Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Computer running slowly, don't know why.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Computer running slowly, don't know why.

Unread postby Perkypen » August 30th, 2008, 11:24 am

My six year old son has been using my laptop a lot recently, and I think he's probably been clicking on various ads and downloading games not knowing what they were. My computer was running incredibly slow, but now it won't open Internet Explorer or Firefox. I'm using a desktop computer right now. I figured he probably downloaded something that's messed it up, but I would hate to delete the wrong thing. I've used this forum before and have gotten wonderful results, so when I wanted help, I came straight here.


HiJackThis Log from my laptop:

Logfile of HijackThis v1.99.1
Scan saved at 11:18, on 2008-08-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Gamevance\gamevance32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Gamevance Text - {7370F91F-6994-4595-9949-601FA2261C8D} - C:\Program Files\Gamevance\gvtl.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-U ... E_UNO1.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v45/be ... eweled.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://ez-ftz.webex.com/client/T23L/webex/ieatgpc.cab
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - http://na.inquiero.com/inquiero/mod/set ... 118_24.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: Engepkey - {EFE8EC3F-005E-4EB9-A93A-A03D845AA533} - C:\WINDOWS\system32\reguvui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
Perkypen
Regular Member
 
Posts: 180
Joined: February 9th, 2005, 12:07 pm
Location: Catawba, NC
Advertisement
Register to Remove

Re: Computer running slowly, don't know why.

Unread postby Shaba » September 1st, 2008, 3:03 am

Hi Perkypen

  1. Please download OTViewIt by OldTimer and save it to your Desktop.
  2. Close all applications and windows.
  3. Double-click on the OTViewIt.exeto start OTViewIt.
  4. Place a checkmark in the blue-colored "Scan All Users" checkbox.
  5. Click the blue Run Scan button.
  6. OTViewIt will now start its scan.
  7. When the scan is complete, two text files will be created, OTViewIt.Txt <- this one will be opened in Notepad and Extras.txt, on Desktop.
  8. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTViewIt.Txt and the Extras.txt to your post.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Computer running slowly, don't know why.

Unread postby Perkypen » September 1st, 2008, 11:11 am

OTViewIt Extras logfile created on: 2008-09-01 11:05:27 - Run 1
OTViewIt by OldTimer - Version 1.0.1.7 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

958.23 Mb Total Physical Memory | 337.93 Mb Available Physical Memory | 35.27% Memory free
2.26 Gb Paging File | 1.75 Gb Available in Paging File | 77.58% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 86.31 Gb Total Space | 56.11 Gb Free Space | 65.01% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 4.64 Gb Free Space | 67.93% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[10-24-2006 05:10 PM | 04,662,776 | ---- | M] (Yahoo! Inc.)

"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Messenger
[01-19-2007 12:54 PM | 05,674,352 | ---- | M] (Microsoft Corporation)

"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
[10-04-2007 11:20 AM | 00,050,528 | ---- | M] (AOL LLC)

"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares
[07-16-2007 05:54 PM | 00,961,536 | ---- | M] (Ares Development Group)

"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
[11-03-2006 03:17 AM | 00,010,800 | ---- | M] (AOL LLC)

"C:\Program Files\Common Files\AOL\1138249094\EE\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1138249094\EE\aolsoftware.exe:*:Enabled:AOL Services
[05-09-2006 08:24 PM | 00,050,760 | ---- | M] (America Online, Inc.)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[02-19-2008 01:10 PM | 19,897,640 | ---- | M] (Apple Inc.)

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] - "%1" %*
.cmd [@ = cmdfile] - "%1" %*
.com [@ = comfile] - "%1" %*
.exe [@ = exefile] - "%1" %*
.html [@ = FirefoxHTML] - [07-27-2008 06:21 PM | 07,667,312 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe
.pif [@ = piffile] - "%1" %*
.scr [@ = scrfile] - "%1" /S

========== Winsock2 Catalogs ==========

========== HKEY_LOCAL_MACHINE Protocol Defaults ==========


========== HKEY_CURRENT_USER Protocol Defaults ==========


========== HKEY_USERS Protocol Defaults ==========


========== HKEY_USERS Protocol Defaults ==========


========== HKEY_USERS Protocol Defaults ==========


========== HKEY_USERS Protocol Defaults ==========


========== HKEY_USERS Protocol Defaults ==========


========== Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
msdaipp: [HKLM - No CLSID value]

========== Protocol Filters ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0AFC9710-5DD6-4C6A-BA52-91AE992B2C9D}" = Safari
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}" = Security Update for CAPICOM (KB931906)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160" = Canon MP160
"{1330F885-F8E4-4c36-9B88-E19F82042C06}" = 3100_3200_3300trb
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{1AC0D592-7F2C-4BBF-B823-EEECD74F097B}" = TaxCut North Carolina 2007
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.4.3
"{29D851C2-048C-4B5E-8D1F-25D473342BB5}" = ScanSoft OmniPage SE 4.0
"{2B65C841-EC48-4087-8021-6DBB9C1DE5E6}" = 3200
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3324A5DC-C7F6-430A-ACC8-F251CD8F4FC7}" = Motorola Driver Installation
"{34FF0741-EC67-4C05-AC2A-6D257123DF2E}" = BigFix
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37477865-A3F1-4772-AD43-AAFC6BCFF99F}" = MSXML 4.0 SP2 (KB927978)
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{3E386744-10FA-44b2-98C9-DF7A270DECB3}" = HP PSC & OfficeJet 5.3.A
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{50E7BB78-02B4-469a-9D8B-B2F42835F90E}" = ProductContextNPI
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{663E217E-FC26-4249-9E8E-F190CD63E737}" = TaxCut Premium + State 2007
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6846389C-BAC0-4374-808E-B120F86AF5D7}" = Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{80FD852F-5AAC-4129-B931-06AAFFA43138}" = iTunes
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110074983}" = BeTrapped!
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{8704D51E-25B7-4F23-81E7-AA4F54790210}" = Microsoft Streets and Trips 2004
"{8A5EBB62-ADE7-41E2-8884-1517DE3505D1}" = DeductionPro 2007
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHERR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PUBLISHERR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PUBLISHERR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PUBLISHERR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHERR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PUBLISHERR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{8F375E11-4FD6-4B89-9E2B-A76D48B51E00}" = Security Update for Microsoft Office system 2007 (KB951808)
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{A420F522-7395-4872-9882-C591B4B92278}" = Update for Office 2007 (KB946691)
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}" = Security Update for Microsoft Office Publisher 2007 (KB950114)
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91A2689C-D4B1-43BB-A521-0E29B963FC56}" = iPod Reset Utility
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC76BA86-7AD7-1033-7B44-A81200000003}_Adobe Reader 8.1.2" = Adobe Reader 8.1.2 Security Update 1 (KB403742)
"{B276997E-4367-4b1b-A39C-4CAE7464337A}" = AiO_Scan_CDA
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B60E7826-F117-4d26-8165-D2DC5A494AB0}" = Fax_CDA
"{B64E3AFC-59EF-4f18-BF11-E751462450D3}" = AiOSoftwareNPI
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
"{C04E32E0-0416-434D-AFB9-6969D703A9EF}" = MSXML 4.0 SP2 (KB936181)
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D2A0F8F4-CE50-4857-A21C-3061682B2E87}" = Sansa Media Converter
"{DB4C031D-B2F8-47F1-A274-59A8F3B61033}" = Nero 7
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F1931CAB-C7DD-4825-8A58-BC5278805200}" = 3100_3200_3300_Help
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Photoshop 7.0.1" = Adobe Photoshop 7.0.1
"AIM_6" = AIM 6
"AJCompressCopy" = AJScreensaver
"All ATI Software" = ATI - Software Uninstall Utility
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Spyware Protection" = AOL Spyware Protection
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Ares" = Ares 2.0.9
"ATI Display Driver" = ATI Display Driver
"AudibleDownloadManager" = Audible Download Manager
"AudibleManager" = AudibleManager
"AVG7Uninstall" = AVG 7.5
"Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
"Bejeweled Deluxe 1.862" = Bejeweled Deluxe 1.862
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Network Adapter
"Canon MP160 User Registration" = Canon MP160 User Registration
"CANONBJ_Deinstall_CNMCP61.DLL" = Canon PIXMA iP3000
"CanonMyPrinter" = Canon My Printer
"CCleaner" = CCleaner (remove only)
"Chuzzle Deluxe 1.0" = Chuzzle Deluxe 1.0
"CNXT_AUDIO" = Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_0300107B" = Soft Data Fax Modem with SmartCP
"Disney Toontown Online" = Disney Toontown Online
"DotColor 3.0_is1" = DotColor 3.0
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HijackThis" = HijackThis 1.99.1
"Holiday Snapshot Imprintables" = Holiday Snapshot Imprintables
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Insaniquarium Deluxe 1.0" = Insaniquarium Deluxe 1.0
"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InterActual Player" = InterActual Player
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"KB834707" = Windows XP Hotfix - KB834707
"KB867282" = Windows XP Hotfix - KB867282
"KB873333" = Windows XP Hotfix - KB873333
"KB873339" = Windows XP Hotfix - KB873339
"KB883939" = Security Update for Windows XP (KB883939)
"KB885250" = Windows XP Hotfix - KB885250
"KB885835" = Windows XP Hotfix - KB885835
"KB885836" = Windows XP Hotfix - KB885836
"KB886185" = Windows XP Hotfix - KB886185
"KB887472" = Windows XP Hotfix - KB887472
"KB887742" = Windows XP Hotfix - KB887742
"KB888113" = Windows XP Hotfix - KB888113
"KB888239" = Windows XP Hotfix - KB888239
"KB888302" = Windows XP Hotfix - KB888302
"KB890046" = Security Update for Windows XP (KB890046)
"KB890047" = Windows XP Hotfix - KB890047
"KB890175" = Windows XP Hotfix - KB890175
"KB890859" = Windows XP Hotfix - KB890859
"KB890923" = Windows XP Hotfix - KB890923
"KB891781" = Windows XP Hotfix - KB891781
"KB892130" = Windows Genuine Advantage Validation Tool (KB892130)
"KB893066" = Security Update for Windows XP (KB893066)
"KB893086" = Windows XP Hotfix - KB893086
"KB893357" = Hotfix for Windows XP (KB893357)
"KB893756" = Security Update for Windows XP (KB893756)
"KB893803" = Windows Installer 3.1 (KB893803)
"KB893803v2" = Windows Installer 3.1 (KB893803)
"KB894391" = Update for Windows XP (KB894391)
"KB896344" = Hotfix for Windows XP (KB896344)
"KB896358" = Security Update for Windows XP (KB896358)
"KB896422" = Security Update for Windows XP (KB896422)
"KB896423" = Security Update for Windows XP (KB896423)
"KB896424" = Security Update for Windows XP (KB896424)
"KB896428" = Security Update for Windows XP (KB896428)
"KB896688" = Security Update for Windows XP (KB896688)
"KB896727" = Update for Windows XP (KB896727)
"KB898458" = Security Update for Step By Step Interactive Training (KB898458)
"KB898461" = Update for Windows XP (KB898461)
"KB899587" = Security Update for Windows XP (KB899587)
"KB899588" = Security Update for Windows XP (KB899588)
"KB899589" = Security Update for Windows XP (KB899589)
"KB899591" = Security Update for Windows XP (KB899591)
"KB900485" = Update for Windows XP (KB900485)
"KB900725" = Security Update for Windows XP (KB900725)
"KB901017" = Security Update for Windows XP (KB901017)
"KB901214" = Security Update for Windows XP (KB901214)
"KB902400" = Security Update for Windows XP (KB902400)
"KB903235" = Security Update for Windows XP (KB903235)
"KB904706" = Security Update for Windows XP (KB904706)
"KB904942" = Update for Windows XP (KB904942)
"KB905414" = Security Update for Windows XP (KB905414)
"KB905749" = Security Update for Windows XP (KB905749)
"KB905915" = Security Update for Windows XP (KB905915)
"KB906569" = Hotfix for Windows XP (KB906569)
"KB908519" = Security Update for Windows XP (KB908519)
"KB908531" = Security Update for Windows XP (KB908531)
"KB910437" = Update for Windows XP (KB910437)
"KB911280" = Security Update for Windows XP (KB911280)
"KB911562" = Security Update for Windows XP (KB911562)
"KB911564" = Security Update for Windows Media Player (KB911564)
"KB911565" = Security Update for Windows Media Player 10 (KB911565)
"KB911567" = Security Update for Windows XP (KB911567)
"KB911927" = Security Update for Windows XP (KB911927)
"KB912812" = Security Update for Windows XP (KB912812)
"KB912919" = Security Update for Windows XP (KB912919)
"KB913446" = Security Update for Windows XP (KB913446)
"KB913580" = Security Update for Windows XP (KB913580)
"KB914388" = Security Update for Windows XP (KB914388)
"KB914389" = Security Update for Windows XP (KB914389)
"KB914440" = Hotfix for Windows XP (KB914440)
"KB915865" = Hotfix for Windows XP (KB915865)
"KB916281" = Security Update for Windows XP (KB916281)
"KB916595" = Update for Windows XP (KB916595)
"KB917159" = Security Update for Windows XP (KB917159)
"KB917344" = Security Update for Windows XP (KB917344)
"KB917422" = Security Update for Windows XP (KB917422)
"KB917734_WMP10" = Security Update for Windows Media Player 10 (KB917734)
"KB917953" = Security Update for Windows XP (KB917953)
"KB918118" = Security Update for Windows XP (KB918118)
"KB918439" = Security Update for Windows XP (KB918439)
"KB918899" = Security Update for Windows XP (KB918899)
"KB919007" = Security Update for Windows XP (KB919007)
"KB920213" = Security Update for Windows XP (KB920213)
"KB920214" = Security Update for Windows XP (KB920214)
"KB920670" = Security Update for Windows XP (KB920670)
"KB920683" = Security Update for Windows XP (KB920683)
"KB920685" = Security Update for Windows XP (KB920685)
"KB920872" = Update for Windows XP (KB920872)
"KB921398" = Security Update for Windows XP (KB921398)
"KB921503" = Security Update for Windows XP (KB921503)
"KB921883" = Security Update for Windows XP (KB921883)
"KB922582" = Update for Windows XP (KB922582)
"KB922616" = Security Update for Windows XP (KB922616)
"KB922819" = Security Update for Windows XP (KB922819)
"KB923191" = Security Update for Windows XP (KB923191)
"KB923414" = Security Update for Windows XP (KB923414)
"KB923689" = Security Update for Windows XP (KB923689)
"KB923694" = Security Update for Windows XP (KB923694)
"KB923980" = Security Update for Windows XP (KB923980)
"KB924191" = Security Update for Windows XP (KB924191)
"KB924270" = Security Update for Windows XP (KB924270)
"KB924496" = Security Update for Windows XP (KB924496)
"KB924667" = Security Update for Windows XP (KB924667)
"KB925398_WMP64" = Security Update for Windows Media Player 6.4 (KB925398)
"KB925486" = Security Update for Windows XP (KB925486)
"KB925902" = Security Update for Windows XP (KB925902)
"KB926239" = Hotfix for Windows XP (KB926239)
"KB926255" = Security Update for Windows XP (KB926255)
"KB926436" = Security Update for Windows XP (KB926436)
"KB927779" = Security Update for Windows XP (KB927779)
"KB927802" = Security Update for Windows XP (KB927802)
"KB927891" = Update for Windows XP (KB927891)
"KB928090-IE7" = Security Update for Windows Internet Explorer 7 (KB928090)
"KB928255" = Security Update for Windows XP (KB928255)
"KB928843" = Security Update for Windows XP (KB928843)
"KB929123" = Security Update for Windows XP (KB929123)
"KB929338" = Update for Windows XP (KB929338)
"KB929399" = Hotfix for Windows Media Format 11 SDK (KB929399)
"KB929969" = Security Update for Windows Internet Explorer 7 (KB929969)
"KB930178" = Security Update for Windows XP (KB930178)
"KB930916" = Update for Windows XP (KB930916)
"KB931261" = Security Update for Windows XP (KB931261)
"KB931768-IE7" = Security Update for Windows Internet Explorer 7 (KB931768)
"KB931784" = Security Update for Windows XP (KB931784)
"KB931836" = Update for Windows XP (KB931836)
"KB931906" = Security Update for CAPICOM (KB931906)
"KB932168" = Security Update for Windows XP (KB932168)
"KB932823-v3" = Update for Windows XP (KB932823-v3)
"KB933360" = Update for Windows XP (KB933360)
"KB933566-IE7" = Security Update for Windows Internet Explorer 7 (KB933566)
"KB933729" = Security Update for Windows XP (KB933729)
"KB935839" = Security Update for Windows XP (KB935839)
"KB935840" = Security Update for Windows XP (KB935840)
"KB936021" = Security Update for Windows XP (KB936021)
"KB936782_WMP11" = Security Update for Windows Media Player 11 (KB936782)
"KB937143-IE7" = Security Update for Windows Internet Explorer 7 (KB937143)
"KB938127-IE7" = Security Update for Windows Internet Explorer 7 (KB938127)
"KB938828" = Update for Windows XP (KB938828)
"KB938829" = Security Update for Windows XP (KB938829)
"KB939653-IE7" = Security Update for Windows Internet Explorer 7 (KB939653)
"KB939683" = Hotfix for Windows Media Player 11 (KB939683)
"KB941202" = Security Update for Windows XP (KB941202)
"KB941568" = Security Update for Windows XP (KB941568)
"KB941569" = Security Update for Windows XP (KB941569)
"KB941644" = Security Update for Windows XP (KB941644)
"KB941693" = Security Update for Windows XP (KB941693)
"KB942615-IE7" = Security Update for Windows Internet Explorer 7 (KB942615)
"KB942763" = Update for Windows XP (KB942763)
"KB943055" = Security Update for Windows XP (KB943055)
"KB943460" = Security Update for Windows XP (KB943460)
"KB943485" = Security Update for Windows XP (KB943485)
"KB944533-IE7" = Security Update for Windows Internet Explorer 7 (KB944533)
"KB944653" = Security Update for Windows XP (KB944653)
"KB945553" = Security Update for Windows XP (KB945553)
"KB946026" = Security Update for Windows XP (KB946026)
"KB946648" = Security Update for Windows XP (KB946648)
"KB947864-IE7" = Hotfix for Windows Internet Explorer 7 (KB947864)
"KB948590" = Security Update for Windows XP (KB948590)
"KB948881" = Security Update for Windows XP (KB948881)
"KB950749" = Security Update for Windows XP (KB950749)
"KB950759-IE7" = Security Update for Windows Internet Explorer 7 (KB950759)
"KB950760" = Security Update for Windows XP (KB950760)
"KB950762" = Security Update for Windows XP (KB950762)
"KB950974" = Security Update for Windows XP (KB950974)
"KB951066" = Security Update for Windows XP (KB951066)
"KB951072-v2" = Update for Windows XP (KB951072-v2)
"KB951376" = Security Update for Windows XP (KB951376)
"KB951376-v2" = Security Update for Windows XP (KB951376-v2)
"KB951698" = Security Update for Windows XP (KB951698)
"KB951748" = Security Update for Windows XP (KB951748)
"KB952287" = Hotfix for Windows XP (KB952287)
"KB952954" = Security Update for Windows XP (KB952954)
"KB953356" = Update for Windows XP (KB953356)
"KB953838-IE7" = Security Update for Windows Internet Explorer 7 (KB953838)
"KB953839" = Security Update for Windows XP (KB953839)
"M928366" = Microsoft .NET Framework 1.1 Hotfix (KB928366)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2005b" = Microsoft Money 2005
"Mozilla Firefox (2.0.0.16)" = Mozilla Firefox (2.0.0.16)
"MP Navigator 3.0" = Canon MP Navigator 3.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Pdf995" = Pdf995 (installed by TaxCut)
"PdfEdit995" = PdfEdit995 (installed by TaxCut)
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"Port Magic" = Pure Networks Port Magic
"PUBLISHERR" = Microsoft Office Publisher 2007 Trial
"Qloud Plug-in for iTunes" = Qloud Plug-in for iTunes
"RealPlayer 6.0" = RealPlayer
"Sallys Spa_is1" = Sallys Spa
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SkillJam SecurePlayer" = Secure Game Player
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"SpywareBlaster_is1" = SpywareBlaster v3.5.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TaxACT 2007" = TaxACT 2007
"TaxCut Premium 2006" = TaxCut Premium 2006
"TI-83 Plus Flash Debugger" = TI-83 Plus Flash Debugger
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WGA" = Windows Genuine Advantage Validation Tool (KB892130)
"WgaNotify" = Windows Genuine Advantage Notifications (KB905474)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========


