F060A75A-9D6E-46F5-A9E6-7B513F4F44FB}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F333A33D-125C-32A2-8DCE-5C5D14231E27}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F6BD194C-4190-4D73-B1B1-C48C99921BFE}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F7B0939E-58DF-11DF-B3A6-005056806466}

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F855C3AE-992D-4B84-A09D-07103CDCDAC2}

        ! REG.EXE VERSION 3.0

        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
         
         
        Adobe Products
         

        ! REG.EXE VERSION 3.0

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX
            DisplayName   REG_SZ   Adobe Flash Player 10 ActiveX
            DisplayVersion   REG_SZ   10.0.32.18
            Publisher   REG_SZ   Adobe Systems Incorporated
            URLInfoAbout   REG_SZ   http://www.adobe.com/go/getflashplayer
            VersionMajor   REG_SZ   10
            VersionMinor   REG_SZ   0
            HelpLink   REG_SZ   http://www.adobe.com/go/flashplayer_support/
            URLUpdateInfo   REG_SZ   http://www.adobe.com/go/flashplayer/
            DisplayIcon   REG_SZ   C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
            UninstallString   REG_SZ   C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
            RequiresIESysFile   REG_SZ   4.70.0.1155
            NoModify   REG_DWORD   0x1
            NoRepair   REG_DWORD   0x1

        ! REG.EXE VERSION 3.0

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin
            DisplayName   REG_SZ   Adobe Flash Player 10 Plugin
            DisplayVersion   REG_SZ   10.0.42.34
            Publisher   REG_SZ   Adobe Systems Incorporated
            URLInfoAbout   REG_SZ   http://www.adobe.com/go/getflashplayer
            DisplayIcon   REG_SZ   C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
            UninstallString   REG_SZ   C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
            NoModify   REG_DWORD   0x1
            NoRepair   REG_DWORD   0x1
         
         
        Autorun
         

        ! REG.EXE VERSION 3.0

        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
            ctfmon.exe   REG_SZ   C:\WINDOWS\system32\ctfmon.exe

        ! REG.EXE VERSION 3.0

        HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
            NVMixerTray   REG_SZ   "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
            NvCplDaemon   REG_SZ   RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
            nwiz   REG_SZ   nwiz.exe /install
            amd_dc_opt   REG_SZ   "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
            Acronis Scheduler2 Service   REG_SZ   "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
            PDDM   REG_SZ   C:\Program Files\PatchLink\Update Agent\pddm.exe
            Kernel and Hardware Abstraction Layer   REG_SZ   KHALMNPR.EXE
            masqform.exe   REG_SZ   C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
            EPSON Stylus CX5800F Series   REG_SZ   C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE /P27 "EPSON Stylus CX5800F Series" /O6 "USB003" /M "Stylus CX5800F"
            lxdemon.exe   REG_SZ   "C:\Program Files\Lexmark 4800 Series\lxdemon.exe"
            lxdeamon   REG_SZ   "C:\Program Files\Lexmark 4800 Series\lxdeamon.exe"
            FaxCenterServer   REG_SZ   "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
            KernelFaultCheck   REG_EXPAND_SZ   %systemroot%\system32\dumprep 0 -k
            Adobe Acrobat Speed Launcher   REG_SZ   "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
            <NO NAME>   REG_SZ   
            Acrobat Assistant 8.0   REG_SZ   "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
            AppleSyncNotifier   REG_SZ   C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
            QuickCare   REG_SZ   C:\Program Files\Qwest\Quickcare\bin\sprtcmd.exe /P QuickCare
            lxdimon.exe   REG_SZ   "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
            lxdiamon   REG_SZ   "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
            Adobe ARM   REG_SZ   "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
            Adobe Reader Speed Launcher   REG_SZ   "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
            ccApp   REG_SZ   "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
            vptray   REG_SZ   C:\PROGRA~1\SYMANT~1\VPTray.exe
            QuickTime Task   REG_SZ   "C:\Program Files\QuickTime\qttask.exe" -atboottime
            @OnlineArmor GUI   REG_SZ   "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
            SunJavaUpdateSched   REG_SZ   "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
            iTunesHelper   REG_SZ   "C:\Program Files\iTunes\iTunesHelper.exe"

        HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
         
         
        Restrictions - Internet Explorer
         
         
         
        Restrictions - REGEDIT
         
         
         
        Restrictions - Explorer
         

        ! REG.EXE VERSION 3.0

        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
            NoDriveTypeAutoRun   REG_DWORD   0x91
         
         
        DNS Settings
         

        ! REG.EXE VERSION 3.0

        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces

        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{03B50D87-4503-4D8B-B890-3017C5B93E32}

        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{235DE593-39DE-4432-A5DD-BD7AB7E0A060}

        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{54401D30-6C81-4644-8B5A-F494A22B6BDB}

        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5E927268-3244-4D06-8CF1-58F3655CBDAA}

        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{88F59465-7181-4D2A-8EE4-6C271F29548F}

        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{948B4B93-8E80-4B67-BA54-CDDD6C2D1D41}

        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F82E3A97-0768-471B-88AD-5640556FEC05}


        Windows IP Configuration



                Host Name . . . . . . . . . . . . : MadCat

                Primary Dns Suffix  . . . . . . . :

                Node Type . . . . . . . . . . . . : Hybrid

                IP Routing Enabled. . . . . . . . : No

                WINS Proxy Enabled. . . . . . . . : No

                DNS Suffix Search List. . . . . . : domain.actdsltmp



        Ethernet adapter Local Area Connection:



                Connection-specific DNS Suffix  . : domain.actdsltmp

                Description . . . . . . . . . . . : NVIDIA nForce Networking Controller

                Physical Address. . . . . . . . . : 00-50-8D-DB-9E-34

                Dhcp Enabled. . . . . . . . . . . : Yes

                Autoconfiguration Enabled . . . . : Yes

                IP Address. . . . . . . . . . . . : 192.168.0.7

                Subnet Mask . . . . . . . . . . . : 255.255.255.0

                Default Gateway . . . . . . . . . : 192.168.0.1

                DHCP Server . . . . . . . . . . . : 192.168.0.1

                DNS Servers . . . . . . . . . . . : 192.168.0.1

                                                    205.171.3.25

                Primary WINS Server . . . . . . . : 128.101.246.10

                Lease Obtained. . . . . . . . . . : Monday, June 28, 2010 3:23:23 PM

                Lease Expires . . . . . . . . . . : Tuesday, June 29, 2010 3:23:23 PM

         
         
        AppInit DLLs
         

        ! REG.EXE VERSION 3.0

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

         
         
        Shell Service Object Delay Load
         

        ! REG.EXE VERSION 3.0

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
            PostBootReminder   REG_SZ   {7849596a-48ea-486e-8937-a2a3009f31a9}
            CDBurn   REG_SZ   {fbeb8a05-beee-4442-804e-409d6c4515e9}
            WebCheck   REG_SZ   {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
            SysTray   REG_SZ   {35CEC8A3-2BE6-11D2-8773-92E220524153}
            WPDShServiceObj   REG_SZ   {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
         
         
         
        Shell Execute Hooks
         

        ! REG.EXE VERSION 3.0

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
            {AEB6717E-7E19-11d0-97EE-00C04FD91972}   REG_SZ   
            {4F07DA45-8170-4859-9B5F-037EF2970034}   REG_SZ   OA Shell Helper
            {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}   REG_SZ   
         
         
        Image File Execution Options
         

        ! REG.EXE VERSION 3.0

        HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

        HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apitrap.dll

        HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASSTE.dll

        HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSTE.dll

        HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleanup.dll

        HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe

        HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.dll

        HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divxdec.ax

        HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DJSMAR00.dll

        HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRMINST.dll

        HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE

        HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncodeDivXExt.dll

        HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncryptPatchVer.dll

        HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe

        HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fullsoft.dll

        HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBROWSER.DLL

        HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmarq.ocx

        HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmm.ocx

        HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image

        tongp

          Topic Starter


          Greenhorn

          Re: Please help with malware infection
          « Reply #5 on: June 29, 2010, 03:07:31 PM »
          HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe

          HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishscan.dll

          HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISSTE.dll

          HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\javai.dll

          HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm.dll

          HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm_g.dll

          HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\main123w.dll

          HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe

          HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msci_uno.dll

          HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll

          HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvr.dll

          HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll

          HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msjava.dll

          HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mso.dll

          HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVOPTRF.dll

          HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeVideoFX.dll

          HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPMLIC.dll

          HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSWSTE.dll

          HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE

          HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMSTE.dll

          HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppw32hlp.dll

          HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE

          HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE

          HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE

          HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe

          HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qfinder.EXE

          HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE

          HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\salwrap.dll

          HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe

          HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll

          HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sevinst.exe

          HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcnet.dll

          HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcore_ebook.dll

          HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFDTCTT8.DLL

          HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE

          HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udtapi.dll

          HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ums.dll

          HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb40032.dll

          HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbe6.dll

          HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE

          HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xlmlEN.dll

          HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE

          HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path

          HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE
           
           
          Security Providers
           
           
           
          Local Security Authority
           

          ! REG.EXE VERSION 3.0

          HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
              Authentication Packages   REG_MULTI_SZ   msv1_0\0\0
              Bounds   REG_BINARY   0030000000200000
              Security Packages   REG_MULTI_SZ   kerberos\0msv1_0\0schannel\0wdigest\0\0
              ImpersonatePrivilegeUpgradeToolHasRun   REG_DWORD   0x1
              LsaPid   REG_DWORD   0x36c
              SecureBoot   REG_DWORD   0x1
              auditbaseobjects   REG_DWORD   0x0
              crashonauditfail   REG_DWORD   0x0
              disabledomaincreds   REG_DWORD   0x0
              everyoneincludesanonymous   REG_DWORD   0x0
              fipsalgorithmpolicy   REG_DWORD   0x0
              forceguest   REG_DWORD   0x1
              fullprivilegeauditing   REG_BINARY   00
              limitblankpassworduse   REG_DWORD   0x1
              lmcompatibilitylevel   REG_DWORD   0x5
              nodefaultadminowner   REG_DWORD   0x1
              nolmhash   REG_DWORD   0x1
              restrictanonymous   REG_DWORD   0x1
              restrictanonymoussam   REG_DWORD   0x1
              Notification Packages   REG_MULTI_SZ   scecli\0\0

          HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders

          HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit

          HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data

          HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG

          HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD

          HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos

          HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\MSV1_0

          HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1

          HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO

          HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache
           
           
          AppCert DLLs
           
           
           
          App Paths
           

          ! REG.EXE VERSION 3.0

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Acrobat.exe
              Path   REG_SZ   C:\Program Files\Adobe\Acrobat 9.0\Acrobat\
              <NO NAME>   REG_SZ   C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\AcrobatInfo.exe
              Path   REG_SZ   C:\Program Files\Adobe\Acrobat 9.0\Acrobat\
              <NO NAME>   REG_SZ   C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcrobatInfo.exe

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\AcroDist.exe
              Path   REG_SZ   C:\Program Files\Adobe\Acrobat 9.0\Acrobat\
              <NO NAME>   REG_SZ   C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroDist.exe

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\AcroRd32.exe
              <NO NAME>   REG_SZ   C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
              Path   REG_SZ   C:\Program Files\Adobe\Reader 9.0\Reader\

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ahc.exe
              Path   REG_SZ   C:\Program Files\Adobe\Adobe Help Center\
              <NO NAME>   REG_SZ   C:\Program Files\Adobe\Adobe Help Center\ahc.exe

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Bridge.exe
              <NO NAME>   REG_SZ   C:\Program Files\Adobe\Adobe Bridge\Bridge.exe
              Path   REG_SZ   C:\Program Files\Adobe\Adobe Bridge\