========== HKEY_USERS Uninstall List ==========


========== HKEY_USERS Uninstall List ==========


========== HKEY_USERS Uninstall List ==========


========== HKEY_USERS Uninstall List ==========


========== HKEY_USERS Uninstall List ==========


========== Last 10 Event Log Errors ==========


[ Application Events ]
Error - 2008-04-16 02:32:23 - Computer Name = YOUR-8A6ABD374C - User Name = User SID not found - Source = Application Error
Description = Faulting application firefox.exe, version 1.8.20080.31114, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 2008-04-21 22:55:23 - Computer Name = YOUR-8A6ABD374C - User Name = User SID not found - Source = Application Error
Description = Faulting application avginet.exe, version 7.5.0.522, faulting module
avgupd.dll, version 7.5.0.515, fault address 0x000459e9.

Error - 2008-04-23 00:00:28 - Computer Name = YOUR-8A6ABD374C - User Name = User SID not found - Source = Application Error
Description = Faulting application avginet.exe, version 7.5.0.522, faulting module
avgupd.dll, version 7.5.0.515, fault address 0x000459e9.

Error - 2008-04-26 02:21:54 - Computer Name = YOUR-8A6ABD374C - User Name = User SID not found - Source = Application Error
Description = Faulting application firefox.exe, version 1.8.20080.40413, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 2008-04-29 01:25:09 - Computer Name = YOUR-8A6ABD374C - User Name = User SID not found - Source = Application Error
Description = Faulting application firefox.exe, version 1.8.20080.40413, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 2008-04-30 02:40:22 - Computer Name = YOUR-8A6ABD374C - User Name = User SID not found - Source = Application Error
Description = Faulting application firefox.exe, version 1.8.20080.40413, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 2008-04-30 02:57:51 - Computer Name = YOUR-8A6ABD374C - User Name = User SID not found - Source = Application Error
Description = Faulting application firefox.exe, version 1.8.20080.40413, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 2008-05-01 02:18:19 - Computer Name = YOUR-8A6ABD374C - User Name = User SID not found - Source = Application Error
Description = Faulting application firefox.exe, version 1.8.20080.40413, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 2008-05-02 02:23:01 - Computer Name = YOUR-8A6ABD374C - User Name = User SID not found - Source = Application Error
Description = Faulting application firefox.exe, version 1.8.20080.40413, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 2008-05-10 20:26:45 - Computer Name = YOUR-8A6ABD374C - User Name = User SID not found - Source = Application Error
Description = Faulting application firefox.exe, version 1.8.20080.40413, faulting
module unknown, version 0.0.0.0, fault address 0x10125b08.


[ Internet Explorer Events ]

[ ODiag Events ]

[ OSession Events ]

[ Security Events ]

[ System Events ]
Error - 2008-08-31 01:20:26 - Computer Name = YOUR-8A6ABD374C - User Name = User SID not found - Source = Disk
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 2008-08-31 01:20:31 - Computer Name = YOUR-8A6ABD374C - User Name = User SID not found - Source = Disk
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 2008-08-31 01:21:11 - Computer Name = YOUR-8A6ABD374C - User Name = User SID not found - Source = Disk
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 2008-08-31 01:21:16 - Computer Name = YOUR-8A6ABD374C - User Name = User SID not found - Source = Disk
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 2008-08-31 01:21:20 - Computer Name = YOUR-8A6ABD374C - User Name = User SID not found - Source = Disk
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 2008-08-31 13:51:31 - Computer Name = YOUR-8A6ABD374C - User Name = User SID not found - Source = Service Control Manager
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the WZCSVC service.

Error - 2008-09-01 02:52:04 - Computer Name = YOUR-8A6ABD374C - User Name = User SID not found - Source = Dhcp
Description = The IP address lease 192.168.1.106 for the Network Card with network
address 0014A55CA538 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 2008-09-01 02:53:10 - Computer Name = YOUR-8A6ABD374C - User Name = User SID not found - Source = Service Control Manager
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%3

Error - 2008-09-01 03:01:39 - Computer Name = YOUR-8A6ABD374C - User Name = User SID not found - Source = Service Control Manager
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%3

Error - 2008-09-01 04:32:01 - Computer Name = YOUR-8A6ABD374C - User Name = User SID not found - Source = ACPIEC
Description = \Device\ACPIEC: The embedded controller (EC) hardware didn't respond
within the timeout period. This may indicate an error in the EC hardware or firmware,
or possibly a poorly designed BIOS which accesses the EC in an unsafe manner.
The EC driver will retry the failed transaction if possible.


< End of report >

OTViewIt logfile created on: 2008-09-01 11:05:27 - Run 1
OTViewIt by OldTimer - Version 1.0.1.7 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

958.23 Mb Total Physical Memory | 337.93 Mb Available Physical Memory | 35.27% Memory free
2.26 Gb Paging File | 1.75 Gb Available in Paging File | 77.58% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 86.31 Gb Total Space | 56.11 Gb Free Space | 65.01% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 4.64 Gb Free Space | 67.93% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-8A6ABD374C
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On

===== Processes - Non-Microsoft Only =====

[02-17-2005 12:51 PM | 00,065,536 | ---- | M] () - C:\WINDOWS\system32\WLTRYSVC.EXE
[10-20-2004 10:40 AM | 00,010,328 | ---- | M] (America Online) - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
[09-06-2007 01:28 PM | 00,110,592 | ---- | M] (Apple, Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[10-15-2004 04:54 PM | 00,046,768 | ---- | M] (America Online Inc) - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
[01-26-2006 12:15 AM | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
[01-04-2007 05:38 PM | 00,024,652 | ---- | M] (Viewpoint Corporation) - C:\Program Files\Viewpoint\Common\ViewpointService.exe
[01-28-2008 11:43 AM | 02,097,488 | RHS- | M] (Safer Networking Limited) - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[07-27-2008 06:21 PM | 07,667,312 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe

===== Win32 Services - Non-Microsoft Only =====

(AOL ACS) AOL Connectivity Service [Auto | Running]
[10-20-2004 10:40 AM | 00,010,328 | ---- | M] (America Online) - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe

(Apple Mobile Device) Apple Mobile Device [Auto | Running]
[09-06-2007 01:28 PM | 00,110,592 | ---- | M] (Apple, Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

(AresChatServer) Ares Chatroom server [On_Demand | Stopped]
[03-19-2007 09:19 PM | 00,263,168 | ---- | M] (Ares Development Group) - C:\Program Files\Ares\chatServer.exe

(PrismXL) PrismXL [Auto | Running]
[01-26-2006 12:15 AM | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

(Viewpoint Manager Service) Viewpoint Manager Service [Auto | Running]
[01-04-2007 05:38 PM | 00,024,652 | ---- | M] (Viewpoint Corporation) - C:\Program Files\Viewpoint\Common\ViewpointService.exe

(wltrysvc) Broadcom Wireless LAN Tray Service [Auto | Running]
[02-17-2005 12:51 PM | 00,065,536 | ---- | M] () - C:\WINDOWS\system32\WLTRYSVC.EXE

===== Driver Services - Non-Microsoft Only =====

(catchme) catchme [On_Demand | Stopped]
File not found - C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys

(CdaD10BA) CdaD10BA [Auto | Running]
[04-09-2007 11:52 AM | 00,012,464 | ---- | M] (Macrovision Europe Ltd) - C:\WINDOWS\system32\drivers\CdaD10BA.SYS

(LMIInfo) LogMeIn Kernel Information Provider [Auto | Stopped]
File not found - C:\Program Files\LogMeIn\x86\RaInfo.sys

(lmimirr) lmimirr [On_Demand | Running]
[04-17-2007 02:00 PM | 00,010,144 | ---- | M] (LogMeIn, Inc.) - C:\WINDOWS\system32\drivers\lmimirr.sys

(LMIRfsDriver) LogMeIn Remote File System Driver [Auto | Running]
[04-05-2007 11:55 AM | 00,046,112 | ---- | M] (LogMeIn, Inc.) - C:\WINDOWS\system32\drivers\LMIRfsDriver.sys

(motmodem) Motorola USB CDC ACM Driver [On_Demand | Stopped]
[02-27-2007 02:31 PM | 00,021,504 | ---- | M] (Motorola) - C:\WINDOWS\system32\drivers\motmodem.sys

(mraid35x) mraid35x [Boot | Running]
[08-17-2001 11:52 PM | 00,017,280 | ---- | M] (American Megatrends Inc.) - C:\WINDOWS\system32\drivers\mraid35x.sys

(mxnic) Macronix MX987xx Family Fast Ethernet NT Driver [On_Demand | Stopped]
[08-17-2001 04:49 PM | 00,019,968 | ---- | M] (Macronix International Co., Ltd. ) - C:\WINDOWS\system32\drivers\mxnic.sys

(Sparrow) Sparrow [Boot | Running]
[08-18-2001 12:07 AM | 00,019,072 | ---- | M] (Adaptec, Inc.) - C:\WINDOWS\system32\drivers\sparrow.sys

(SynTP) Synaptics TouchPad Driver [On_Demand | Running]
[11-04-2004 08:47 PM | 00,185,824 | ---- | M] (Synaptics, Inc.) - C:\WINDOWS\system32\drivers\SynTP.sys

(tcpip_patcher) tcpip_patcher [On_Demand | Stopped]
File not found - C:\Program Files\Ares\tcpip_patcher.sys

(tifm21) tifm21 [On_Demand | Running]
[09-20-2005 12:30 PM | 00,162,432 | ---- | M] (Texas Instruments) - C:\WINDOWS\system32\drivers\tifm21.sys

(yukonwxp) NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller [On_Demand | Running]
[04-18-2005 11:26 AM | 00,230,912 | ---- | M] (Marvell) - C:\WINDOWS\system32\drivers\yk51x86.sys

========== Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher" = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01-11-2008 10:16 PM | 00,039,792 | ---- | M] (Adobe Systems Incorporated)
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [02-19-2008 01:10 PM | 00,267,048 | ---- | M] (Apple Inc.)
"NeroFilterCheck" = C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [03-01-2007 03:57 PM | 00,153,136 | ---- | M] (Nero AG)
"QuickTime Task" = "C:\Program Files\QuickTime\QTTask.exe" -atboottime [01-31-2008 11:13 PM | 00,385,024 | ---- | M] (Apple Inc.)
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02-22-2008 04:25 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
"TkBellExe" = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [09-13-2007 08:38 AM | 00,185,632 | ---- | M] (RealNetworks, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6" = File not found
"SpybotSD TeaTimer" = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [01-28-2008 11:43 AM | 02,097,488 | RHS- | M] (Safer Networking Limited)
"Yahoo! Pager" = "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet [10-24-2006 05:10 PM | 04,662,776 | ---- | M] (Yahoo! Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run" = C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE [10-27-2007 10:33 AM | 00,219,136 | ---- | M] (GRISOFT, s.r.o.)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run" = C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE [10-27-2007 10:33 AM | 00,219,136 | ---- | M] (GRISOFT, s.r.o.)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run" = C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE [10-27-2007 10:33 AM | 00,219,136 | ---- | M] (GRISOFT, s.r.o.)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run" = C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE [10-27-2007 10:33 AM | 00,219,136 | ---- | M] (GRISOFT, s.r.o.)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-21-3826750774-660193737-3788400546-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6" = File not found
"SpybotSD TeaTimer" = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [01-28-2008 11:43 AM | 02,097,488 | RHS- | M] (Safer Networking Limited)
"Yahoo! Pager" = "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet [10-24-2006 05:10 PM | 04,662,776 | ---- | M] (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-3826750774-660193737-3788400546-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

========== Startup Folders ==========

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]

[Default User Startup Folder - C:\Documents and Settings\Default User\Start Menu\Programs\Startup]

[Owner Startup Folder - C:\Documents and Settings\Owner\Start Menu\Programs\Startup]

========== BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
HKLM CLSID: (Yahoo! Toolbar Helper) - [10-26-2006 10:28 AM | 00,440,384 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (Adobe PDF Reader Link Helper) - [10-22-2006 11:08 PM | 00,062,080 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
HKLM CLSID: (Spybot-S&D IE Protection) - [01-28-2008 11:43 AM | 01,554,256 | ---- | M] (Safer Networking Limited) C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
HKLM CLSID: (EWPBrowseObject Class) - [04-18-2006 08:04 PM | 00,034,304 | ---- | M] () C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [02-22-2008 04:25 AM | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
HKLM CLSID: (Google Toolbar Notifier BHO) - [08-09-2007 02:30 PM | 00,654,832 | ---- | M] (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

========== Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{327C2873-E90D-4c37-AA9D-10AC9BABA46C}"
HKLM CLSID: (Easy-WebPrint) - [04-18-2006 08:05 PM | 00,552,960 | ---- | M] () C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - [10-26-2006 10:28 AM | 00,440,384 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - [10-26-2006 10:28 AM | 00,440,384 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_USERS\S-1-5-21-3826750774-660193737-3788400546-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - [10-26-2006 10:28 AM | 00,440,384 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

========== AppInit_Dlls ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls]
"C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL" - [07-24-2007 02:12 PM | 00,145,408 | ---- | M] (Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll

========== SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Engepkey" = {EFE8EC3F-005E-4EB9-A93A-A03D845AA533}
HKLM CLSID: (loguhmad) - File not found C:\WINDOWS\system32\reguvui.dll

========== HKLM Security Providers ==========

========== HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [06-13-2007 06:23 AM | 01,033,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [08-04-2004 03:00 PM | 00,024,576 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [08-04-2004 03:00 PM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [10-25-2007 11:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [08-04-2004 03:00 PM | 00,298,496 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

========== User's Winlogon Settings ==========

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DllName" = C:\WINDOWS\system32\ati2evxx.dll [04-28-2005 10:32 AM | 00,046,080 | ---- | M] (ATI Technologies Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
"DllName" = C:\WINDOWS\system32\LMIinit.dll [05-25-2007 03:22 PM | 00,063,040 | ---- | M] (LogMeIn, Inc.)

========== Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 36
"_NoDriveTypeAutoRun" = 145
"NoDriveAutoRun" = FF FF FF FF [binary data]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
"CDRAutoRun" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
"CDRAutoRun" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-21-3826750774-660193737-3788400546-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 36
"_NoDriveTypeAutoRun" = 145
"NoDriveAutoRun" = FF FF FF FF [binary data]

[HKEY_USERS\S-1-5-21-3826750774-660193737-3788400546-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]

[HKEY_USERS\S-1-5-21-3826750774-660193737-3788400546-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

========== Lsa Authentication Packages ==========

========== Lsa Security Packages ==========

========== Desktop Components ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = "My Current Home Page"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"

========== Safeboot Options ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

========== Disabled MsConfig Items ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk File not found
"backup" = C:\WINDOWS\pss\Adobe Gamma Loader.lnk File not found
"location" = Common Startup
"command" = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [11-04-1999 05:06 PM | 00,113,664 | ---- | M] (Adobe Systems, Inc.)
"item" = Adobe Gamma Loader

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk File not found
"backup" = C:\WINDOWS\pss\Adobe Reader Speed Launch.lnk File not found
"location" = Common Startup
"command" = C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE File not found
"item" = Adobe Reader Speed Launch

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk]
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk File not found
"backup" = C:\WINDOWS\pss\Audible Download Manager.lnk File not found
"location" = Common Startup
"command" = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe [05-15-2007 02:56 PM | 00,845,408 | ---- | M] (Audible, Inc.)
"item" = Audible Download Manager

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk File not found
"backup" = C:\WINDOWS\pss\BigFix.lnk File not found
"location" = Common Startup
"command" = C:\Program Files\BigFix\bigfix.exe [11-16-2006 04:04 PM | 02,348,584 | ---- | M] (BigFix Inc.)
"item" = BigFix

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk File not found
"backup" = C:\WINDOWS\pss\Bluetooth.lnk File not found
"location" = Common Startup
"command" = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [07-22-2005 05:50 PM | 00,577,597 | ---- | M] (Broadcom Corporation.)
"item" = Bluetooth

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk File not found
"backup" = C:\WINDOWS\pss\Google Updater.lnk File not found
"location" = Common Startup
"command" = C:\Program Files\Google\Google Updater\GoogleUpdater.exe [08-09-2007 02:30 PM | 00,124,912 | ---- | M] (Google)
"item" = Google Updater

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk File not found
"backup" = C:\WINDOWS\pss\HP Digital Imaging Monitor.lnk File not found
"location" = Common Startup
"command" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [05-11-2005 11:23 PM | 00,282,624 | ---- | M] (Hewlett-Packard Co.)
"item" = HP Digital Imaging Monitor

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^DotColor.lnk]
"path" = C:\Documents and Settings\Owner\Start Menu\Programs\Startup\DotColor.lnk File not found
"backup" = C:\WINDOWS\pss\DotColor.lnk File not found
"location" = Startup
"command" = C:\PROGRA~1\DotColor\DotColor.exe File not found
"item" = DotColor

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AIM]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = aim
"hkey" = HKCU
"command" = C:\Program Files\AIM\aim.exe -cnetwait.odl File not found
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Aim6]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = aim6
"hkey" = HKCU
"command" = C:\Program Files\AIM6\aim6.exe [10-04-2007 11:20 AM | 00,050,528 | ---- | M] (AOL LLC)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AOL Spyware Protection]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = AOLSP Scheduler
"hkey" = HKLM
"command" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe [10-18-2004 09:42 PM | 00,079,448 | ---- | M] ()
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ATIPTA]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = atiptaxx
"hkey" = HKLM
"command" = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [04-29-2005 01:05 AM | 00,344,064 | ---- | M] (ATI Technologies, Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AVG7_CC]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = avgcc
"hkey" = HKLM
"command" = C:\Program Files\Grisoft\AVG7\avgcc.exe [04-16-2008 08:16 AM | 00,579,584 | ---- | M] (GRISOFT, s.r.o.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = NMBgMonitor
"hkey" = HKCU
"command" = C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [06-27-2007 07:03 PM | 00,152,872 | ---- | M] (Nero AG)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Broadcom Wireless Manager UI]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = C:\WINDOWS\system32\WLTRAY.EXE [02-17-2005 12:51 PM | 00,667,756 | ---- | M] (Broadcom Corporation)
"hkey" = HKLM
"command" = C:\WINDOWS\system32\WLTRAY.EXE [02-17-2005 12:51 PM | 00,667,756 | ---- | M] (Broadcom Corporation)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonMyPrinter]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = BJMyPrt
"hkey" = HKLM
"command" = C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [03-21-2006 09:30 PM | 01,191,936 | ---- | M] (CANON INC.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ctfmon.exe]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = C:\WINDOWS\system32\ctfmon.exe [08-04-2004 03:00 PM | 00,015,360 | ---- | M] (Microsoft Corporation)
"hkey" = HKCU
"command" = C:\WINDOWS\system32\ctfmon.exe [08-04-2004 03:00 PM | 00,015,360 | ---- | M] (Microsoft Corporation)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Desktop Search]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = GoogleDesktop
"hkey" = HKLM
"command" = C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [07-24-2007 02:12 PM | 01,836,544 | ---- | M] (Google)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HostManager]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = AOLSoftware
"hkey" = HKLM
"command" = C:\Program Files\Common Files\AOL\1138249094\EE\aolsoftware.exe [05-09-2006 08:24 PM | 00,050,760 | ---- | M] (America Online, Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = HPWuSchd2
"hkey" = HKLM
"command" = C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [05-11-2005 11:12 PM | 00,049,152 | ---- | M] (Hewlett-Packard Co.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = iTunesHelper
"hkey" = HKLM
"command" = C:\Program Files\iTunes\iTunesHelper.exe [02-19-2008 01:10 PM | 00,267,048 | ---- | M] (Apple Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MCAgentExe]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = mcagent
"hkey" = HKLM
"command" = c:\PROGRA~1\mcafee.com\agent\mcagent.exe File not found
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MCUpdateExe]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = mcupdate
"hkey" = HKLM
"command" = C:\PROGRA~1\mcafee.com\agent\mcupdate.exe File not found
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MPFExe]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = MpfTray
"hkey" = HKLM
"command" = C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe File not found
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSKAGENTEXE]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = MskAgent
"hkey" = HKLM
"command" = C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe File not found
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSKDetectorExe]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = MSKDetct
"hkey" = HKLM
"command" = C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe File not found
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = msmsgs
"hkey" = HKCU
"command" = C:\Program Files\Messenger\msmsgs.exe [10-13-2004 12:24 PM | 01,694,208 | ---- | M] (Microsoft Corporation)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = NeroCheck
"hkey" = HKLM
"command" = C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [03-01-2007 03:57 PM | 00,153,136 | ---- | M] (Nero AG)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OASClnt]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = oasclnt
"hkey" = HKLM
"command" = C:\Program Files\McAfee.com\VSO\oasclnt.exe File not found
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OpwareSE4]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = OpwareSE4
"hkey" = HKLM
"command" = C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe [03-21-2006 02:19 PM | 00,069,632 | ---- | M] (ScanSoft, Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = qttask
"hkey" = HKLM
"command" = C:\Program Files\QuickTime\QTTask.exe [01-31-2008 11:13 PM | 00,385,024 | ---- | M] (Apple Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Recguard]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = RECGUARD
"hkey" = HKLM
"command" = C:\WINDOWS\SMINST\Recguard.exe [09-14-2002 03:42 AM | 00,212,992 | ---- | M] ()
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\REGSHAVE]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = REGSHAVE
"hkey" = HKLM
"command" = C:\Program Files\REGSHAVE\REGSHAVE.EXE [02-04-2002 11:32 PM | 00,053,248 | ---- | M] (FUJI PHOTO FILM CO., LTD.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Reminder]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = Remind_XP
"hkey" = HKLM
"command" = C:\WINDOWS\creator\remind_xp.exe [02-25-2005 04:24 AM | 00,966,656 | ---- | M] (SoftThinks)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = PDVDServ
"hkey" = HKLM
"command" = C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [11-03-2004 12:24 AM | 00,032,768 | ---- | M] (Cyberlink Corp.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SSBkgdUpdate]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = SSBkgdupdate
"hkey" = HKLM
"command" = C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [09-30-2003 01:14 AM | 00,155,648 | R--- | M] (Scansoft, Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SynTPEnh]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = SynTPEnh
"hkey" = HKLM
"command" = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [11-04-2004 08:47 PM | 00,688,218 | ---- | M] (Synaptics, Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SynTPLpr]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = SynTPLpr
"hkey" = HKLM
"command" = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [11-04-2004 08:47 PM | 00,098,394 | ---- | M] (Synaptics, Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = realsched
"hkey" = HKLM
"command" = C:\Program Files\Common Files\Real\Update_OB\realsched.exe [09-13-2007 08:38 AM | 00,185,632 | ---- | M] (RealNetworks, Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VirusScan Online]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = mcvsshld
"hkey" = HKLM
"command" = C:\Program Files\McAfee.com\VSO\mcvsshld.exe File not found
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VSOCheckTask]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = mcmnhdlr
"hkey" = HKLM
"command" = C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe File not found
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Pager]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = YAHOOM~1
"hkey" = HKCU
"command" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [10-24-2006 05:10 PM | 04,662,776 | ---- | M] (Yahoo! Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini" = 0
"win.ini" = 0
"bootini" = 0
"services" = 0
"startup" = 2