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ccApp.exe
              PATH   REG_SZ   C:\Program Files\Common Files\Symantec Shared\;
              <NO NAME>   REG_SZ   C:\Program Files\Common Files\Symantec Shared\ccApp.exe

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ccleaner.exe
              <NO NAME>   REG_SZ   C:\Program Files\CCleaner\ccleaner.exe
              Path   REG_SZ   C:\Program Files\CCleaner

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\chrome.exe
              Path   REG_SZ   C:\Program Files\Google\Chrome\Application
              <NO NAME>   REG_SZ   C:\Program Files\Google\Chrome\Application\chrome.exe

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\cmmgr32.exe
              Path   REG_SZ   C:\WINDOWS\system32
              CmstpExtensionDll   REG_SZ   C:\WINDOWS\system32\cmcfg32.dll
              CMInternalVersion   REG_SZ   1.2
              CmNative   REG_DWORD   0x1
              ProfilesUpgraded   REG_DWORD   0x2

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CONF.EXE
              <NO NAME>   REG_SZ   C:\Program Files\NetMeeting\conf.exe
              Path   REG_SZ   C:\Program Files\NetMeeting;

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\EN6Demo.EXE
              <NO NAME>   REG_SZ   C:\Program Files\EndNote\EndNote6.exe
              Path   REG_SZ   C:\Program Files\EndNote

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\EndNote6.EXE
              <NO NAME>   REG_SZ   C:\Program Files\EndNote\EndNote6.exe
              Path   REG_SZ   C:\Program Files\EndNote

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\excel.exe
              Path   REG_SZ   C:\Program Files\Microsoft Office\OFFICE11\
              <NO NAME>   REG_SZ   C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE
              SaveURL   REG_SZ   1
              useURL   REG_SZ   1

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\faxctr.exe
              Path   REG_SZ   C:\Program Files\Lexmark Fax Solutions
              <NO NAME>   REG_SZ   C:\Program Files\Lexmark Fax Solutions\faxctr.exe

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\firefox.exe
              <NO NAME>   REG_SZ   C:\Program Files\Mozilla Firefox\firefox.exe
              Path   REG_SZ   C:\Program Files\Mozilla Firefox

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\FV10-ASW.exe
              Viewer   REG_SZ   C:\Program Files\OlympusMicro\FLUOVIEW Viewer
              Viewer_Version   REG_SZ   01.07.02.02

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\HELPCTR.EXE
              <NO NAME>   REG_SZ   C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ICWCONN1.EXE
              <NO NAME>   REG_SZ   "C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN1.EXE"
              Path   REG_SZ   C:\Program Files\Internet Explorer\Connection Wizard;

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ICWCONN2.EXE
              <NO NAME>   REG_SZ   "C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN2.EXE"
              Path   REG_SZ   C:\Program Files\Internet Explorer\Connection Wizard;

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\IEXPLORE.EXE
              <NO NAME>   REG_SZ   C:\Program Files\Internet Explorer\IEXPLORE.EXE
              Path   REG_SZ   C:\Program Files\Internet Explorer;

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Illustrator.exe
              Path   REG_SZ   C:\Program Files\Adobe\Adobe Illustrator CS2\Support Files\Contents\Windows
              <NO NAME>   REG_SZ   C:\Program Files\Adobe\Adobe Illustrator CS2\Support Files\Contents\Windows\Illustrator.exe

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ImageReady.exe
              Path   REG_SZ   C:\Program Files\Adobe\Adobe Photoshop CS2\
              <NO NAME>   REG_SZ   C:\Program Files\Adobe\Adobe Photoshop CS2\ImageReady.exe

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\INETWIZ.EXE
              <NO NAME>   REG_SZ   "C:\Program Files\Internet Explorer\Connection Wizard\INETWIZ.EXE"
              Path   REG_SZ   C:\Program Files\Internet Explorer\Connection Wizard;

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\install.exe
              RunAsOnNonAdminInstall   REG_DWORD   0x1
              BlockOnTSNonInstallMode   REG_DWORD   0x1

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InterActual Player

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InterActual Player\help

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InterActual Player\help\IA_help.htm
              Path   REG_SZ   C:\Program Files\InterActual
              <NO NAME>   REG_SZ   C:\Program Files\InterActual\InterActual Player\help\IA_help.htm

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InterActual Player\inuninst.exe
              Path   REG_SZ   C:\Program Files\InterActual
              <NO NAME>   REG_SZ   C:\Program Files\InterActual\InterActual Player\inuninst.exe

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InterActual Player\iPlayer.exe
              Path   REG_SZ   C:\Program Files\InterActual
              <NO NAME>   REG_SZ   C:\Program Files\InterActual\InterActual Player\iPlayer.exe

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\IPoint.exe
              Path   REG_SZ   C:\Program Files\Microsoft IntelliPoint\
              <NO NAME>   REG_SZ   "C:\Program Files\Microsoft IntelliPoint\IPoint.exe"

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ipsecdialer.exe
              Path   REG_SZ   C:\Program Files\Cisco Systems\VPN Client
              <NO NAME>   REG_SZ   C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ISIGNUP.EXE
              <NO NAME>   REG_SZ   "C:\Program Files\Internet Explorer\Connection Wizard\ISIGNUP.EXE"
              Path   REG_SZ   C:\Program Files\Internet Explorer\Connection Wizard;

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\iTunes.exe
              <NO NAME>   REG_SZ   C:\Program Files\iTunes\iTunes.exe

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\itype.exe
              Path   REG_SZ   C:\Program Files\Microsoft IntelliType Pro\
              <NO NAME>   REG_SZ   "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\javaw.Exe
              Path   REG_SZ   C:\Program Files\Java\j2re1.4.1_02\bin
              <NO NAME>   REG_SZ   C:\Program Files\Java\j2re1.4.1_02\bin\javaw.Exe

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\javaws.exe
              <NO NAME>   REG_SZ   C:\Program Files\Java\jre6\bin\javaws.exe
              Path   REG_SZ   C:\Program Files\Java\jre6\bin

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\LBTWiz.exe
              <NO NAME>   REG_SZ   C:\Program Files\Logitech\SetPoint\LBTWiz.exe
              Path   REG_SZ   C:\Program Files\Common Files\Logitech\Bluetooth

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\LUALL.EXE
              <NO NAME>   REG_SZ   C:\Program Files\Symantec\LiveUpdate\LUALL.EXE
              Path   REG_SZ   C:\Program Files\Symantec\LiveUpdate

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\masqform.exe
              Path   REG_SZ   C:\Program Files\PureEdge\Viewer 6.0
              <NO NAME>   REG_SZ   C:\Program Files\PureEdge\Viewer 6.0\masqform.exe

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mbam.exe
              <NO NAME>   REG_SZ   C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
              Path   REG_SZ   C:\Program Files\Malwarebytes' Anti-Malware

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\migwiz.exe
              <NO NAME>   REG_EXPAND_SZ   %SystemRoot%\system32\usmt\migwiz.exe

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MM.EXE
              Path   REG_SZ   C:\Program Files\meetingmaker\
              <NO NAME>   REG_SZ   C:\Program Files\meetingmaker\MM.EXE

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MousInfo.exe
              Path   REG_SZ   C:\Program Files\Microsoft IntelliPoint\
              <NO NAME>   REG_SZ   "C:\Program Files\Microsoft IntelliPoint\Mousinfo.exe"

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\moviemk.exe
              <NO NAME>   REG_SZ   C:\Program Files\Movie Maker\moviemk.exe

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mplayer2.exe
              <NO NAME>   REG_SZ   "C:\Program Files\Windows Media Player\mplayer2.exe"
              Path   REG_SZ   "C:\Program Files\Windows Media Player"

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSCONFIG.EXE
              <NO NAME>   REG_SZ   C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msimn.exe
              <NO NAME>   REG_EXPAND_SZ   %ProgramFiles%\Outlook Express\msimn.exe
              Path   REG_EXPAND_SZ   %ProgramFiles%\Outlook Express

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msinfo32.exe
              <NO NAME>   REG_SZ   C:\Program Files\Common Files\Microsoft Shared\MSInfo\MSInfo32.exe
              Path   REG_SZ   C:\Program Files\Common Files\Microsoft Shared\MSInfo

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mskey.exe
              Path   REG_SZ   C:\Program Files\Microsoft IntelliType Pro\
              <NO NAME>   REG_SZ   "C:\Program Files\Microsoft IntelliType Pro\mskey.exe"

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSMSGS.EXE
              <NO NAME>   REG_SZ   C:\Program Files\Messenger\msmsgs.exe
              Path   REG_SZ   C:\Program Files\Messenger;

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSNMSGR.EXE
              <NO NAME>   REG_SZ   C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
              Path   REG_SZ   C:\Program Files\Windows Live\Messenger\

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MsoHtmEd.exe
              useURL   REG_SZ   1

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msoxmled.exe
              useURL   REG_SZ   1
              <NO NAME>   REG_SZ   C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLED.EXE

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSPUB.EXE
              SaveURL   REG_SZ   1
              Path   REG_SZ   C:\Program Files\Microsoft Office\OFFICE11\
              <NO NAME>   REG_SZ   C:\PROGRA~1\MICROS~2\OFFICE11\MSPUB.EXE
              useURL   REG_DWORD   0x1

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mspview.exe
              Path   REG_SZ   C:\Program Files\Common Files\Microsoft Shared\MODI\11.0\
              <NO NAME>   REG_SZ   C:\PROGRA~1\COMMON~1\MICROS~1\MODI\11.0\MSPVIEW.EXE

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Netscp.exe
              <NO NAME>   REG_SZ   C:\Program Files\Netscape\Netscape\Netscp.exe
              Path   REG_SZ   C:\Program Files\Netscape\Netscape\

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Netscp6.exe
              <NO NAME>   REG_SZ   C:\Program Files\Netscape\Netscape\Netscp.exe
              Path   REG_SZ   C:\Program Files\Netscape\Netscape\

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\nvmixer.exe
              Path   REG_SZ   C:\Program Files\NVIDIA Corporation\NvMixer
              <NO NAME>   REG_SZ   C:\Program Files\NVIDIA Corporation\NvMixer\nvmixer.exe

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\nvmixertray.exe
              <NO NAME>   REG_SZ   C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
              Path   REG_SZ   C:\Program Files\NVIDIA Corporation\NvMixer

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ois.exe
              Path   REG_SZ   C:\Program Files\Microsoft Office\OFFICE11\
              <NO NAME>   REG_SZ   C:\PROGRA~1\MICROS~2\OFFICE11\OIS.EXE
              SaveURL   REG_SZ   0
              useURL   REG_SZ   1

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\pbrush.exe
              <NO NAME>   REG_EXPAND_SZ   %SystemRoot%\system32\mspaint.exe
              Path   REG_EXPAND_SZ   %SystemRoot%\system32

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PerfectDisk.exe
              <NO NAME>   REG_SZ   C:\Program Files\Raxco\PerfectDisk\PerfectDisk.exe
              Path   REG_SZ   C:\Program Files\Raxco\PerfectDisk\

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PhotoImpression.exe
              Path   REG_SZ   C:\Program Files\ArcSoft\PhotoImpression 5
              <NO NAME>   REG_SZ   C:\Program Files\ArcSoft\PhotoImpression 5\PhotoImpression.exe

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Photoshop.exe
              Path   REG_SZ   C:\Program Files\Adobe\Adobe Photoshop CS2\
              <NO NAME>   REG_SZ   C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PictureViewer.exe
              Path   REG_SZ   C:\Program Files\QuickTime\
              <NO NAME>   REG_SZ   C:\Program Files\QuickTime\PictureViewer.exe