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT [SET TI83PLUSDIR=C:\PROGRA~1\TIEDUC~1\TI-83P~1 | ]
[03-06-2007 07:46 PM | 00,000,047 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]

========== MountPoints2 ==========

========== DNS Name Servers ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{1DDED80E-36ED-4E30-BF7B-5AAA010D3CDD}]
Servers: | Description: Broadcom 802.11g Network Adapter

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{2585B937-B7A7-4F9B-B1EF-72BF6831B08B}]
Servers: | Description:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{A1E49B95-0D5D-437D-92AB-0C010DB73F41}]
Servers: | Description: Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{A3FFD6A0-1AA8-49C4-8E29-D1415B855790}]
Servers: | Description: 1394 Net Adapter

========== Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost



========== Files/Folders - Created Within 30 days ==========

[08-19-2008 03:06 PM | 00,000,244 | -H-- | C] () - C:\sqmnoopt01.sqm
[08-19-2008 03:06 PM | 00,000,268 | -H-- | C] () - C:\sqmdata01.sqm
[6 C:\WINDOWS\System32\*.tmp files]
[08-28-2008 04:13 PM | ---D | C] - C:\WINDOWS\System32\CatRoot_bak
[08-30-2008 10:04 AM | ---D | C] - C:\WINDOWS\EHome
[08-17-2008 01:42 PM | 00,000,162 | -H-- | C] () - C:\Documents and Settings\Owner\My Documents\~$hoo map.doc
[2 C:\Documents and Settings\Owner\Desktop\*.tmp files]
[08-22-2008 10:03 PM | 00,024,576 | ---- | C] () - C:\Documents and Settings\Owner\Desktop\Memories.doc
[08-25-2008 08:51 PM | 17,902,712 | ---- | C] (W3i, LLC) - C:\Documents and Settings\Owner\Desktop\playtoadgeneralFree.exe
[08-29-2008 08:05 PM | ---D | C] - C:\Documents and Settings\Owner\Desktop\Gabriel Kenneth
[08-30-2008 11:16 AM | 00,000,706 | ---- | C] () - C:\Documents and Settings\Owner\Desktop\Shortcut to HijackThis.lnk
[08-27-2008 04:47 PM | ---D | C] - C:\Program Files\Gamevance

========== Files - Modified Within 30 days ==========

[08-19-2008 03:06 PM | 00,000,244 | -H-- | M] () - C:\sqmnoopt01.sqm
[08-19-2008 03:06 PM | 00,000,268 | -H-- | M] () - C:\sqmdata01.sqm
[08-31-2008 10:59 PM | 10,048,51200 | -HS- | M] () - C:\hiberfil.sys
[6 C:\WINDOWS\System32\*.tmp files]
[08-18-2008 04:02 PM | 00,054,010 | ---- | M] () - C:\WINDOWS\System32\perfc009.dat
[08-18-2008 04:02 PM | 00,383,822 | ---- | M] () - C:\WINDOWS\System32\perfh009.dat
[08-18-2008 04:02 PM | 00,443,380 | ---- | M] () - C:\WINDOWS\System32\PerfStringBackup.INI
[08-31-2008 11:02 PM | 00,001,170 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[08-17-2008 03:49 PM | 00,000,116 | ---- | M] () - C:\WINDOWS\NeroDigital.ini
[08-30-2008 10:11 AM | 00,000,864 | ---- | M] () - C:\WINDOWS\win.ini
[08-31-2008 10:59 PM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[08-26-2008 08:37 PM | 00,000,284 | ---- | M] () - C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[08-31-2008 11:00 PM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[08-31-2008 11:03 PM | 00,000,330 | -H-- | M] () - C:\WINDOWS\tasks\MP Scheduled Scan.job
[08-31-2008 11:08 PM | 00,000,422 | -H-- | M] () - C:\WINDOWS\tasks\User_Feed_Synchronization-{78A2C800-3087-4B74-8AE7-36CBA37B3BB5}.job
[08-17-2008 01:42 PM | 00,000,162 | -H-- | M] () - C:\Documents and Settings\Owner\My Documents\~$hoo map.doc
[08-27-2008 04:50 PM | 00,001,001 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Toontown Online.lnk
[2 C:\Documents and Settings\Owner\Desktop\*.tmp files]
[08-22-2008 10:03 PM | 00,024,576 | ---- | M] () - C:\Documents and Settings\Owner\Desktop\Memories.doc
[08-25-2008 08:58 PM | 17,902,712 | ---- | M] (W3i, LLC) - C:\Documents and Settings\Owner\Desktop\playtoadgeneralFree.exe
[08-30-2008 11:16 AM | 00,000,706 | ---- | M] () - C:\Documents and Settings\Owner\Desktop\Shortcut to HijackThis.lnk

< End of report >


Thanks, Penny
Perkypen
Regular Member
 
Posts: 180
Joined: February 9th, 2005, 12:07 pm
Location: Catawba, NC

Re: Computer running slowly, don't know why.

Unread postby Shaba » September 1st, 2008, 12:44 pm

Have you uninstalled McAfee?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Computer running slowly, don't know why.

Unread postby Perkypen » September 1st, 2008, 4:08 pm

McAfee may have come preinstalled in the laptop but I have never used it. I use AVG. Is McAfee running on my laptop?

Penny
Perkypen
Regular Member
 
Posts: 180
Joined: February 9th, 2005, 12:07 pm
Location: Catawba, NC

Re: Computer running slowly, don't know why.

Unread postby Shaba » September 2nd, 2008, 8:18 am

No but there are some leftovers.

Go to Start > Run
Type regedit and click OK.

  • On the leftside, click to highlight My Computer at the top.
  • Go up to "File > Export"
    • Make sure in that window there is a tick next to "All" under Export Branch.
    • Leave the "Save As Type" as "Registration Files".
    • Under "Filename" put backup
  • Choose to save it to C:\ or in somewhere else safe location so that you will remember where you put it (don't put it on the Desktop!)
  • Click Save and then go to File > Exit.

Open Notepad and copy the contents of the following box to a new file.

Code: Select all
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MCAgentExe]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MCUpdateExe]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MPFExe]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSKAGENTEXE]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSKDetectorExe]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VirusScan Online]
 


Save it as fix.reg (save type: "All files" (*.*)) to your desktop.

It should look like this -> Image

Go to Desktop, double-click fix.reg and merge the infomation with the registry.

Reboot.

Re-run otviewit.

Post a fresh otviewit log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Computer running slowly, don't know why.

Unread postby Perkypen » September 2nd, 2008, 7:26 pm

OTViewIt logfile created on: 2008-09-02 19:20:40 - Run 2
OTViewIt by OldTimer - Version 1.0.1.7 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

958.23 Mb Total Physical Memory | 413.37 Mb Available Physical Memory | 43.14% Memory free
2.26 Gb Paging File | 1.82 Gb Available in Paging File | 80.43% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 86.31 Gb Total Space | 55.94 Gb Free Space | 64.81% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 4.64 Gb Free Space | 67.93% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 976.13 Mb Total Space | 414.52 Mb Free Space | 42.47% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-8A6ABD374C
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On

===== Processes - Non-Microsoft Only =====

[02-17-2005 12:51 PM | 00,065,536 | ---- | M] () - C:\WINDOWS\system32\WLTRYSVC.EXE
[10-20-2004 10:40 AM | 00,010,328 | ---- | M] (America Online) - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
[10-15-2004 04:54 PM | 00,046,768 | ---- | M] (America Online Inc) - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
[09-06-2007 01:28 PM | 00,110,592 | ---- | M] (Apple, Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[01-26-2006 12:15 AM | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
[01-04-2007 05:38 PM | 00,024,652 | ---- | M] (Viewpoint Corporation) - C:\Program Files\Viewpoint\Common\ViewpointService.exe
[01-28-2008 11:43 AM | 02,097,488 | RHS- | M] (Safer Networking Limited) - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[07-27-2008 06:21 PM | 07,667,312 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe

===== Win32 Services - Non-Microsoft Only =====

(AOL ACS) AOL Connectivity Service [Auto | Running]
[10-20-2004 10:40 AM | 00,010,328 | ---- | M] (America Online) - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe

(Apple Mobile Device) Apple Mobile Device [Auto | Running]
[09-06-2007 01:28 PM | 00,110,592 | ---- | M] (Apple, Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

(AresChatServer) Ares Chatroom server [On_Demand | Stopped]
[03-19-2007 09:19 PM | 00,263,168 | ---- | M] (Ares Development Group) - C:\Program Files\Ares\chatServer.exe

(PrismXL) PrismXL [Auto | Running]
[01-26-2006 12:15 AM | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

(Viewpoint Manager Service) Viewpoint Manager Service [Auto | Running]
[01-04-2007 05:38 PM | 00,024,652 | ---- | M] (Viewpoint Corporation) - C:\Program Files\Viewpoint\Common\ViewpointService.exe

(wltrysvc) Broadcom Wireless LAN Tray Service [Auto | Running]
[02-17-2005 12:51 PM | 00,065,536 | ---- | M] () - C:\WINDOWS\system32\WLTRYSVC.EXE

===== Driver Services - Non-Microsoft Only =====

(catchme) catchme [On_Demand | Stopped]
File not found - C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys

(CdaD10BA) CdaD10BA [Auto | Running]
[04-09-2007 11:52 AM | 00,012,464 | ---- | M] (Macrovision Europe Ltd) - C:\WINDOWS\system32\drivers\CdaD10BA.SYS

(LMIInfo) LogMeIn Kernel Information Provider [Auto | Stopped]
File not found - C:\Program Files\LogMeIn\x86\RaInfo.sys

(lmimirr) lmimirr [On_Demand | Running]
[04-17-2007 02:00 PM | 00,010,144 | ---- | M] (LogMeIn, Inc.) - C:\WINDOWS\system32\drivers\lmimirr.sys

(LMIRfsDriver) LogMeIn Remote File System Driver [Auto | Running]
[04-05-2007 11:55 AM | 00,046,112 | ---- | M] (LogMeIn, Inc.) - C:\WINDOWS\system32\drivers\LMIRfsDriver.sys

(motmodem) Motorola USB CDC ACM Driver [On_Demand | Stopped]
[02-27-2007 02:31 PM | 00,021,504 | ---- | M] (Motorola) - C:\WINDOWS\system32\drivers\motmodem.sys

(mraid35x) mraid35x [Boot | Running]
[08-17-2001 11:52 PM | 00,017,280 | ---- | M] (American Megatrends Inc.) - C:\WINDOWS\system32\drivers\mraid35x.sys

(mxnic) Macronix MX987xx Family Fast Ethernet NT Driver [On_Demand | Stopped]
[08-17-2001 04:49 PM | 00,019,968 | ---- | M] (Macronix International Co., Ltd. ) - C:\WINDOWS\system32\drivers\mxnic.sys

(Sparrow) Sparrow [Boot | Running]
[08-18-2001 12:07 AM | 00,019,072 | ---- | M] (Adaptec, Inc.) - C:\WINDOWS\system32\drivers\sparrow.sys