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\powerpnt.exe
              Path   REG_SZ   C:\Program Files\Microsoft Office\OFFICE11\
              <NO NAME>   REG_SZ   C:\PROGRA~1\MICROS~2\OFFICE11\POWERPNT.EXE
              SaveURL   REG_SZ   1
              useURL   REG_SZ   1

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\QuickTimePlayer.exe
              <NO NAME>   REG_SZ   C:\Program Files\QuickTime\QuickTimePlayer.exe
              Path   REG_SZ   C:\Program Files\QuickTime\

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\QuickTour.exe
              <NO NAME>   REG_SZ   C:\Program Files\Logitech\SetPoint\QuickTour.exe
              Path   REG_SZ   C:\Program Files\Logitech\SetPoint

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Rhapsody.exe
              Path   REG_SZ   C:\Program Files\Rhapsody\
              <NO NAME>   REG_SZ   C:\Program Files\Rhapsody\rhapsody.exe
              Version   REG_SZ   4.0.5.209

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Safari.exe
              <NO NAME>   REG_SZ   C:\Program Files\Safari\Safari.exe

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\SetPoint.exe
              <NO NAME>   REG_SZ   C:\Program Files\Logitech\SetPoint\SetPoint.exe
              Path   REG_SZ   C:\Program Files\Logitech\SetPoint

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\setup.exe
              RunAsOnNonAdminInstall   REG_DWORD   0x1
              BlockOnTSNonInstallMode   REG_DWORD   0x1

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Sprint.exe
              <NO NAME>   REG_SZ   C:\Program Files\Abbyy FineReader 6.0 Sprint\Sprint.exe
              Path   REG_SZ   C:\Program Files\Abbyy FineReader 6.0 Sprint\

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Spw.exe
              Path   REG_SZ   C:\Program Files\SigmaPlot\SPW10\Spw.exe

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\table30.exe
              UseShortName   REG_SZ   

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\thunderbird.exe
              <NO NAME>   REG_SZ   C:\Program Files\Mozilla Thunderbird\thunderbird.exe
              Path   REG_SZ   C:\Program Files\Mozilla Thunderbird

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\VPC32.exe
              <NO NAME>   REG_SZ   C:\Program Files\Symantec AntiVirus\VPC32.exe
              Path   REG_SZ   C:\Program Files\Symantec AntiVirus\

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\vpngui.exe
              Path   REG_SZ   C:\Program Files\Cisco Systems\VPN Client\

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\vptray.exe
              <NO NAME>   REG_SZ   C:\PROGRA~1\SYMANT~1\VPTray.exe
              path   REG_SZ   C:\Program Files\Common Files\Symantec Shared\

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wab.exe
              <NO NAME>   REG_EXPAND_SZ   %ProgramFiles%\Outlook Express\wab.exe
              Path   REG_EXPAND_SZ   %ProgramFiles%\Outlook Express

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wabmig.exe
              <NO NAME>   REG_EXPAND_SZ   %ProgramFiles%\Outlook Express\wabmig.exe
              Path   REG_EXPAND_SZ   %ProgramFiles%\Outlook Express

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\winnt32.exe
              RunAsOnNonAdminInstall   REG_DWORD   0x1

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WinRAR.exe
              <NO NAME>   REG_SZ   C:\Program Files\WinRAR\WinRAR.exe
              Path   REG_SZ   C:\Program Files\WinRAR

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Winword.exe
              useURL   REG_SZ   1
              Path   REG_SZ   C:\Program Files\Microsoft Office\OFFICE11\
              <NO NAME>   REG_SZ   C:\PROGRA~1\MICROS~2\OFFICE11\WINWORD.EXE
              SaveURL   REG_SZ   1

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wmplayer.exe
              <NO NAME>   REG_SZ   C:\Program Files\Windows Media Player\wmplayer.exe
              Path   REG_SZ   C:\Program Files\Windows Media Player

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WORDPAD.EXE

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WRITE.EXE

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\xp-AntiSpy.exe
              <NO NAME>   REG_SZ   C:\Program Files\xp-AntiSpy\xp-AntiSpy.exe

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\XPSViewer.exe
              <NO NAME>   REG_SZ   "C:\WINDOWS\system32\XPSViewer\XPSViewer.exe"

          HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\YourApp.exe
              Path   REG_SZ   C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor
              <NO NAME>   REG_SZ   C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\YourApp.exe
           
           
          Mozilla
           

          ! REG.EXE VERSION 3.0

          HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla

          HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Desktop
              haveBeenSet   REG_SZ   1
              showDialog   REG_SZ   1
              showMapiDialog   REG_SZ   0
              HKEY_LOCAL_MACHINE\Software\Clients\Mail   REG_SZ   Mozilla Thunderbird
              HKEY_CURRENT_USER\Software\Clients\Mail   REG_SZ   Mozilla Thunderbird
              defaultMailHasBeenSet   REG_SZ   1

          HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox

          HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions
              {20a82645-c095-46ed-80e3-08825760534b}   REG_SZ   C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
              [email protected]   REG_EXPAND_SZ   C:\Program Files\Java\jre6\lib\deploy\jqs\ff

          HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
              <NO NAME>   REG_SZ   1.9.1.10
              CurrentVersion   REG_SZ   3.5.10 (en-US)

          HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\3.5.10 (en-US)
              <NO NAME>   REG_SZ   3.5.10 (en-US)

          HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\3.5.10 (en-US)\Main
              Install Directory   REG_SZ   C:\Program Files\Mozilla Firefox
              PathToExe   REG_SZ   C:\Program Files\Mozilla Firefox\firefox.exe

          HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\3.5.10 (en-US)\Uninstall
              Description   REG_SZ   Mozilla Firefox (3.5.10)

          HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.5.10
              GeckoVer   REG_SZ   1.9.1.10

          HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.5.10\bin
              PathToExe   REG_SZ   C:\Program Files\Mozilla Firefox\firefox.exe

          HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.5.10\extensions
              Components   REG_SZ   C:\Program Files\Mozilla Firefox\components
              Plugins   REG_SZ   C:\Program Files\Mozilla Firefox\plugins

          HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Thunderbird
              <NO NAME>   REG_SZ   1.9.1.7
              CurrentVersion   REG_SZ   3.0.1 (en-US)

          HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Thunderbird\3.0.1 (en-US)
              <NO NAME>   REG_SZ   3.0.1 (en-US)

          HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Thunderbird\3.0.1 (en-US)\Main
              Install Directory   REG_SZ   C:\Program Files\Mozilla Thunderbird
              PathToExe   REG_SZ   C:\Program Files\Mozilla Thunderbird\thunderbird.exe

          HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Thunderbird\3.0.1 (en-US)\Uninstall
              Description   REG_SZ   Mozilla Thunderbird (3.0.1)

          HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Thunderbird 1.5

          HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Thunderbird 3.0.1
              GeckoVer   REG_SZ   1.9.1.7

          HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Thunderbird 3.0.1\bin
              PathToExe   REG_SZ   C:\Program Files\Mozilla Thunderbird\thunderbird.exe

          HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Thunderbird 3.0.1\extensions
              Components   REG_SZ   C:\Program Files\Mozilla Thunderbird\components
              Plugins   REG_SZ   C:\Program Files\Mozilla Thunderbird\plugins

          HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Netscape 7.2
              GeckoVer   REG_SZ   1.0.1

          HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Netscape 7.2\bin
              PathToExe   REG_SZ   C:\Program Files\Netscape\Netscape\Netscp.exe

          HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Netscape 7.2\Extensions
              Components   REG_SZ   C:\Program Files\Netscape\Netscape\Components
              Plugins   REG_SZ   C:\Program Files\Netscape\Netscape\Plugins
           
           
          Shared Task Scheduler
           

          ! REG.EXE VERSION 3.0

          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
              {438755C2-A8BA-11D1-B96B-00A0C90312E1}   REG_SZ   Browseui preloader
              {8C7461EF-2B13-11d2-BE35-3078302C2030}   REG_SZ   Component Categories cache daemon
           
           
          SafeBoot
           
           
           
          SafeBootMinimal
           

          ! REG.EXE VERSION 3.0

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
           
           
          SafeBootNetwork
           

          ! REG.EXE VERSION 3.0

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmadmin

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmio.sys

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmload.sys

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmserver

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ip6fw.sys

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NtLmSsp

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sr.sys

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SRService

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SupportSoft RemoteAssist

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\termservice

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WdfLoadGroup

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WZCSVC

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
           
           
          File Rename Operations - Session
           

          ! REG.EXE VERSION 3.0

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations
           
           
          Known DLLs - Session
           

          ! REG.EXE VERSION 3.0

          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDlls
              advapi32   REG_SZ   advapi32.dll
              comdlg32   REG_SZ   comdlg32.dll
              DllDirectory   REG_EXPAND_SZ   %SystemRoot%\system32
              gdi32   REG_SZ   gdi32.dll
              imagehlp   REG_SZ   imagehlp.dll
              kernel32   REG_SZ   kernel32.dll
              lz32   REG_SZ   lz32.dll
              ole32   REG_SZ   ole32.dll
              oleaut32   REG_SZ   oleaut32.dll
              olecli32   REG_SZ   olecli32.dll
              olecnv32   REG_SZ   olecnv32.dll
              olesvr32   REG_SZ   olesvr32.dll
              olethk32   REG_SZ   olethk32.dll
              rpcrt4   REG_SZ   rpcrt4.dll
              shell32   REG_SZ   shell32.dll
              url   REG_SZ   url.dll
              urlmon   REG_SZ   urlmon.dll
              user32   REG_SZ   user32.dll
              version   REG_SZ   version.dll
              wininet   REG_SZ   wininet.dll
              wldap32   REG_SZ   wldap32.dll
           
           
          Downloaded program files (ActiveX)
           

          ! REG.EXE VERSION 3.0

          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units

          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{019D5592-3928-4DE4-BAA2-1F2E5EEF4CF6}

          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{27B87596-448E-40CB-B3B4-4F329FF540EC}

          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{45EEDB84-57BC-4FBD-8065-7AB8E971B545}

          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{46965FE7-2129-407B-938C-BE358A56D11E}

          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7E8DC73D-69CD-4F67-99B1-8DC6E42F6246}

          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{860FFAFE-5AAA-11D2-81EB-006008A2E49D}

          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}

          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}

          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9A0CA502-7DA4-4B72-B5D4-D280DE8D4512}

          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{ACEFFC26-4628-11D1-B14A-105C01C13001}

          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B7B8B614-6A5C-4140-A303-43CEB589D6A5}

          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B7EA9615-586E-4193-9C3C-A29CA577E040}

          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CE10AD66-84BC-46A9-9424-C863199C0408}

          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E5F5D008-DD2C-4D32-977D-1A0ADF03058B}
           
          PATH: C:\windows\Downloaded Program Files
          1775576.CHN
          AHSCompressionEngine.dll
          AHSCompressionEngine.inf
          AICForms.inf
          AICViewer.ocx
          aic_ViewerAS2.inf
          AIC_ViewerAS2.ocx
          DictateBar.dll
          DictateBar.inf
          DictionaryManager.exe
          DictionaryManager.INF
          erma.inf
          FMDEditor.ocx
          ImgXCAB61.INF
          ImgXCAB61.ocx
          ImgXDialog61.dll
          ImgXDialog61.INF
          JuniperSetup.INF
          JuniperSetup.ocx
          setup2.inf
          string_de.properties
          string_en.properties
          string_es.properties
          string_fr.properties
          string_ja.properties
          string_ko.properties
          string_zh.properties
          string_zh_cn.properties
          twrtf.inf
          twrtf.ocx
          VSMCOMM.dll
          VSMVDI.dll
          wavital.inf
          WAVitalSignsCtl.ocx
          WAVSMComSvr.dll
          wspell.inf
           
           
          Mountpoints
           

          ! REG.EXE VERSION 3.0

          HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2

          HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A

          HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C

          HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D

          HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E

          HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F

          HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00f31f2b-cb1d-11dd-8e05-001ee51ea6fb}

          HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03dbba33-805b-11dd-8dee-001ee51ea6fb}

          HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{147f134a-13a2-11df-8e4e-001ee51ea6fb}

          HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ca988e2-7216-11db-9810-ea2aaf0774d6}

          HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25301010-7218-11db-9a8b-806d6172696f}

          HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{344906fc-8b40-11de-8e32-001ee51ea6fb}

          HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3483299e-7b0b-11da-afdb-806d6172696f}

          HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{348329a1-7b0b-11da-afdb-806d6172696f}

          HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{373285c7-5e9f-11de-8e24-001ee51ea6fb}

          HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e137373-714c-11dc-8db2-00508ddb9e34}

          HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e137374-714c-11dc-8db2-00508ddb9e34}

          HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{456422c6-db71-11dc-8dd0-00508ddb9e34}

          HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{456422c7-db71-11dc-8dd0-00508ddb9e34}

          HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64bb439d-daa4-11dd-8e0d-001ee51ea6fb}

          HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{958727ea-763e-11de-8e25-001ee51ea6fb}

          HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC
           
           
          Winlogon
           

          ! REG.EXE VERSION 3.0

          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
              AutoRestartShell   REG_DWORD   0x1
              DefaultDomainName   REG_SZ   MADCAT
              DefaultUserName   REG_SZ   pam
              LegalNoticeCaption   REG_SZ   
              LegalNoticeText   REG_SZ   
              PowerdownAfterShutdown   REG_SZ   0
              ReportBootOk   REG_SZ   1
              Shell   REG_SZ   Explorer.exe
              ShutdownWithoutLogon   REG_SZ   0
              System   REG_SZ   
              Userinit   REG_SZ   C:\WINDOWS\system32\userinit.exe,
              VmApplet   REG_SZ   rundll32 shell32,Control_RunDLL "sysdm.cpl"
              SfcQuota   REG_DWORD   0xffffffff
              allocatecdroms   REG_SZ   0
              allocatedasd   REG_SZ   0
              allocatefloppies   REG_SZ   0
              cachedlogonscount   REG_SZ   10
              forceunlocklogon   REG_DWORD   0x0
              passwordexpirywarning   REG_DWORD   0xe
              scremoveoption   REG_SZ   0
              AllowMultipleTSSessions   REG_DWORD   0x1
              UIHost   REG_EXPAND_SZ   logonui.exe
              LogonType   REG_DWORD   0x1
              Background   REG_SZ   0 0 0
              DebugServerCommand   REG_SZ   no
              SFCDisable   REG_DWORD   0x0
              WinStationsDisabled   REG_SZ   0
              HibernationPreviouslyEnabled   REG_DWORD   0x1
              ShowLogonOptions   REG_DWORD   0x0
              AltDefaultUserName   REG_SZ   pam
              AltDefaultDomainName   REG_SZ   MADCAT
              ChangePasswordUseKerberos   REG_DWORD   0x1

          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions

          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SCLogon

          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts

          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Credentials
           
           
          {END OF FILE}

          Dr Jay

          • Malware Removal Specialist


          • Specialist
          • Moderator emeritus
          • Thanked: 119
          • Experience: Guru
          • OS: Windows 10
          Re: Please help with malware infection
          « Reply #6 on: June 29, 2010, 08:46:49 PM »
          Please download Malwarebytes Anti-Malware from Malwarebytes.org.
          Alternate link: BleepingComputer.com.
          (Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

          Double Click mbam-setup.exe to install the application.

          (Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)
          • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
          • If an update is found, it will download and install the latest version.
          • Once the program has loaded, select "Perform Quick Scan", then click Scan.
          • The scan may take some time to finish,so please be patient.
          • When the scan is complete, click OK, then Show Results to view the results.
          • Make sure that everything is checked, and click Remove Selected.
          • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
          • Please save the log to a location you will remember.
          • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
          • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
          • Copy and paste the entire report in your next reply.
          ~Dr Jay

          tongp

            Topic Starter


            Greenhorn

            Re: Please help with malware infection
            « Reply #7 on: June 29, 2010, 09:32:36 PM »
            Malwarebytes' Anti-Malware 1.46
            www.malwarebytes.org

            Database version: 4260

            Windows 5.1.2600 Service Pack 3
            Internet Explorer 8.0.6001.18702

            6/29/2010 10:31:25 PM
            mbam-log-2010-06-29 (22-31-25).txt

            Scan type: Quick scan
            Objects scanned: 188620
            Time elapsed: 13 minute(s), 31 second(s)

            Memory Processes Infected: 0
            Memory Modules Infected: 0
            Registry Keys Infected: 0
            Registry Values Infected: 0
            Registry Data Items Infected: 0
            Folders Infected: 0
            Files Infected: 0

            Memory Processes Infected:
            (No malicious items detected)

            Memory Modules Infected:
            (No malicious items detected)

            Registry Keys Infected:
            (No malicious items detected)

            Registry Values Infected:
            (No malicious items detected)

            Registry Data Items Infected:
            (No malicious items detected)

            Folders Infected:
            (No malicious items detected)

            Files Infected:
            (No malicious items detected)