(SynTP) Synaptics TouchPad Driver [On_Demand | Running]
[11-04-2004 08:47 PM | 00,185,824 | ---- | M] (Synaptics, Inc.) - C:\WINDOWS\system32\drivers\SynTP.sys

(tcpip_patcher) tcpip_patcher [On_Demand | Stopped]
File not found - C:\Program Files\Ares\tcpip_patcher.sys

(tifm21) tifm21 [On_Demand | Running]
[09-20-2005 12:30 PM | 00,162,432 | ---- | M] (Texas Instruments) - C:\WINDOWS\system32\drivers\tifm21.sys

(yukonwxp) NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller [On_Demand | Running]
[04-18-2005 11:26 AM | 00,230,912 | ---- | M] (Marvell) - C:\WINDOWS\system32\drivers\yk51x86.sys

========== Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher" = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01-11-2008 10:16 PM | 00,039,792 | ---- | M] (Adobe Systems Incorporated)
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [02-19-2008 01:10 PM | 00,267,048 | ---- | M] (Apple Inc.)
"NeroFilterCheck" = C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [03-01-2007 03:57 PM | 00,153,136 | ---- | M] (Nero AG)
"QuickTime Task" = "C:\Program Files\QuickTime\QTTask.exe" -atboottime [01-31-2008 11:13 PM | 00,385,024 | ---- | M] (Apple Inc.)
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02-22-2008 04:25 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
"TkBellExe" = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [09-13-2007 08:38 AM | 00,185,632 | ---- | M] (RealNetworks, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6" = File not found
"SpybotSD TeaTimer" = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [01-28-2008 11:43 AM | 02,097,488 | RHS- | M] (Safer Networking Limited)
"Yahoo! Pager" = "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet [10-24-2006 05:10 PM | 04,662,776 | ---- | M] (Yahoo! Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run" = C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE [10-27-2007 10:33 AM | 00,219,136 | ---- | M] (GRISOFT, s.r.o.)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run" = C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE [10-27-2007 10:33 AM | 00,219,136 | ---- | M] (GRISOFT, s.r.o.)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run" = C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE [10-27-2007 10:33 AM | 00,219,136 | ---- | M] (GRISOFT, s.r.o.)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run" = C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE [10-27-2007 10:33 AM | 00,219,136 | ---- | M] (GRISOFT, s.r.o.)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-21-3826750774-660193737-3788400546-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6" = File not found
"SpybotSD TeaTimer" = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [01-28-2008 11:43 AM | 02,097,488 | RHS- | M] (Safer Networking Limited)
"Yahoo! Pager" = "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet [10-24-2006 05:10 PM | 04,662,776 | ---- | M] (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-3826750774-660193737-3788400546-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

========== Startup Folders ==========

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]

[Default User Startup Folder - C:\Documents and Settings\Default User\Start Menu\Programs\Startup]

[Owner Startup Folder - C:\Documents and Settings\Owner\Start Menu\Programs\Startup]

========== BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
HKLM CLSID: (Yahoo! Toolbar Helper) - [10-26-2006 10:28 AM | 00,440,384 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (Adobe PDF Reader Link Helper) - [10-22-2006 11:08 PM | 00,062,080 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
HKLM CLSID: (Spybot-S&D IE Protection) - [01-28-2008 11:43 AM | 01,554,256 | ---- | M] (Safer Networking Limited) C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
HKLM CLSID: (EWPBrowseObject Class) - [04-18-2006 08:04 PM | 00,034,304 | ---- | M] () C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [02-22-2008 04:25 AM | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
HKLM CLSID: (Google Toolbar Notifier BHO) - [08-09-2007 02:30 PM | 00,654,832 | ---- | M] (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

========== Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{327C2873-E90D-4c37-AA9D-10AC9BABA46C}"
HKLM CLSID: (Easy-WebPrint) - [04-18-2006 08:05 PM | 00,552,960 | ---- | M] () C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - [10-26-2006 10:28 AM | 00,440,384 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - [10-26-2006 10:28 AM | 00,440,384 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_USERS\S-1-5-21-3826750774-660193737-3788400546-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - [10-26-2006 10:28 AM | 00,440,384 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

========== AppInit_Dlls ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls]
"C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL" - [07-24-2007 02:12 PM | 00,145,408 | ---- | M] (Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll

========== SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Engepkey" = {EFE8EC3F-005E-4EB9-A93A-A03D845AA533}
HKLM CLSID: (loguhmad) - File not found C:\WINDOWS\system32\reguvui.dll

========== HKLM Security Providers ==========

========== HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [06-13-2007 06:23 AM | 01,033,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [08-04-2004 03:00 PM | 00,024,576 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [08-04-2004 03:00 PM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [10-25-2007 11:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [08-04-2004 03:00 PM | 00,298,496 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

========== User's Winlogon Settings ==========

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DllName" = C:\WINDOWS\system32\ati2evxx.dll [04-28-2005 10:32 AM | 00,046,080 | ---- | M] (ATI Technologies Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
"DllName" = C:\WINDOWS\system32\LMIinit.dll [05-25-2007 03:22 PM | 00,063,040 | ---- | M] (LogMeIn, Inc.)

========== Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 36
"_NoDriveTypeAutoRun" = 145
"NoDriveAutoRun" = FF FF FF FF [binary data]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
"CDRAutoRun" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
"CDRAutoRun" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-21-3826750774-660193737-3788400546-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 36
"_NoDriveTypeAutoRun" = 145
"NoDriveAutoRun" = FF FF FF FF [binary data]

[HKEY_USERS\S-1-5-21-3826750774-660193737-3788400546-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]

[HKEY_USERS\S-1-5-21-3826750774-660193737-3788400546-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

========== Lsa Authentication Packages ==========

========== Lsa Security Packages ==========

========== Desktop Components ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = "My Current Home Page"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"

========== Safeboot Options ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

========== Disabled MsConfig Items ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk File not found
"backup" = C:\WINDOWS\pss\Adobe Gamma Loader.lnk File not found
"location" = Common Startup
"command" = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [11-04-1999 05:06 PM | 00,113,664 | ---- | M] (Adobe Systems, Inc.)
"item" = Adobe Gamma Loader

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk File not found
"backup" = C:\WINDOWS\pss\Adobe Reader Speed Launch.lnk File not found
"location" = Common Startup
"command" = C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE File not found
"item" = Adobe Reader Speed Launch

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk]
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk File not found
"backup" = C:\WINDOWS\pss\Audible Download Manager.lnk File not found
"location" = Common Startup
"command" = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe [05-15-2007 02:56 PM | 00,845,408 | ---- | M] (Audible, Inc.)
"item" = Audible Download Manager

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk File not found
"backup" = C:\WINDOWS\pss\BigFix.lnk File not found
"location" = Common Startup
"command" = C:\Program Files\BigFix\bigfix.exe [11-16-2006 04:04 PM | 02,348,584 | ---- | M] (BigFix Inc.)
"item" = BigFix

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk File not found
"backup" = C:\WINDOWS\pss\Bluetooth.lnk File not found
"location" = Common Startup
"command" = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [07-22-2005 05:50 PM | 00,577,597 | ---- | M] (Broadcom Corporation.)
"item" = Bluetooth

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk File not found
"backup" = C:\WINDOWS\pss\Google Updater.lnk File not found
"location" = Common Startup
"command" = C:\Program Files\Google\Google Updater\GoogleUpdater.exe [08-09-2007 02:30 PM | 00,124,912 | ---- | M] (Google)
"item" = Google Updater

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk File not found
"backup" = C:\WINDOWS\pss\HP Digital Imaging Monitor.lnk File not found
"location" = Common Startup
"command" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [05-11-2005 11:23 PM | 00,282,624 | ---- | M] (Hewlett-Packard Co.)
"item" = HP Digital Imaging Monitor

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^DotColor.lnk]
"path" = C:\Documents and Settings\Owner\Start Menu\Programs\Startup\DotColor.lnk File not found
"backup" = C:\WINDOWS\pss\DotColor.lnk File not found
"location" = Startup
"command" = C:\PROGRA~1\DotColor\DotColor.exe File not found
"item" = DotColor

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AIM]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = aim
"hkey" = HKCU
"command" = C:\Program Files\AIM\aim.exe -cnetwait.odl File not found
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Aim6]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = aim6
"hkey" = HKCU
"command" = C:\Program Files\AIM6\aim6.exe [10-04-2007 11:20 AM | 00,050,528 | ---- | M] (AOL LLC)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AOL Spyware Protection]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = AOLSP Scheduler
"hkey" = HKLM
"command" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe [10-18-2004 09:42 PM | 00,079,448 | ---- | M] ()
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ATIPTA]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = atiptaxx
"hkey" = HKLM
"command" = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [04-29-2005 01:05 AM | 00,344,064 | ---- | M] (ATI Technologies, Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AVG7_CC]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = avgcc
"hkey" = HKLM
"command" = C:\Program Files\Grisoft\AVG7\avgcc.exe [04-16-2008 08:16 AM | 00,579,584 | ---- | M] (GRISOFT, s.r.o.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = NMBgMonitor
"hkey" = HKCU
"command" = C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [06-27-2007 07:03 PM | 00,152,872 | ---- | M] (Nero AG)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Broadcom Wireless Manager UI]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = C:\WINDOWS\system32\WLTRAY.EXE [02-17-2005 12:51 PM | 00,667,756 | ---- | M] (Broadcom Corporation)
"hkey" = HKLM
"command" = C:\WINDOWS\system32\WLTRAY.EXE [02-17-2005 12:51 PM | 00,667,756 | ---- | M] (Broadcom Corporation)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonMyPrinter]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = BJMyPrt
"hkey" = HKLM
"command" = C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [03-21-2006 09:30 PM | 01,191,936 | ---- | M] (CANON INC.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ctfmon.exe]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = C:\WINDOWS\system32\ctfmon.exe [08-04-2004 03:00 PM | 00,015,360 | ---- | M] (Microsoft Corporation)
"hkey" = HKCU
"command" = C:\WINDOWS\system32\ctfmon.exe [08-04-2004 03:00 PM | 00,015,360 | ---- | M] (Microsoft Corporation)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Desktop Search]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = GoogleDesktop
"hkey" = HKLM
"command" = C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [07-24-2007 02:12 PM | 01,836,544 | ---- | M] (Google)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HostManager]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = AOLSoftware
"hkey" = HKLM
"command" = C:\Program Files\Common Files\AOL\1138249094\EE\aolsoftware.exe [05-09-2006 08:24 PM | 00,050,760 | ---- | M] (America Online, Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = HPWuSchd2
"hkey" = HKLM
"command" = C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [05-11-2005 11:12 PM | 00,049,152 | ---- | M] (Hewlett-Packard Co.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = iTunesHelper
"hkey" = HKLM
"command" = C:\Program Files\iTunes\iTunesHelper.exe [02-19-2008 01:10 PM | 00,267,048 | ---- | M] (Apple Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = msmsgs
"hkey" = HKCU
"command" = C:\Program Files\Messenger\msmsgs.exe [10-13-2004 12:24 PM | 01,694,208 | ---- | M] (Microsoft Corporation)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = NeroCheck
"hkey" = HKLM
"command" = C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [03-01-2007 03:57 PM | 00,153,136 | ---- | M] (Nero AG)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OASClnt]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = oasclnt
"hkey" = HKLM
"command" = C:\Program Files\McAfee.com\VSO\oasclnt.exe File not found
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OpwareSE4]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = OpwareSE4
"hkey" = HKLM
"command" = C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe [03-21-2006 02:19 PM | 00,069,632 | ---- | M] (ScanSoft, Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = qttask
"hkey" = HKLM
"command" = C:\Program Files\QuickTime\QTTask.exe [01-31-2008 11:13 PM | 00,385,024 | ---- | M] (Apple Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Recguard]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = RECGUARD
"hkey" = HKLM
"command" = C:\WINDOWS\SMINST\Recguard.exe [09-14-2002 03:42 AM | 00,212,992 | ---- | M] ()
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\REGSHAVE]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = REGSHAVE
"hkey" = HKLM
"command" = C:\Program Files\REGSHAVE\REGSHAVE.EXE [02-04-2002 11:32 PM | 00,053,248 | ---- | M] (FUJI PHOTO FILM CO., LTD.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Reminder]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = Remind_XP
"hkey" = HKLM
"command" = C:\WINDOWS\creator\remind_xp.exe [02-25-2005 04:24 AM | 00,966,656 | ---- | M] (SoftThinks)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = PDVDServ
"hkey" = HKLM
"command" = C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [11-03-2004 12:24 AM | 00,032,768 | ---- | M] (Cyberlink Corp.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SSBkgdUpdate]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = SSBkgdupdate
"hkey" = HKLM
"command" = C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [09-30-2003 01:14 AM | 00,155,648 | R--- | M] (Scansoft, Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SynTPEnh]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = SynTPEnh
"hkey" = HKLM
"command" = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [11-04-2004 08:47 PM | 00,688,218 | ---- | M] (Synaptics, Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SynTPLpr]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = SynTPLpr
"hkey" = HKLM
"command" = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [11-04-2004 08:47 PM | 00,098,394 | ---- | M] (Synaptics, Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = realsched
"hkey" = HKLM
"command" = C:\Program Files\Common Files\Real\Update_OB\realsched.exe [09-13-2007 08:38 AM | 00,185,632 | ---- | M] (RealNetworks, Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VSOCheckTask]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = mcmnhdlr
"hkey" = HKLM
"command" = C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe File not found
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Pager]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = YAHOOM~1
"hkey" = HKCU
"command" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [10-24-2006 05:10 PM | 04,662,776 | ---- | M] (Yahoo! Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini" = 0
"win.ini" = 0
"bootini" = 0
"services" = 0
"startup" = 2

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT [SET TI83PLUSDIR=C:\PROGRA~1\TIEDUC~1\TI-83P~1 | ]
[03-06-2007 07:46 PM | 00,000,047 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]

========== MountPoints2 ==========

========== DNS Name Servers ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{1DDED80E-36ED-4E30-BF7B-5AAA010D3CDD}]
Servers: | Description: Broadcom 802.11g Network Adapter

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{2585B937-B7A7-4F9B-B1EF-72BF6831B08B}]
Servers: | Description:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{A1E49B95-0D5D-437D-92AB-0C010DB73F41}]
Servers: | Description: Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{A3FFD6A0-1AA8-49C4-8E29-D1415B855790}]
Servers: | Description: 1394 Net Adapter

========== Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost



========== Files/Folders - Created Within 30 days ==========

[08-19-2008 03:06 PM | 00,000,244 | -H-- | C] () - C:\sqmnoopt01.sqm
[08-19-2008 03:06 PM | 00,000,268 | -H-- | C] () - C:\sqmdata01.sqm
[6 C:\WINDOWS\System32\*.tmp files]
[08-28-2008 04:13 PM | ---D | C] - C:\WINDOWS\System32\CatRoot_bak
[08-30-2008 10:04 AM | ---D | C] - C:\WINDOWS\EHome
[08-17-2008 01:42 PM | 00,000,162 | -H-- | C] () - C:\Documents and Settings\Owner\My Documents\~$hoo map.doc
[09-02-2008 07:06 PM | 10,551,8436 | ---- | C] () - C:\Documents and Settings\Owner\My Documents\backup.reg
[2 C:\Documents and Settings\Owner\Desktop\*.tmp files]
[08-22-2008 10:03 PM | 00,024,576 | ---- | C] () - C:\Documents and Settings\Owner\Desktop\Memories.doc
[08-25-2008 08:51 PM | 17,902,712 | ---- | C] (W3i, LLC) - C:\Documents and Settings\Owner\Desktop\playtoadgeneralFree.exe
[08-29-2008 08:05 PM | ---D | C] - C:\Documents and Settings\Owner\Desktop\Gabriel Kenneth
[08-30-2008 11:16 AM | 00,000,706 | ---- | C] () - C:\Documents and Settings\Owner\Desktop\Shortcut to HijackThis.lnk
[09-02-2008 07:07 PM | 00,000,572 | ---- | C] () - C:\Documents and Settings\Owner\Desktop\fix.reg
[08-27-2008 04:47 PM | ---D | C] - C:\Program Files\Gamevance

========== Files - Modified Within 30 days ==========

[08-19-2008 03:06 PM | 00,000,244 | -H-- | M] () - C:\sqmnoopt01.sqm
[08-19-2008 03:06 PM | 00,000,268 | -H-- | M] () - C:\sqmdata01.sqm
[09-02-2008 07:12 PM | 10,048,51200 | -HS- | M] () - C:\hiberfil.sys
[6 C:\WINDOWS\System32\*.tmp files]
[08-18-2008 04:02 PM | 00,054,010 | ---- | M] () - C:\WINDOWS\System32\perfc009.dat
[08-18-2008 04:02 PM | 00,383,822 | ---- | M] () - C:\WINDOWS\System32\perfh009.dat
[08-18-2008 04:02 PM | 00,443,380 | ---- | M] () - C:\WINDOWS\System32\PerfStringBackup.INI
[09-02-2008 07:14 PM | 00,001,170 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[08-17-2008 03:49 PM | 00,000,116 | ---- | M] () - C:\WINDOWS\NeroDigital.ini
[08-30-2008 10:11 AM | 00,000,864 | ---- | M] () - C:\WINDOWS\win.ini
[09-02-2008 07:12 PM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[08-26-2008 08:37 PM | 00,000,284 | ---- | M] () - C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[09-02-2008 04:50 PM | 00,000,422 | -H-- | M] () - C:\WINDOWS\tasks\User_Feed_Synchronization-{78A2C800-3087-4B74-8AE7-36CBA37B3BB5}.job
[09-02-2008 07:12 PM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[09-02-2008 07:16 PM | 00,000,330 | -H-- | M] () - C:\WINDOWS\tasks\MP Scheduled Scan.job
[08-17-2008 01:42 PM | 00,000,162 | -H-- | M] () - C:\Documents and Settings\Owner\My Documents\~$hoo map.doc
[09-02-2008 07:06 PM | 10,551,8436 | ---- | M] () - C:\Documents and Settings\Owner\My Documents\backup.reg
[08-27-2008 04:50 PM | 00,001,001 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Toontown Online.lnk
[2 C:\Documents and Settings\Owner\Desktop\*.tmp files]
[08-22-2008 10:03 PM | 00,024,576 | ---- | M] () - C:\Documents and Settings\Owner\Desktop\Memories.doc
[08-25-2008 08:58 PM | 17,902,712 | ---- | M] (W3i, LLC) - C:\Documents and Settings\Owner\Desktop\playtoadgeneralFree.exe
[08-30-2008 11:16 AM | 00,000,706 | ---- | M] () - C:\Documents and Settings\Owner\Desktop\Shortcut to HijackThis.lnk
[09-02-2008 07:07 PM | 00,000,572 | ---- | M] () - C:\Documents and Settings\Owner\Desktop\fix.reg

< End of report >







OTViewIt Extras logfile created on: 2008-09-02 19:20:40 - Run 2
OTViewIt by OldTimer - Version 1.0.1.7 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

958.23 Mb Total Physical Memory | 413.37 Mb Available Physical Memory | 43.14% Memory free
2.26 Gb Paging File | 1.82 Gb Available in Paging File | 80.43% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 86.31 Gb Total Space | 55.94 Gb Free Space | 64.81% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 4.64 Gb Free Space | 67.93% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 976.13 Mb Total Space | 414.52 Mb Free Space | 42.47% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[10-24-2006 05:10 PM | 04,662,776 | ---- | M] (Yahoo! Inc.)

"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Messenger
[01-19-2007 12:54 PM | 05,674,352 | ---- | M] (Microsoft Corporation)

"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
[10-04-2007 11:20 AM | 00,050,528 | ---- | M] (AOL LLC)

"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares
[07-16-2007 05:54 PM | 00,961,536 | ---- | M] (Ares Development Group)

"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
[11-03-2006 03:17 AM | 00,010,800 | ---- | M] (AOL LLC)

"C:\Program Files\Common Files\AOL\1138249094\EE\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1138249094\EE\aolsoftware.exe:*:Enabled:AOL Services
[05-09-2006 08:24 PM | 00,050,760 | ---- | M] (America Online, Inc.)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[02-19-2008 01:10 PM | 19,897,640 | ---- | M] (Apple Inc.)

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] - "%1" %*
.cmd [@ = cmdfile] - "%1" %*
.com [@ = comfile] - "%1" %*
.exe [@ = exefile] - "%1" %*
.html [@ = FirefoxHTML] - [07-27-2008 06:21 PM | 07,667,312 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe
.pif [@ = piffile] - "%1" %*
.scr [@ = scrfile] - "%1" /S

========== Winsock2 Catalogs ==========

========== HKEY_LOCAL_MACHINE Protocol Defaults ==========


========== HKEY_CURRENT_USER Protocol Defaults ==========


========== HKEY_USERS Protocol Defaults ==========


========== HKEY_USERS Protocol Defaults ==========


========== HKEY_USERS Protocol Defaults ==========


========== HKEY_USERS Protocol Defaults ==========


========== HKEY_USERS Protocol Defaults ==========


========== Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
msdaipp: [HKLM - No CLSID value]