            Dr Jay

            • Malware Removal Specialist


            • Specialist
            • Moderator emeritus
            • Thanked: 119
            • Experience: Guru
            • OS: Windows 10
            Re: Please help with malware infection
            « Reply #8 on: June 29, 2010, 09:48:08 PM »
            Please run a free online scan with the ESET Online Scanner
            • Tick the box next to YES, I accept the Terms of Use
            • Click Start
            • When asked, allow the ActiveX control to install
            • Click Start
            • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
            • Click Scan (This scan can take several hours, so please be patient)
            • Once the scan is completed, you may close the window
            • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
            • Copy and paste that log as a reply to this topic
            ~Dr Jay

            tongp

              Topic Starter


              Greenhorn

              Re: Please help with malware infection
              « Reply #9 on: June 30, 2010, 10:30:11 AM »
              ESETSmartInstaller@High as CAB hook log:
              OnlineScanner.ocx - registred OK
              # version=7
              # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
              # OnlineScanner.ocx=1.0.0.6211
              # api_version=3.0.2
              # EOSSerial=a97d33cc80130541a5f82a72fd3910ff
              # end=finished
              # remove_checked=true
              # archives_checked=false
              # unwanted_checked=true
              # unsafe_checked=false
              # antistealth_checked=true
              # utc_time=2010-06-30 04:30:14
              # local_time=2010-06-30 11:30:14 (-0600, Central Daylight Time)
              # country="United States"
              # lang=1033
              # osver=5.1.2600 NT Service Pack 3
              # compatibility_mode=512 16777215 100 0 63732 63732 0 0
              # compatibility_mode=6401 16777213 66 100 66974 5229640 0 0
              # compatibility_mode=8192 67108863 100 0 0 0 0 0
              # scanned=191926
              # found=0
              # cleaned=0
              # scan_time=7653

              Dr Jay

              • Malware Removal Specialist


              • Specialist
              • Moderator emeritus
              • Thanked: 119
              • Experience: Guru
              • OS: Windows 10
              Re: Please help with malware infection
              « Reply #10 on: June 30, 2010, 12:09:41 PM »
              Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
              • Select Start > All Programs > Accessories > System tools > System Restore.
              • On the dialogue box that appears select Create a Restore Point
              • Click NEXT
              • Enter a name e.g. Clean
              • Click CREATE
              You now have a clean restore point, to get rid of the bad ones:
              • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
              • In the Drop down box that appears select your main drive e.g. C
              • Click OK
              • The System will do some calculation and the display a dialogue box with TABS
              • Select the More Options Tab.
              • At the bottom will be a system restore box with a CLEANUP button click this
              • Accept the Warning and select OK again, the program will close and you are done
              To remove all of the tools we used and the files and folders they created, please do the following:
              Please download OTC.exe by OldTimer:
              • Save it to your Desktop.
              • Double click OTC.exe.
              • Click the CleanUp! button.
              • If you are prompted to Reboot during the cleanup, select Yes.
              • The tool will delete itself once it finishes.
              Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

              ==

              Please download TFC by OldTimer to your desktop
              • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
              • It will close all programs when run, so make sure you have saved all your work before you begin.
              • Click the Start
                button to begin the process. Depending on how often you clean temp
                files, execution time should be anywhere from a few seconds to a minute
                or two. Let it run uninterrupted to completion.
              • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
              ==

              Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
              • Save it to your Desktop.
              • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
              • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
              ~Dr Jay

              tongp

                Topic Starter


                Greenhorn

                Re: Please help with malware infection
                « Reply #11 on: June 30, 2010, 06:36:56 PM »
                 Results of screen317's Security Check version 0.99.4 
                 Windows XP Service Pack 3 
                 Internet Explorer 8 
                ``````````````````````````````
                Antivirus/Firewall Check:

                 Windows Firewall Disabled! 
                 ESET Online Scanner v3   
                 Symantec AntiVirus     
                 Online Armor 4.0   
                 Antivirus up to date! 
                ```````````````````````````````
                Anti-malware/Other Utilities Check:

                 Ad-Aware
                 Malwarebytes' Anti-Malware   
                 CCleaner     
                 Java Web Start   
                 Java(TM) 6 Update 20 
                 Java(TM) 6 Update 3 
                 Java(TM) 6 Update 5 
                 Java 2 Runtime Environment, SE v1.4.1_02
                 Out of date Java installed!
                 Adobe Flash Player 10.1.53.64 
                Adobe Reader 9.3.2
                 Mozilla Firefox (3.5.10) Firefox Out of Date! 
                 Mozilla Thunderbird (3.0.1) Thunderbird Out of Date! 
                ````````````````````````````````
                Process Check: 
                objlist.exe by Laurent

                 Ad-Aware AAWService.exe is disabled!
                 Ad-Aware AAWTray.exe is disabled!
                ````````````````````````````````
                DNS Vulnerability Check:

                 Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

                ``````````End of Log````````````

                Dr Jay

                • Malware Removal Specialist


                • Specialist
                • Moderator emeritus
                • Thanked: 119
                • Experience: Guru
                • OS: Windows 10
                Re: Please help with malware infection
                « Reply #12 on: June 30, 2010, 06:40:59 PM »
                Please download JavaRa and unzip it to your Desktop.

                Double click JavaRa.exe then click Remove Older Versions.

                Follow any prompts; a log will popup (JavaRa.log)-- please post the contents of this log.

                Next, open JavaRa.exe again, and select Search For Updates.

                Select Update Using Sun Java's Website --> Search, and continue the instructions for downloading and installing the latest Java version.

                ==============================

                Firefox is out of date. Firefox is a very popular web browser, and if it is out of date, it is very vulnerable to security bugs, and other holes. To update it now, click Help > Check for Updates.

                ======================

                Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

                Software recommendations

                AntiSpyware
                • SpywareBlaster
                  SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
                • Spybot - Search & Destroy.
                  Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).
                NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

                Resident Protection help
                A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

                Securing your computer
                • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft.  To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
                • hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.
                Please consider using an alternate browser
                Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

                If you are interested:
                See this page for more info about malware and prevention.
                ~Dr Jay

                tongp

                  Topic Starter


                  Greenhorn

                  Re: Please help with malware infection
                  « Reply #13 on: June 30, 2010, 07:55:26 PM »
                  Thanks very much for your help with this, DragonMaster Jay.

                  Dr Jay

                  • Malware Removal Specialist


                  • Specialist
                  • Moderator emeritus
                  • Thanked: 119
                  • Experience: Guru
                  • OS: Windows 10
                  Re: Please help with malware infection
                  « Reply #14 on: June 30, 2010, 07:57:50 PM »
                  You're welcome. :)
                  ~Dr Jay