========== Protocol Filters ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0AFC9710-5DD6-4C6A-BA52-91AE992B2C9D}" = Safari
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}" = Security Update for CAPICOM (KB931906)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160" = Canon MP160
"{1330F885-F8E4-4c36-9B88-E19F82042C06}" = 3100_3200_3300trb
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{1AC0D592-7F2C-4BBF-B823-EEECD74F097B}" = TaxCut North Carolina 2007
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.4.3
"{29D851C2-048C-4B5E-8D1F-25D473342BB5}" = ScanSoft OmniPage SE 4.0
"{2B65C841-EC48-4087-8021-6DBB9C1DE5E6}" = 3200
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3324A5DC-C7F6-430A-ACC8-F251CD8F4FC7}" = Motorola Driver Installation
"{34FF0741-EC67-4C05-AC2A-6D257123DF2E}" = BigFix
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37477865-A3F1-4772-AD43-AAFC6BCFF99F}" = MSXML 4.0 SP2 (KB927978)
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{3E386744-10FA-44b2-98C9-DF7A270DECB3}" = HP PSC & OfficeJet 5.3.A
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{50E7BB78-02B4-469a-9D8B-B2F42835F90E}" = ProductContextNPI
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{663E217E-FC26-4249-9E8E-F190CD63E737}" = TaxCut Premium + State 2007
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6846389C-BAC0-4374-808E-B120F86AF5D7}" = Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{80FD852F-5AAC-4129-B931-06AAFFA43138}" = iTunes
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110074983}" = BeTrapped!
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{8704D51E-25B7-4F23-81E7-AA4F54790210}" = Microsoft Streets and Trips 2004
"{8A5EBB62-ADE7-41E2-8884-1517DE3505D1}" = DeductionPro 2007
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHERR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PUBLISHERR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PUBLISHERR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PUBLISHERR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHERR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PUBLISHERR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{8F375E11-4FD6-4B89-9E2B-A76D48B51E00}" = Security Update for Microsoft Office system 2007 (KB951808)
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{A420F522-7395-4872-9882-C591B4B92278}" = Update for Office 2007 (KB946691)
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}" = Security Update for Microsoft Office Publisher 2007 (KB950114)
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91A2689C-D4B1-43BB-A521-0E29B963FC56}" = iPod Reset Utility
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC76BA86-7AD7-1033-7B44-A81200000003}_Adobe Reader 8.1.2" = Adobe Reader 8.1.2 Security Update 1 (KB403742)
"{B276997E-4367-4b1b-A39C-4CAE7464337A}" = AiO_Scan_CDA
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B60E7826-F117-4d26-8165-D2DC5A494AB0}" = Fax_CDA
"{B64E3AFC-59EF-4f18-BF11-E751462450D3}" = AiOSoftwareNPI
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
"{C04E32E0-0416-434D-AFB9-6969D703A9EF}" = MSXML 4.0 SP2 (KB936181)
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D2A0F8F4-CE50-4857-A21C-3061682B2E87}" = Sansa Media Converter
"{DB4C031D-B2F8-47F1-A274-59A8F3B61033}" = Nero 7
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F1931CAB-C7DD-4825-8A58-BC5278805200}" = 3100_3200_3300_Help
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Photoshop 7.0.1" = Adobe Photoshop 7.0.1
"AIM_6" = AIM 6
"AJCompressCopy" = AJScreensaver
"All ATI Software" = ATI - Software Uninstall Utility
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Spyware Protection" = AOL Spyware Protection
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Ares" = Ares 2.0.9
"ATI Display Driver" = ATI Display Driver
"AudibleDownloadManager" = Audible Download Manager
"AudibleManager" = AudibleManager
"AVG7Uninstall" = AVG 7.5
"Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
"Bejeweled Deluxe 1.862" = Bejeweled Deluxe 1.862
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Network Adapter
"Canon MP160 User Registration" = Canon MP160 User Registration
"CANONBJ_Deinstall_CNMCP61.DLL" = Canon PIXMA iP3000
"CanonMyPrinter" = Canon My Printer
"CCleaner" = CCleaner (remove only)
"Chuzzle Deluxe 1.0" = Chuzzle Deluxe 1.0
"CNXT_AUDIO" = Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_0300107B" = Soft Data Fax Modem with SmartCP
"Disney Toontown Online" = Disney Toontown Online
"DotColor 3.0_is1" = DotColor 3.0
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HijackThis" = HijackThis 1.99.1
"Holiday Snapshot Imprintables" = Holiday Snapshot Imprintables
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Insaniquarium Deluxe 1.0" = Insaniquarium Deluxe 1.0
"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InterActual Player" = InterActual Player
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"KB834707" = Windows XP Hotfix - KB834707
"KB867282" = Windows XP Hotfix - KB867282
"KB873333" = Windows XP Hotfix - KB873333
"KB873339" = Windows XP Hotfix - KB873339
"KB883939" = Security Update for Windows XP (KB883939)
"KB885250" = Windows XP Hotfix - KB885250
"KB885835" = Windows XP Hotfix - KB885835
"KB885836" = Windows XP Hotfix - KB885836
"KB886185" = Windows XP Hotfix - KB886185
"KB887472" = Windows XP Hotfix - KB887472
"KB887742" = Windows XP Hotfix - KB887742
"KB888113" = Windows XP Hotfix - KB888113
"KB888239" = Windows XP Hotfix - KB888239
"KB888302" = Windows XP Hotfix - KB888302
"KB890046" = Security Update for Windows XP (KB890046)
"KB890047" = Windows XP Hotfix - KB890047
"KB890175" = Windows XP Hotfix - KB890175
"KB890859" = Windows XP Hotfix - KB890859
"KB890923" = Windows XP Hotfix - KB890923
"KB891781" = Windows XP Hotfix - KB891781
"KB892130" = Windows Genuine Advantage Validation Tool (KB892130)
"KB893066" = Security Update for Windows XP (KB893066)
"KB893086" = Windows XP Hotfix - KB893086
"KB893357" = Hotfix for Windows XP (KB893357)
"KB893756" = Security Update for Windows XP (KB893756)
"KB893803" = Windows Installer 3.1 (KB893803)
"KB893803v2" = Windows Installer 3.1 (KB893803)
"KB894391" = Update for Windows XP (KB894391)
"KB896344" = Hotfix for Windows XP (KB896344)
"KB896358" = Security Update for Windows XP (KB896358)
"KB896422" = Security Update for Windows XP (KB896422)
"KB896423" = Security Update for Windows XP (KB896423)
"KB896424" = Security Update for Windows XP (KB896424)
"KB896428" = Security Update for Windows XP (KB896428)
"KB896688" = Security Update for Windows XP (KB896688)
"KB896727" = Update for Windows XP (KB896727)
"KB898458" = Security Update for Step By Step Interactive Training (KB898458)
"KB898461" = Update for Windows XP (KB898461)
"KB899587" = Security Update for Windows XP (KB899587)
"KB899588" = Security Update for Windows XP (KB899588)
"KB899589" = Security Update for Windows XP (KB899589)
"KB899591" = Security Update for Windows XP (KB899591)
"KB900485" = Update for Windows XP (KB900485)
"KB900725" = Security Update for Windows XP (KB900725)
"KB901017" = Security Update for Windows XP (KB901017)
"KB901214" = Security Update for Windows XP (KB901214)
"KB902400" = Security Update for Windows XP (KB902400)
"KB903235" = Security Update for Windows XP (KB903235)
"KB904706" = Security Update for Windows XP (KB904706)
"KB904942" = Update for Windows XP (KB904942)
"KB905414" = Security Update for Windows XP (KB905414)
"KB905749" = Security Update for Windows XP (KB905749)
"KB905915" = Security Update for Windows XP (KB905915)
"KB906569" = Hotfix for Windows XP (KB906569)
"KB908519" = Security Update for Windows XP (KB908519)
"KB908531" = Security Update for Windows XP (KB908531)
"KB910437" = Update for Windows XP (KB910437)
"KB911280" = Security Update for Windows XP (KB911280)
"KB911562" = Security Update for Windows XP (KB911562)
"KB911564" = Security Update for Windows Media Player (KB911564)
"KB911565" = Security Update for Windows Media Player 10 (KB911565)
"KB911567" = Security Update for Windows XP (KB911567)
"KB911927" = Security Update for Windows XP (KB911927)
"KB912812" = Security Update for Windows XP (KB912812)
"KB912919" = Security Update for Windows XP (KB912919)
"KB913446" = Security Update for Windows XP (KB913446)
"KB913580" = Security Update for Windows XP (KB913580)
"KB914388" = Security Update for Windows XP (KB914388)
"KB914389" = Security Update for Windows XP (KB914389)
"KB914440" = Hotfix for Windows XP (KB914440)
"KB915865" = Hotfix for Windows XP (KB915865)
"KB916281" = Security Update for Windows XP (KB916281)
"KB916595" = Update for Windows XP (KB916595)
"KB917159" = Security Update for Windows XP (KB917159)
"KB917344" = Security Update for Windows XP (KB917344)
"KB917422" = Security Update for Windows XP (KB917422)
"KB917734_WMP10" = Security Update for Windows Media Player 10 (KB917734)
"KB917953" = Security Update for Windows XP (KB917953)
"KB918118" = Security Update for Windows XP (KB918118)
"KB918439" = Security Update for Windows XP (KB918439)
"KB918899" = Security Update for Windows XP (KB918899)
"KB919007" = Security Update for Windows XP (KB919007)
"KB920213" = Security Update for Windows XP (KB920213)
"KB920214" = Security Update for Windows XP (KB920214)
"KB920670" = Security Update for Windows XP (KB920670)
"KB920683" = Security Update for Windows XP (KB920683)
"KB920685" = Security Update for Windows XP (KB920685)
"KB920872" = Update for Windows XP (KB920872)
"KB921398" = Security Update for Windows XP (KB921398)
"KB921503" = Security Update for Windows XP (KB921503)
"KB921883" = Security Update for Windows XP (KB921883)
"KB922582" = Update for Windows XP (KB922582)
"KB922616" = Security Update for Windows XP (KB922616)
"KB922819" = Security Update for Windows XP (KB922819)
"KB923191" = Security Update for Windows XP (KB923191)
"KB923414" = Security Update for Windows XP (KB923414)
"KB923689" = Security Update for Windows XP (KB923689)
"KB923694" = Security Update for Windows XP (KB923694)
"KB923980" = Security Update for Windows XP (KB923980)
"KB924191" = Security Update for Windows XP (KB924191)
"KB924270" = Security Update for Windows XP (KB924270)
"KB924496" = Security Update for Windows XP (KB924496)
"KB924667" = Security Update for Windows XP (KB924667)
"KB925398_WMP64" = Security Update for Windows Media Player 6.4 (KB925398)
"KB925486" = Security Update for Windows XP (KB925486)
"KB925902" = Security Update for Windows XP (KB925902)
"KB926239" = Hotfix for Windows XP (KB926239)
"KB926255" = Security Update for Windows XP (KB926255)
"KB926436" = Security Update for Windows XP (KB926436)
"KB927779" = Security Update for Windows XP (KB927779)
"KB927802" = Security Update for Windows XP (KB927802)
"KB927891" = Update for Windows XP (KB927891)
"KB928090-IE7" = Security Update for Windows Internet Explorer 7 (KB928090)
"KB928255" = Security Update for Windows XP (KB928255)
"KB928843" = Security Update for Windows XP (KB928843)
"KB929123" = Security Update for Windows XP (KB929123)
"KB929338" = Update for Windows XP (KB929338)
"KB929399" = Hotfix for Windows Media Format 11 SDK (KB929399)
"KB929969" = Security Update for Windows Internet Explorer 7 (KB929969)
"KB930178" = Security Update for Windows XP (KB930178)
"KB930916" = Update for Windows XP (KB930916)
"KB931261" = Security Update for Windows XP (KB931261)
"KB931768-IE7" = Security Update for Windows Internet Explorer 7 (KB931768)
"KB931784" = Security Update for Windows XP (KB931784)
"KB931836" = Update for Windows XP (KB931836)
"KB931906" = Security Update for CAPICOM (KB931906)
"KB932168" = Security Update for Windows XP (KB932168)
"KB932823-v3" = Update for Windows XP (KB932823-v3)
"KB933360" = Update for Windows XP (KB933360)
"KB933566-IE7" = Security Update for Windows Internet Explorer 7 (KB933566)
"KB933729" = Security Update for Windows XP (KB933729)
"KB935839" = Security Update for Windows XP (KB935839)
"KB935840" = Security Update for Windows XP (KB935840)
"KB936021" = Security Update for Windows XP (KB936021)
"KB936782_WMP11" = Security Update for Windows Media Player 11 (KB936782)
"KB937143-IE7" = Security Update for Windows Internet Explorer 7 (KB937143)
"KB938127-IE7" = Security Update for Windows Internet Explorer 7 (KB938127)
"KB938828" = Update for Windows XP (KB938828)
"KB938829" = Security Update for Windows XP (KB938829)
"KB939653-IE7" = Security Update for Windows Internet Explorer 7 (KB939653)
"KB939683" = Hotfix for Windows Media Player 11 (KB939683)
"KB941202" = Security Update for Windows XP (KB941202)
"KB941568" = Security Update for Windows XP (KB941568)
"KB941569" = Security Update for Windows XP (KB941569)
"KB941644" = Security Update for Windows XP (KB941644)
"KB941693" = Security Update for Windows XP (KB941693)
"KB942615-IE7" = Security Update for Windows Internet Explorer 7 (KB942615)
"KB942763" = Update for Windows XP (KB942763)
"KB943055" = Security Update for Windows XP (KB943055)
"KB943460" = Security Update for Windows XP (KB943460)
"KB943485" = Security Update for Windows XP (KB943485)
"KB944533-IE7" = Security Update for Windows Internet Explorer 7 (KB944533)
"KB944653" = Security Update for Windows XP (KB944653)
"KB945553" = Security Update for Windows XP (KB945553)
"KB946026" = Security Update for Windows XP (KB946026)
"KB946648" = Security Update for Windows XP (KB946648)
"KB947864-IE7" = Hotfix for Windows Internet Explorer 7 (KB947864)
"KB948590" = Security Update for Windows XP (KB948590)
"KB948881" = Security Update for Windows XP (KB948881)
"KB950749" = Security Update for Windows XP (KB950749)
"KB950759-IE7" = Security Update for Windows Internet Explorer 7 (KB950759)
"KB950760" = Security Update for Windows XP (KB950760)
"KB950762" = Security Update for Windows XP (KB950762)
"KB950974" = Security Update for Windows XP (KB950974)
"KB951066" = Security Update for Windows XP (KB951066)
"KB951072-v2" = Update for Windows XP (KB951072-v2)
"KB951376" = Security Update for Windows XP (KB951376)
"KB951376-v2" = Security Update for Windows XP (KB951376-v2)
"KB951698" = Security Update for Windows XP (KB951698)
"KB951748" = Security Update for Windows XP (KB951748)
"KB952287" = Hotfix for Windows XP (KB952287)
"KB952954" = Security Update for Windows XP (KB952954)
"KB953356" = Update for Windows XP (KB953356)
"KB953838-IE7" = Security Update for Windows Internet Explorer 7 (KB953838)
"KB953839" = Security Update for Windows XP (KB953839)
"M928366" = Microsoft .NET Framework 1.1 Hotfix (KB928366)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2005b" = Microsoft Money 2005
"Mozilla Firefox (2.0.0.16)" = Mozilla Firefox (2.0.0.16)
"MP Navigator 3.0" = Canon MP Navigator 3.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Pdf995" = Pdf995 (installed by TaxCut)
"PdfEdit995" = PdfEdit995 (installed by TaxCut)
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"Port Magic" = Pure Networks Port Magic
"PUBLISHERR" = Microsoft Office Publisher 2007 Trial
"Qloud Plug-in for iTunes" = Qloud Plug-in for iTunes
"RealPlayer 6.0" = RealPlayer
"Sallys Spa_is1" = Sallys Spa
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SkillJam SecurePlayer" = Secure Game Player
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"SpywareBlaster_is1" = SpywareBlaster v3.5.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TaxACT 2007" = TaxACT 2007
"TaxCut Premium 2006" = TaxCut Premium 2006
"TI-83 Plus Flash Debugger" = TI-83 Plus Flash Debugger
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WGA" = Windows Genuine Advantage Validation Tool (KB892130)
"WgaNotify" = Windows Genuine Advantage Notifications (KB905474)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========


========== HKEY_USERS Uninstall List ==========


========== HKEY_USERS Uninstall List ==========


========== HKEY_USERS Uninstall List ==========


========== HKEY_USERS Uninstall List ==========


========== HKEY_USERS Uninstall List ==========


========== Last 10 Event Log Errors ==========


[ Application Events ]
Error - 2008-04-16 02:32:23 - Computer Name = YOUR-8A6ABD374C - User Name = User SID not found - Source = Application Error
Description = Faulting application firefox.exe, version 1.8.20080.31114, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 2008-04-21 22:55:23 - Computer Name = YOUR-8A6ABD374C - User Name = User SID not found - Source = Application Error
Description = Faulting application avginet.exe, version 7.5.0.522, faulting module
avgupd.dll, version 7.5.0.515, fault address 0x000459e9.

Error - 2008-04-23 00:00:28 - Computer Name = YOUR-8A6ABD374C - User Name = User SID not found - Source = Application Error
Description = Faulting application avginet.exe, version 7.5.0.522, faulting module
avgupd.dll, version 7.5.0.515, fault address 0x000459e9.

Error - 2008-04-26 02:21:54 - Computer Name = YOUR-8A6ABD374C - User Name = User SID not found - Source = Application Error
Description = Faulting application firefox.exe, version 1.8.20080.40413, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 2008-04-29 01:25:09 - Computer Name = YOUR-8A6ABD374C - User Name = User SID not found - Source = Application Error
Description = Faulting application firefox.exe, version 1.8.20080.40413, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 2008-04-30 02:40:22 - Computer Name = YOUR-8A6ABD374C - User Name = User SID not found - Source = Application Error
Description = Faulting application firefox.exe, version 1.8.20080.40413, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 2008-04-30 02:57:51 - Computer Name = YOUR-8A6ABD374C - User Name = User SID not found - Source = Application Error
Description = Faulting application firefox.exe, version 1.8.20080.40413, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 2008-05-01 02:18:19 - Computer Name = YOUR-8A6ABD374C - User Name = User SID not found - Source = Application Error
Description = Faulting application firefox.exe, version 1.8.20080.40413, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 2008-05-02 02:23:01 - Computer Name = YOUR-8A6ABD374C - User Name = User SID not found - Source = Application Error
Description = Faulting application firefox.exe, version 1.8.20080.40413, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 2008-05-10 20:26:45 - Computer Name = YOUR-8A6ABD374C - User Name = User SID not found - Source = Application Error
Description = Faulting application firefox.exe, version 1.8.20080.40413, faulting
module unknown, version 0.0.0.0, fault address 0x10125b08.


[ Internet Explorer Events ]

[ ODiag Events ]

[ OSession Events ]

[ Security Events ]

[ System Events ]
Error - 2008-09-01 04:32:01 - Computer Name = YOUR-8A6ABD374C - User Name = User SID not found - Source = ACPIEC
Description = \Device\ACPIEC: The embedded controller (EC) hardware didn't respond
within the timeout period. This may indicate an error in the EC hardware or firmware,
or possibly a poorly designed BIOS which accesses the EC in an unsafe manner.
The EC driver will retry the failed transaction if possible.

Error - 2008-09-01 17:40:48 - Computer Name = YOUR-8A6ABD374C - User Name = User SID not found - Source = Dhcp
Description = The IP address lease 90.0.0.2 for the Network Card with network address
0014A55CA538 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent
a DHCPNACK message).

Error - 2008-09-01 19:12:29 - Computer Name = YOUR-8A6ABD374C - User Name = User SID not found - Source = Dhcp
Description = The IP address lease 192.168.1.103 for the Network Card with network
address 0014A55CA538 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 2008-09-01 21:03:23 - Computer Name = YOUR-8A6ABD374C - User Name = User SID not found - Source = Disk
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 2008-09-01 21:05:08 - Computer Name = YOUR-8A6ABD374C - User Name = User SID not found - Source = Disk
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 2008-09-01 21:07:07 - Computer Name = YOUR-8A6ABD374C - User Name = User SID not found - Source = Disk
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 2008-09-01 21:07:23 - Computer Name = YOUR-8A6ABD374C - User Name = User SID not found - Source = Disk
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 2008-09-02 01:42:19 - Computer Name = YOUR-8A6ABD374C - User Name = User SID not found - Source = ipnathlp
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.

Error - 2008-09-02 20:47:15 - Computer Name = YOUR-8A6ABD374C - User Name = User SID not found - Source = Dhcp
Description = The IP address lease 90.0.0.2 for the Network Card with network address
0014A55CA538 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a
DHCPNACK message).

Error - 2008-09-02 23:14:35 - Computer Name = YOUR-8A6ABD374C - User Name = User SID not found - Source = Service Control Manager
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%3


< End of report >





My daughter looked at the processes running on my computer and ended a process called GameVance, and then proceeded to delete it from Add or Remove Programs. She said that this was from a website that isn't to be fully trusted. Ever since she did this, I can access the Internet and everything, but my computer is still running slowly, so I figured it would be a good idea to go ahead and clear it out. I just wanted to let you know that that may have been the problem.
Thanks again, Penny.
Perkypen
Regular Member
 
Posts: 180
Joined: February 9th, 2005, 12:07 pm
Location: Catawba, NC

Re: Computer running slowly, don't know why.

Unread postby Shaba » September 3rd, 2008, 4:41 am

Yes, that is indeed bad program.

Let's run next one online scan:

Please go to Kaspersky website and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with a fresh HijackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Computer running slowly, don't know why.

Unread postby Perkypen » September 3rd, 2008, 7:01 pm

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, September 3, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, September 03, 2008 20:17:25
Records in database: 1188827
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 89423
Threat name: 3
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 02:55:37


File name / Threat name / Threats count
C:\Documents and Settings\Owner\Desktop\allen\HellsKitchen_dwn.exe Infected: not-a-virus:AdTool.Win32.FenomenGame.kbj 1
C:\Program Files\HijackThis\backups\backup-20070801-195008-342.dll Infected: not-a-virus:Downloader.Win32.PopCap.a 1
D:\i386\Apps\App00577\comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1

The selected area was scanned.

















Logfile of HijackThis v1.99.1
Scan saved at 18:58, on 2008-09-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-U ... E_UNO1.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v45/be ... eweled.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://ez-ftz.webex.com/client/T23L/webex/ieatgpc.cab
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - http://na.inquiero.com/inquiero/mod/set ... 118_24.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: Engepkey - {EFE8EC3F-005E-4EB9-A93A-A03D845AA533} - C:\WINDOWS\system32\reguvui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
Perkypen
Regular Member
 
Posts: 180
Joined: February 9th, 2005, 12:07 pm
Location: Catawba, NC

Re: Computer running slowly, don't know why.

Unread postby Shaba » September 4th, 2008, 3:44 am

Please click this link-->Jotti

Copy/paste the first file on the list into the white Upload a file box and click Submit/Send (depends on which one you are using Jotti or VirusTotal).

C:\WINDOWS\system32\reguvui.dll

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Computer running slowly, don't know why.

Unread postby Perkypen » September 4th, 2008, 6:50 pm

Jotti tells me, "The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file"
And VirusTotal tells me, "0 bytes size received"

I don't know what to do.

Thanks again for your help.
Perkypen
Regular Member
 
Posts: 180
Joined: February 9th, 2005, 12:07 pm
Location: Catawba, NC

Re: Computer running slowly, don't know why.

Unread postby Shaba » September 5th, 2008, 3:06 am

You might want to copy that file to some other folder and rename it and try again, please :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Computer running slowly, don't know why.

Unread postby Perkypen » September 5th, 2008, 11:17 pm

I wasn't exactly sure what you needed/didn't need, so here's all of it.


File reguvui.dll received on 09.06.2008 05:12:00 (CET)
Current status: finished
Result: 6/36 (16.67%)


Antivirus Version Last Update Result
AhnLab-V3 2008.9.5.1 2008.09.05 -
AntiVir 7.8.1.28 2008.09.05 -
Authentium 5.1.0.4 2008.09.05 -
Avast 4.8.1195.0 2008.09.05 -
AVG 8.0.0.161 2008.09.05 -
BitDefender 7.2 2008.09.06 -
CAT-QuickHeal 9.50 2008.09.02 -
ClamAV 0.93.1 2008.09.05 -
DrWeb 4.44.0.09170 2008.09.05 -
eSafe 7.0.17.0 2008.09.03 -
eTrust-Vet 31.6.6072 2008.09.05 -
Ewido 4.0 2008.09.05 -
F-Prot 4.4.4.56 2008.09.05 -
F-Secure 8.0.14332.0 2008.09.06 -
Fortinet 3.112.0.0 2008.09.05 -
GData 19 2008.09.06 -
Ikarus T3.1.1.34.0 2008.09.06 not-a-virus:Monitor.Win32.EBlaster.f
K7AntiVirus 7.10.443 2008.09.05 -
Kaspersky 7.0.0.125 2008.09.06 -
McAfee 5378 2008.09.05 -
Microsoft 1.3903 2008.09.06 -
NOD32v2 3421 2008.09.06 -
Norman 5.80.02 2008.09.05 -
Panda 9.0.0.4 2008.09.05 -
PCTools 4.4.2.0 2008.09.05 Application.Spector_Pro_Keylogger
Prevx1 V2 2008.09.06 Suspicious
Rising 20.60.42.00 2008.09.05 -
Sophos 4.33.0 2008.09.06 SpectorSoft
Sunbelt 3.1.1610.1 2008.09.05 -
Symantec 10 2008.09.06 Spyware.Spector
TheHacker 6.3.0.8.072 2008.09.04 -
TrendMicro 8.700.0.1004 2008.09.05 -
VBA32 3.12.8.5 2008.09.05 suspected of Trojan-Downloader.Obfuscated.29 (paranoid heuristics)
ViRobot 2008.9.5.1365 2008.09.05 -
VirusBuster 4.5.11.0 2008.09.05 -
Webwasher-Gateway 6.6.2 2008.09.05 -
Additional information
File size: 1409024 bytes
MD5...: f605f48c7fc4f39bc150a4147ff7fe28
SHA1..: e619403c3a122493874f777727f0ffb4288bb5ed
SHA256: 718b2c41ae266593b2875b21f84d47ca3914890d9479ab559388574a726b41e8
SHA512: dcadf993363bdfe79ea8ad7563ba18c9583056d9a116b5aa46753dbdb122e2bc
4ad9600981b85285c38f96e67adaf167f487c07d80ce68e6b0200861612c7e7e
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (53.1%)
Windows Screen Saver (18.4%)
Win32 Executable Generic (12.0%)
Win32 Dynamic Link Library (generic) (10.6%)
Generic Win/DOS Executable (2.8%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10002320
timedatestamp.....: 0x4506b494 (Tue Sep 12 13:22:28 2006)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x62cbe 0x63000 6.83 96d868727c135aeb58262e9786fa7f86
.rdata 0x64000 0xd1686 0xd2000 1.96 c810b4bbc0273c7c40085a376e119094
.data 0x136000 0x15fb8 0x16000 3.13 7cb1a76a3b3fc6528cb5678f7b103616
.shared 0x14c000 0x1d60 0x2000 0.00 0829f71740aab1ab98b33eae21dee122
.rsrc 0x14e000 0x1b80 0x2000 7.05 4ad81ce18467d1766784ffe685cb64e1
.reloc 0x150000 0x7010 0x8000 6.22 bb84fec0b0158cba8a92e088816e2922

( 7 imports )
> KERNEL32.dll: GetACP, OpenProcess, DuplicateHandle, GetCurrentThread, ReleaseMutex, CreateMutexA, FlushFileBuffers, lstrcmpiA, CreateRemoteThread, WriteProcessMemory, VirtualAllocEx, WaitForMultipleObjects, OpenEventA, FormatMessageA, ResetEvent, GetVolumeInformationA, GetVersionExA, RemoveDirectoryA, DeviceIoControl, FileTimeToSystemTime, FileTimeToLocalFileTime, LocalFree, GetWindowsDirectoryA, GetShortPathNameA, CreateDirectoryA, GetFullPathNameA, GetComputerNameA, CompareStringA, SetStdHandle, IsBadCodePtr, GetEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsW, FreeEnvironmentStringsA, GetStartupInfoA, GetFileType, GetStdHandle, SetHandleCount, GetStringTypeW, GetStringTypeA, GetOEMCP, GetCPInfo, VirtualAlloc, VirtualFree, GetEnvironmentVariableA, HeapSize, HeapReAlloc, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, LCMapStringW, LCMapStringA, ExitProcess, TlsFree, TlsAlloc, GetCommandLineA, GetSystemTimeAsFileTime, RaiseException, GetDriveTypeA, ExitThread, TlsGetValue, TlsSetValue, CreateThread, RtlUnwind, GetSystemTime, GetTimeZoneInformation, GetLocalTime, GetCurrentProcess, HeapDestroy, HeapCreate, HeapFree, SetEnvironmentVariableA, HeapAlloc, GetModuleFileNameA, MultiByteToWideChar, WideCharToMultiByte, IsBadReadPtr, IsBadWritePtr, lstrlenA, InterlockedDecrement, GetCurrentProcessId, DisableThreadLibraryCalls, SetLastError, GetFileTime, SetFileTime, OutputDebugStringA, CreateFileMappingA, MapViewOfFile, UnmapViewOfFile, SetEndOfFile, SetThreadPriority, SetFileAttributesA, GetFileSize, GetCurrentDirectoryA, SetCurrentDirectoryA, FindFirstFileA, FindNextFileA, FindClose, TerminateThread, GetModuleHandleA, GetCurrentThreadId, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSection, GetDiskFreeSpaceA, GetLastError, SetEvent, InterlockedIncrement, Sleep, LoadLibraryA, GetProcAddress, FreeLibrary, CreateEventA, ResumeThread, WaitForSingleObject, MoveFileA, DeleteFileA, GetVersion, GetSystemDirectoryA, WriteFile, CreateFileA, ReadFile, SetFilePointer, CloseHandle, GetTickCount, CompareStringW, VirtualProtect
> USER32.dll: ExitWindowsEx, GetSystemMetrics, UnregisterHotKey, RegisterHotKey, ToAsciiEx, GetKeyboardLayout, CreatePopupMenu, AppendMenuA, DestroyMenu, LoadImageA, SetTimer, LoadIconA, LoadCursorA, GetKeyNameTextA, SetWindowLongA, PostMessageA, GetForegroundWindow, EnumDisplaySettingsA, IsWindow, UnregisterClassA, DestroyWindow, DispatchMessageA, TrackPopupMenu, TranslateMessage, PostQuitMessage, GetKeyState, GetAsyncKeyState, EnumWindows, GetDesktopWindow, GetProcessWindowStation, OpenWindowStationA, SetProcessWindowStation, FindWindowA, GetWindowThreadProcessId, CloseWindowStation, SetThreadDesktop, OpenDesktopA, GetThreadDesktop, OpenInputDesktop, GetUserObjectInformationA, CloseDesktop, MessageBoxA, LoadStringA, SendMessageA, SetDlgItemTextA, SetPropA, SetForegroundWindow, EndDialog, DialogBoxParamA, GetClassNameA, GetWindowRect, PostThreadMessageA, GetDC, ReleaseDC, KillTimer, GetCursorPos, wsprintfA, GetWindowLongA, DefWindowProcA, RegisterClassA, CreateWindowExA, GetMessageA
> GDI32.dll: GetDeviceCaps, CreateCompatibleDC, CreateDCA, DeleteObject, SelectObject, DeleteDC, CreateDIBSection, BitBlt, CreateCompatibleBitmap, GdiFlush, GetStockObject
> ADVAPI32.dll: InitiateSystemShutdownA, OpenSCManagerA, OpenServiceA, CloseServiceHandle, DeleteService, LogonUserA, RegDeleteKeyA, RegDeleteValueA, RegEnumValueA, RegEnumKeyExA, RegOpenKeyExA, LookupPrivilegeValueA, AdjustTokenPrivileges, RevertToSelf, GetSidLengthRequired, GetTokenInformation, LookupAccountSidA, ImpersonateLoggedOnUser, DuplicateToken, OpenProcessToken, GetUserNameA, RegCreateKeyExA, RegQueryValueExA, RegSetValueExA, RegCloseKey
> SHELL32.dll: SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHGetMalloc, ShellExecuteA, Shell_NotifyIconA, SHLoadInProc
> ole32.dll: CoTaskMemFree, StringFromCLSID, CoCreateInstance, CoInitialize, CoUninitialize
> OLEAUT32.dll: -, -

( 4 exports )
DllCanUnloadNow, DllGetClassObject, IAlloc, QueueMemory
Perkypen
Regular Member
 
Posts: 180
Joined: February 9th, 2005, 12:07 pm
Location: Catawba, NC

Re: Computer running slowly, don't know why.

Unread postby Shaba » September 6th, 2008, 4:48 am

Looks like to be a keylogger of some kind.

Have you installed any keyloggers on purpose?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Computer running slowly, don't know why.

Unread postby Perkypen » September 6th, 2008, 4:01 pm

No, I have not.
Perkypen
Regular Member
 
Posts: 180
Joined: February 9th, 2005, 12:07 pm
Location: Catawba, NC
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 41 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware