Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

services being disabled is this a virus?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

services being disabled is this a virus?

Unread postby thefrenchlady » September 7th, 2007, 4:00 pm

hello can you please help me I am finding that my services are being disabled on my p.c. I am unable to connect to the net use plug and plug device manager system restore etc. My friend has reset these several times but they always revert back to being disabled
I have scanned pc with AVG free AVG anti spyware and also have spyware blaster running.
I hope that I have done this right please find my log posted below


Logfile of HijackThis v1.99.1
Scan saved at 20:26:28, on 07/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOWNLOADS\HJT\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [Zonealarm] iexplore.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.13\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.13\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.centrexonline.co.uk/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3354245246
O17 - HKLM\System\CCS\Services\Tcpip\..\{22A9F669-F09D-4BA1-8E5F-B00BCE82F38A}: NameServer = 212.67.120.148 212.67.96.129
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Program Files\AVP2K5\AVKService.exe
O23 - Service: AVP Monitor (AVKWCtl) - Unknown owner - C:\Program Files\AVP2K5\AVKWCtl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
thefrenchlady
Active Member
 
Posts: 13
Joined: September 6th, 2007, 1:26 pm

Unread postby Navigator » September 9th, 2007, 9:25 am

Hello thefrenchlady...welcome to Malware Removal! Sorry for the delay in responding...

I hope I am wrong, but I am highly suspicious that you may have a significant security breach on your system....the HJT log line that bothers me is this:
    O4 - HKLM\..\RunServices: [Zonealarm] iexplore.exe
My preliminary research leads me to believe this might be an infection with 'backdoor' capabilities...which might explain your computer's symptoms.

Before we get ahead of ourselves though, I want to find that suspicious file and try and identify it. The usual residing place for the legitimate iexplore.exe file is %program files%...if we find it somewhere else we will have it scanned:

Please do this:

1. Reveal Hidden Files

  • Click Start.
  • Open My Computer.
  • SelectTools menu
  • Click Folder Options.
  • Select the View Tab.
  • Check Show hidden files and foldersin the Hidden files and folders section.
  • Uncheck Hide protected operating system files (recommended) option.
  • Uncheck the Hide file extensions for known file types option.
  • Click Yes.
  • Click OK.

2. Please download FileFind from Atribune.
Unzip the file and save it to your desktop.

To run FileFind, please do the following:
  • Click on FileFind.exe
  • In the box labeled "Directory"
    • Enter Drive eg.. C:\
  • In the box labeled "File"
    • Enter: iexplore.exe
  • Now click on the "Search" button
  • Once the utility has found the files click on "Export"
  • A Notepad will open up. Please copy the entire contents of the Notepad and paste them here.
  • NOTE: The notepad is saved on your C:\ drive as "Export.txt"
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

services being disabled is this a virus?

Unread postby thefrenchlady » September 9th, 2007, 3:54 pm

Thankyou for answering my original problem - I hope that I have followed your instructions and done this right. (thanks also to friend Mike who put me on to you people)
What happens now ?

kind regards
the french lady



C:\StubInstaller.exe - 700416 Bytes
C:\DISNEY\Mermaid\M_DEL95.EXE - 33280 Bytes
C:\Documents and Settings\GWEN\.housecall6.6\getMac.exe - 98304 Bytes
C:\Documents and Settings\GWEN\.housecall6.6\patch.exe - 218736 Bytes
C:\Documents and Settings\GWEN\.housecall6.6\tsc.exe - 176709 Bytes
C:\Documents and Settings\GWEN\Application Data\Microsoft\Installer\{D085A1B6-90A4-11D3-82B7-00C04FA309DE}\MnyIco.exe - 16384 Bytes
C:\Documents and Settings\GWEN\Application Data\U3\00001628C374332F\cleanup.exe - 110592 Bytes
C:\Documents and Settings\GWEN\Application Data\U3\00001628C374332F\Launchpad Removal.exe - 3096576 Bytes
C:\Documents and Settings\GWEN\Application Data\U3\00001628C374332F\LaunchPad.exe - 4603904 Bytes
C:\Documents and Settings\GWEN\Application Data\U3\00001628C374332F\U3AccessGrant.exe - 49152 Bytes
C:\Documents and Settings\GWEN\Application Data\U3\temp\cleanup.exe - 110592 Bytes
C:\Documents and Settings\GWEN\Application Data\U3\temp\Launchpad Removal.exe - 3096576 Bytes
C:\Documents and Settings\GWEN\Desktop\3511_enu_w2k_xp_release.exe - 5443056 Bytes
C:\Documents and Settings\GWEN\Desktop\avgas-setup-7.5.0.50.exe - 6469352 Bytes
C:\Documents and Settings\GWEN\Desktop\FxGaobot.exe - 176320 Bytes
C:\Documents and Settings\GWEN\Desktop\STDIALUP.EXE - 1659904 Bytes
C:\Documents and Settings\GWEN\Desktop\CLEANUP PROGRAM RUN ONCE A WEEK\ATF-Cleaner-1.exe - 45568 Bytes
C:\Documents and Settings\GWEN\Desktop\OpenOffice.org 2.0 Installation Files\instmsia.exe - 1708856 Bytes
C:\Documents and Settings\GWEN\Desktop\OpenOffice.org 2.0 Installation Files\instmsiw.exe - 1822520 Bytes
C:\Documents and Settings\GWEN\Desktop\OpenOffice.org 2.0 Installation Files\setup.exe - 266240 Bytes
C:\Documents and Settings\GWEN\Desktop\OpenOffice.org 2.0 Installation Files\java\jre-1_5_0_06-windows-i586-p.exe - 16779392 Bytes
C:\Documents and Settings\GWEN\Local Settings\Temp\hpfaicm.exe - 25088 Bytes
C:\Documents and Settings\GWEN\Local Settings\Temp\hpfiui.exe - 352768 Bytes
C:\Documents and Settings\GWEN\Local Settings\Temp\hpfmicm.exe - 25600 Bytes
C:\Documents and Settings\GWEN\Local Settings\Temp\hphghl03.exe - 188416 Bytes
C:\Documents and Settings\GWEN\Local Settings\Temp\hphuni03.exe - 344064 Bytes
C:\Documents and Settings\GWEN\Local Settings\Temp\hpzglu04.exe - 262144 Bytes
C:\Documents and Settings\GWEN\Local Settings\Temporary Internet Files\Content.IE5\Y0QOSD8E\SearchWithGoogleUpdate_en[1].exe - 743352 Bytes
C:\Documents and Settings\JON\.limewire\.NetworkShare\LimeWireWin4.12.11.exe - 3098056 Bytes
C:\Documents and Settings\JON\.limewire\.NetworkShare\LimeWireWinInstaller.exe - 3064200 Bytes
C:\Documents and Settings\JON\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_15A5F0171CB443674B2115.exe - 1078 Bytes
C:\Documents and Settings\JON\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_37035368CCB999D88078F8.exe - 1518 Bytes
C:\Documents and Settings\JON\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_6FEFF9B68218417F98F549.exe - 766 Bytes
C:\Documents and Settings\JON\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_90A0495535EDA61198A57D.exe - 2550 Bytes
C:\Documents and Settings\JON\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_9B3BE65A6BC9B7B3040C09.exe - 1078 Bytes
C:\Documents and Settings\JON\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_B136E5D1E558F55D0BA1DB.exe - 10134 Bytes
C:\Documents and Settings\JON\Application Data\U3\00001628C374332F\cleanup.exe - 110592 Bytes
C:\Documents and Settings\JON\Application Data\U3\00001628C374332F\Launchpad Removal.exe - 3096576 Bytes
C:\Documents and Settings\JON\Application Data\U3\00001628C374332F\LaunchPad.exe - 4603904 Bytes
C:\Documents and Settings\JON\Application Data\U3\00001628C374332F\U3AccessGrant.exe - 49152 Bytes
C:\Documents and Settings\JON\Application Data\U3\temp\Launchpad Removal.exe - 3096576 Bytes
C:\Documents and Settings\JON\Desktop\FileFind.exe - 69632 Bytes
C:\Documents and Settings\JON\Desktop\wmp11-windowsxp-x86-enu.exe - 25755448 Bytes
C:\Documents and Settings\JON\Desktop\ANTIVIRUS STUFF\ATF-Cleaner-1.exe - 45568 Bytes
C:\Documents and Settings\JON\Desktop\tr1advinst\tr1setup.exe - 4381696 Bytes
C:\Documents and Settings\JON\Local Settings\Temp\hpfaicm.exe - 25088 Bytes
C:\Documents and Settings\JON\Local Settings\Temp\hpfiui.exe - 352768 Bytes
C:\Documents and Settings\JON\Local Settings\Temp\hpfmicm.exe - 25600 Bytes
C:\Documents and Settings\JON\Local Settings\Temp\hpzglu04.exe - 262144 Bytes
C:\Documents and Settings\JON\Local Settings\Temporary Internet Files\Content.IE5\V3CE0MG5\OOo_2.2.1_Win32Intel_install_en-US[1].exe - 1190 Bytes
C:\Documents and Settings\JON\My Documents\3511_enu_w2k_xp_release.exe - 5443056 Bytes
C:\Documents and Settings\JON\My Documents\LimeWireWin.exe - 359112 Bytes
C:\DOWNLOADS\aawsepersonal.exe - 2855080 Bytes
C:\DOWNLOADS\ATF-Cleaner.exe - 47104 Bytes
C:\DOWNLOADS\avg71free_407a808.exe - 18450960 Bytes
C:\DOWNLOADS\avgas-setup-7.5.0.50.exe - 6469352 Bytes
C:\DOWNLOADS\cwshredder.exe - 532480 Bytes
C:\DOWNLOADS\processscanner.exe - 409112 Bytes
C:\DOWNLOADS\A-SQUARED TROJAN STOPPER\a2freesetup-1.exe - 3490456 Bytes
C:\DOWNLOADS\A-SQUARED TROJAN STOPPER\a2freesetup.exe - 3191488 Bytes
C:\DOWNLOADS\A-SQUARED TROJAN STOPPER\a2hijackfree.exe - 509120 Bytes
C:\DOWNLOADS\Adaware 1.06\aawsepersonal-1.exe - 2855080 Bytes
C:\DOWNLOADS\Adaware 1.06\aawsepersonal.exe - 2855080 Bytes
C:\DOWNLOADS\ADVANGED WINOWS CARE\AWCSetup.exe - 4336368 Bytes
C:\DOWNLOADS\ATF CLEANER\ATF-Cleaner-1.exe - 45568 Bytes
C:\DOWNLOADS\AVG\avg71free_394a757.exe - 17093296 Bytes
C:\DOWNLOADS\AVG ANTIVIRUS\avg71free_392a744.exe - 16767496 Bytes
C:\DOWNLOADS\AVG ANTIVIRUS\avg75free_430a828.exe - 17383608 Bytes
C:\DOWNLOADS\BELARC\advisor.exe - 850416 Bytes
C:\DOWNLOADS\CRAP CLEANER\ccsetup117.exe - 412585 Bytes
C:\DOWNLOADS\CRAP CLEANER\ccsetup118.exe - 418168 Bytes
C:\DOWNLOADS\CRAP CLEANER\ccsetup119.exe - 446398 Bytes
C:\DOWNLOADS\CRAP CLEANER\ccsetup120.exe - 482342 Bytes
C:\DOWNLOADS\CRAP CLEANER\ccsetup121.exe - 484089 Bytes
C:\DOWNLOADS\CRAP CLEANER\ccsetup122.exe - 501829 Bytes
C:\DOWNLOADS\CRAP CLEANER\ccsetup127.exe - 1308503 Bytes
C:\DOWNLOADS\CRAP CLEANER\ccsetup131.exe - 1458008 Bytes
C:\DOWNLOADS\CRAP CLEANER\ccsetup132.exe - 1468464 Bytes
C:\DOWNLOADS\CRAP CLEANER\ccsetup133_slim.exe - 450152 Bytes
C:\DOWNLOADS\CRAP CLEANER\CCleaner\ccleaner.exe - 585728 Bytes
C:\DOWNLOADS\CRAP CLEANER\CCleaner\uninst.exe - 68068 Bytes
C:\DOWNLOADS\DK LITE\dklite.exe - 12425080 Bytes
C:\DOWNLOADS\FIREFOX\Firefox Setup 1.0.5.exe - 4877784 Bytes
C:\DOWNLOADS\FIREFOX\Firefox Setup 1.0.exe - 4915119 Bytes
C:\DOWNLOADS\FxGabot fix\FxGaobot.exe - 176320 Bytes
C:\DOWNLOADS\GOOGLE TOOLBAR\googletoolbarinstaller.exe - 689272 Bytes
C:\DOWNLOADS\HJT\hijackthis\HijackThis.exe - 218112 Bytes
C:\DOWNLOADS\OPEN OFFICE\OOo_2.0.2_Win32Intel_install_wJRE.exe - 109389293 Bytes
C:\DOWNLOADS\REGSCRUB XP\regscrubxpsetup_3.2.exe - 593556 Bytes
C:\DOWNLOADS\SITE HOUND\sitehound_ff_15.exe - 1170579 Bytes
C:\DOWNLOADS\SPYBOT S&D\spybotsd14.exe - 5037072 Bytes
C:\DOWNLOADS\SPYBOT SD 1.5.1\spybotsd15.exe - 7467056 Bytes
C:\DOWNLOADS\SPYCHECKER\setup.exe - 277664 Bytes
C:\DOWNLOADS\SPYWARE BLASTER\spywareblastersetup34.exe - 2560240 Bytes
C:\DOWNLOADS\SPYWARE BLASTER\spywareblastersetup351-1.exe - 2566736 Bytes
C:\DOWNLOADS\START PAGE GUARD\spgsetup.exe - 427343 Bytes
C:\DOWNLOADS\STARTUP INSPECTOR\isw2.exe - 685988 Bytes
C:\DOWNLOADS\STINGER\stng260-1.exe - 1144839 Bytes
C:\DOWNLOADS\STINGER\stng260.exe - 1144839 Bytes
C:\DOWNLOADS\SUPER ANTI SPYWARE\SUPERAntiSpyware.exe - 5029200 Bytes
C:\DOWNLOADS\SUPER ANTISPYWARE\SUPERAntiSpyware.exe - 5797152 Bytes
C:\DOWNLOADS\WINRAR\wrar351.exe - 1014477 Bytes
C:\DOWNLOADS\ZONE ALARM\zlsSetup_55_062_011.exe - 6670952 Bytes
C:\DOWNLOADS\ZONE ALARM\zlsSetup_61_737_000_en.exe - 10537576 Bytes
C:\DOWNLOADS\ZONE ALARM\zlsSetup_61_744_001_en.exe - 10523240 Bytes
C:\DOWNLOADS\ZONE ALARM\zlsSetup_65_737_000_en.exe - 13714856 Bytes
C:\HJT\hijackthis\HijackThis.exe - 218112 Bytes
C:\hp photosmart\hphinstall\setup.exe - 40960 Bytes
C:\potatohead\quicktim\QUICKTIM.EXE - 496368 Bytes
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe - 4669511 Bytes
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe - 7671876 Bytes
C:\Program Files\Adobe\Acrobat 6.0\Reader\AdobeUpdateManager.exe - 303616 Bytes
C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\Printme\ConsoleApp.exe - 40960 Bytes
C:\Program Files\Adobe\Acrobat 6.0\Reader\Updater\acroaum.exe - 61440 Bytes
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe - 65536 Bytes
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe - 31744 Bytes
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe - 307200 Bytes
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - 29696 Bytes
C:\Program Files\Adobe\Acrobat 7.0\Reader\Updater\acroaum.exe - 94208 Bytes
C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig\ENU\instmsiw.exe - 1822520 Bytes
C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig\ENU\setup.exe - 225280 Bytes
C:\Program Files\Ahead\CoverDesigner\CoverDes.exe - 2207744 Bytes
C:\Program Files\Ahead\Nero\nero.exe - 10280960 Bytes
C:\Program Files\Ahead\Nero\NeroCmd.exe - 143360 Bytes
C:\Program Files\Ahead\Nero\NRESTORE.EXE - 232604 Bytes
C:\Program Files\Ahead\Nero\Uninstall\UNNero.exe - 1335296 Bytes
C:\Program Files\Ahead\Nero BackItUp\BackItUp.exe - 5443584 Bytes
C:\Program Files\Ahead\Nero BackItUp\NBJ.exe - 1744896 Bytes
C:\Program Files\Ahead\Nero BackItUp\NBR.exe - 978944 Bytes
C:\Program Files\Ahead\Nero SoundTrax\SoundTrax.exe - 1515520 Bytes
C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe - 1646592 Bytes
C:\Program Files\Ahead\Nero Toolkit\CDSpeed.exe - 1077248 Bytes
C:\Program Files\Ahead\Nero Toolkit\DriveSpeed.exe - 434176 Bytes
C:\Program Files\Ahead\Nero Toolkit\hwinfo.exe - 11568 Bytes
C:\Program Files\Ahead\Nero Toolkit\InfoTool.exe - 475136 Bytes
C:\Program Files\Ahead\Nero Wave Editor\DXEnum.exe - 81920 Bytes
C:\Program Files\Ahead\Nero Wave Editor\WaveEdit.exe - 94208 Bytes
C:\Program Files\Ahead\WMPBurn\WMPBurn.exe - 1482752 Bytes
C:\Program Files\Art Explosion\Greeting Card Factory\grtgcard.exe - 7360588 Bytes
C:\Program Files\ATI Technologies\ATI Control Panel\atiiprxx.exe - 86016 Bytes
C:\Program Files\ATI Technologies\ATI Control Panel\atiphexx.exe - 53248 Bytes
C:\Program Files\ATI Technologies\ATI Control Panel\atiprbxx.exe - 110592 Bytes
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe - 335872 Bytes
C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe - 65536 Bytes
C:\Program Files\AVP2K5\AVKService.exe - 299008 Bytes
C:\Program Files\AVP2K5\AVKWCtl.exe - 561152 Bytes
C:\Program Files\Barbie®\Barbie® As Sleeping Beauty\ereg\Engine.exe - 866816 Bytes
C:\Program Files\Barbie®\Barbie® As Sleeping Beauty\ereg\Itp32.exe - 155136 Bytes
C:\Program Files\Barbie®\Barbie® As Sleeping Beauty\ereg\Remind32.exe - 67584 Bytes
C:\Program Files\BBC Multimedia\BBC Pingu - Barrel of Fun\Pingu.exe - 2441030 Bytes
C:\Program Files\BBC Multimedia\BBC Pingu - Barrel of Fun\Pingu_ss.exe - 1513419 Bytes
C:\Program Files\BBC Multimedia\BBC Pingu - Barrel of Fun\SetSaver.exe - 2736484 Bytes
C:\Program Files\BBC Multimedia\BBC Teletubbies - Favourite Games\TFG.exe - 2251616 Bytes
C:\Program Files\BBC Multimedia\BBC Teletubbies - Favourite Games\Xtras\ActiveX\Redist\Aprxdist.exe - 158560 Bytes
C:\Program Files\BBC Multimedia\BBC Teletubbies - Favourite Games\Xtras\ActiveX\Redist\Axdist.exe - 803680 Bytes
C:\Program Files\BBC Multimedia\BBC Teletubbies - Favourite Games\Xtras\ActiveX\Redist\Wintdist.exe - 401760 Bytes
C:\Program Files\BBC Multimedia\BBC Tweenies - Ready to Play\Menu.exe - 40960 Bytes
C:\Program Files\BBC Multimedia\BBC Tweenies - Ready to Play\Tweenies.exe - 344863 Bytes
C:\Program Files\BBC Multimedia\BBC Tweenies - Ready to Play\Tweenies1.exe - 2474557 Bytes
C:\Program Files\BBC Multimedia\BBC Yoho Ahoy\YohoAhoy.exe - 2252188 Bytes
C:\Program Files\BBC Multimedia\Bob the Builder - Bob Builds a Park\Bob the Builder - Bob Builds a Park.exe - 749011 Bytes
C:\Program Files\BBC Multimedia\Bob the Builder - Bob Builds a Park\Data\Sound\lockbink.exe - 192566 Bytes
C:\Program Files\BBC Multimedia\Bob the Builder - Bob Builds a Park\Data\Sound\unlockbink.exe - 192570 Bytes
C:\Program Files\CCleaner\ccleaner.exe - 585728 Bytes
C:\Program Files\CCleaner\uninst.exe - 68068 Bytes
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriver.exe - 778240 Bytes
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriver2.exe - 778240 Bytes
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe - 69632 Bytes
C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe - 614532 Bytes
C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe - 5632 Bytes
C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe - 5632 Bytes
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_06.b05\launcher.exe - 16384 Bytes
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_06.b05\patchjre.exe - 3946152 Bytes
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_06.b05\zipper.exe - 16384 Bytes
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_09.b03\launcher.exe - 16384 Bytes
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_09.b03\patchjre.exe - 4490872 Bytes
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_09.b03\zipper.exe - 16384 Bytes
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_11.b03\launcher.exe - 16384 Bytes
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_11.b03\patchjre.exe - 4986488 Bytes
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_11.b03\zipper.exe - 16384 Bytes
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_02.b06\launcher.exe - 3584 Bytes
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_02.b06\patchjre.exe - 2479464 Bytes
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_02.b06\zipper.exe - 20480 Bytes
C:\Program Files\Common Files\Microsoft Shared\Artgalry\ARTGALRY.EXE - 745511 Bytes
C:\Program Files\Common Files\Microsoft Shared\Artgalry\CAG.EXE - 32802 Bytes
C:\Program Files\Common Files\Microsoft Shared\Equation\eqnedt32.exe - 519168 Bytes
C:\Program Files\Common Files\Microsoft Shared\MSDraw\msdraw.exe - 589312 Bytes
C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe - 39936 Bytes
C:\Program Files\Common Files\Microsoft Shared\MSInfo\OFFPROV.EXE - 44032 Bytes
C:\Program Files\Common Files\Microsoft Shared\MSInfo\OFFPRV10.EXE - 65536 Bytes
C:\Program Files\Common Files\Microsoft Shared\MSSearch\Bin\SrchAdmStp(2).exe - 0 Bytes
C:\Program Files\Common Files\Microsoft Shared\MSSearch\Bin\SrchAdmStp.exe - 65536 Bytes
C:\Program Files\Common Files\Microsoft Shared\Note-It\note-it.exe - 48304 Bytes
C:\Program Files\Common Files\Microsoft Shared\Office10\DW.EXE - 165280 Bytes
C:\Program Files\Common Files\Microsoft Shared\Office10\MSO7FTP.EXE - 3072 Bytes
C:\Program Files\Common Files\Microsoft Shared\Office10\MSO7FTPA.EXE - 3072 Bytes
C:\Program Files\Common Files\Microsoft Shared\Office10\MSO7FTPS.EXE - 3072 Bytes
C:\Program Files\Common Files\Microsoft Shared\Office10\MSOICONS.EXE - 40960 Bytes
C:\Program Files\Common Files\Microsoft Shared\Picture It!\ImprtWiz.exe - 660480 Bytes
C:\Program Files\Common Files\Microsoft Shared\Reference 2001\ENCCA.EXE - 32768 Bytes
C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EncCHD.exe - 127031 Bytes
C:\Program Files\Common Files\Microsoft Shared\Reference 2001\ER2001.exe - 20480 Bytes
C:\Program Files\Common Files\Microsoft Shared\Reference 2001\ERCHECK.EXE - 110592 Bytes
C:\Program Files\Common Files\Microsoft Shared\Reference 2001\KALLISTI.EXE - 36864 Bytes
C:\Program Files\Common Files\Microsoft Shared\Reference 2001\sw800ins.exe - 3266028 Bytes
C:\Program Files\Common Files\Microsoft Shared\Reference 2001\WorksInt.EXE - 28672 Bytes
C:\Program Files\Common Files\Microsoft Shared\Reference 2003\ENCCA.EXE - 106496 Bytes
C:\Program Files\Common Files\Microsoft Shared\Reference 2003\WORKSINT.EXE - 24064 Bytes
C:\Program Files\Common Files\Microsoft Shared\Reference 2004\ENCCA.EXE - 110592 Bytes
C:\Program Files\Common Files\Microsoft Shared\Shoebox\piolch.exe - 69632 Bytes
C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe - 36864 Bytes
C:\Program Files\Common Files\Microsoft Shared\WordArt\Wrdart32.exe - 420352 Bytes
C:\Program Files\Common Files\Microsoft Shared\Works Shared\dw.exe - 165280 Bytes
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe - 24651 Bytes
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkscal.exe - 102467 Bytes
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe - 50688 Bytes
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUpdat2.exe - 177664 Bytes
C:\Program Files\Common Files\Motive\EnCmnSvr.exe - 147456 Bytes
C:\Program Files\Common Files\Motive\InstallHelper.exe - 57344 Bytes
C:\Program Files\CyberLink\Common\UpdateIPR.exe - 151552 Bytes
C:\Program Files\CyberLink\PowerDVD\cldma.exe - 274432 Bytes
C:\Program Files\CyberLink\PowerDVD\cltest.exe - 167936 Bytes
C:\Program Files\CyberLink\PowerDVD\ddtester.exe - 323584 Bytes
C:\Program Files\CyberLink\PowerDVD\dvdrgn.exe - 57344 Bytes
C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe - 409600 Bytes
C:\Program Files\DeskAd Service\DeskAdKeep.exe - 8522 Bytes
C:\Program Files\Digital Camera\UNWISE.EXE - 162304 Bytes
C:\Program Files\Disney Interactive\Disneys Jungle Fun\Tarzan.exe - 976384 Bytes
C:\Program Files\Disney Interactive\Disneys Peter Pan Adventures in Never Land\Launcher.exe - 454656 Bytes
C:\Program Files\Disney Interactive\Disneys Peter Pan Adventures in Never Land\PPA.exe - 1857699 Bytes
C:\Program Files\Disney Interactive\Disneys Princess Fashion Boutique\Disney.exe - 172782 Bytes
C:\Program Files\Disney Interactive\Get Ready for School with Mickey\GETREADY.EXE - 2045036 Bytes
C:\Program Files\Disney Interactive\Get Ready for School with Mickey\Demos\Tpat\TypingDm.exe - 914944 Bytes
C:\Program Files\Disney Interactive\Tigger Too\Launcher.exe - 27136 Bytes
C:\Program Files\Disney Interactive\Tigger Too\Tigger2.exe - 1515784 Bytes
C:\Program Files\Doki\Français 1\doki-french.exe - 1126400 Bytes
C:\Program Files\Doki\Français 1\flashplayer6_winax.exe - 593536 Bytes
C:\Program Files\Doki\Français 1\uninstall\Setup.exe - 56320 Bytes
C:\Program Files\EA SPORTS\FIFA 2001\clokspl.exe - 177152 Bytes
C:\Program Files\EA SPORTS\FIFA 2001\fifa2001.exe - 350910 Bytes
C:\Program Files\EA SPORTS\FIFA 2001\fifa_uninst.exe - 94208 Bytes
C:\Program Files\EA SPORTS\FIFA 2001\kickapp.exe - 61440 Bytes
C:\Program Files\EA SPORTS\FIFA 2001\3DSetup\3DSetup.exe - 581632 Bytes
C:\Program Files\EA SPORTS\FIFA 2001\Support\FIFA 2001_EZ.exe - 380928 Bytes
C:\Program Files\EA SPORTS\FIFA 2001\Support\go_ez.exe - 45056 Bytes
C:\Program Files\EACOM\Update\update.exe - 28672 Bytes
C:\Program Files\FoneSync\FoneSync.exe - 593920 Bytes
C:\Program Files\FoneSync\UpdateWizard.exe - 87040 Bytes
C:\Program Files\FoneSync\Uwrestrt.exe - 27648 Bytes
C:\Program Files\Google\googletoolbar3user.exe - 52272 Bytes
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe - 138168 Bytes
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe - 68856 Bytes
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe - 6731312 Bytes
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe - 312880 Bytes
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe - 81320 Bytes
C:\Program Files\Grisoft\AVG Free\avgamsvr.exe - 353280 Bytes
C:\Program Files\Grisoft\AVG Free\avgcc.exe - 416256 Bytes
C:\Program Files\Grisoft\AVG Free\avgemc.exe - 353280 Bytes
C:\Program Files\Grisoft\AVG Free\avginet.exe - 438272 Bytes
C:\Program Files\Grisoft\AVG Free\avgrssvc.exe - 192512 Bytes
C:\Program Files\Grisoft\AVG Free\avgscan.exe - 61952 Bytes
C:\Program Files\Grisoft\AVG Free\avgupdln.exe - 66048 Bytes
C:\Program Files\Grisoft\AVG Free\avgupsvc.exe - 49664 Bytes
C:\Program Files\Grisoft\AVG Free\avgvv.exe - 334848 Bytes
C:\Program Files\Grisoft\AVG Free\avgw.exe - 145920 Bytes
C:\Program Files\Grisoft\AVG Free\setup.exe - 1334272 Bytes
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Printing\Hpi_Print.exe - 512000 Bytes
C:\Program Files\Hewlett-Packard\PhotoSmart\Update\HPI_Exit.exe - 24576 Bytes
C:\Program Files\Hewlett-Packard\PhotoSmart\Update\HPI_Run.exe - 36864 Bytes
C:\Program Files\Hewlett-Packard\PhotoSmart\Update\bin\hpi_cvm.exe - 20544 Bytes
C:\Program Files\Hewlett-Packard\PhotoSmart\Update\bin\hpi_upvm.exe - 20544 Bytes
C:\Program Files\Hewlett-Packard\PhotoSmart\Update\bin\java.exe - 20542 Bytes
C:\Program Files\Hewlett-Packard\PhotoSmart\Update\bin\javaw.exe - 20544 Bytes
C:\Program Files\Hewlett-Packard\PhotoSmart\Update\bin\keytool.exe - 20551 Bytes
C:\Program Files\Hewlett-Packard\PhotoSmart\Update\bin\policytool.exe - 20557 Bytes
C:\Program Files\Hewlett-Packard\PhotoSmart\Update\bin\rmid.exe - 20540 Bytes
C:\Program Files\Hewlett-Packard\PhotoSmart\Update\bin\rmiregistry.exe - 20551 Bytes
C:\Program Files\Hewlett-Packard\PhotoSmart\Update\bin\tnameserv.exe - 20550 Bytes
C:\Program Files\IDIGICON Limited\Maxx GP\gp.exe - 7228 Bytes
C:\Program Files\IDIGICON Limited\Maxx GP\maxxgp.exe - 1490944 Bytes
C:\Program Files\IDIGICON Limited\Maxx GP\Uninstal.exe - 78816 Bytes
C:\Program Files\IDIGICON Limited\Maxx Trucks\gr.exe - 7228 Bytes
C:\Program Files\IDIGICON Limited\Maxx Trucks\trucks.exe - 1490944 Bytes
C:\Program Files\IDIGICON Limited\Maxx Trucks\Uninstal.exe - 78890 Bytes
C:\Program Files\imGiant\imgurl3.exe - 53156 Bytes
C:\Program Files\imGiant\newimurl.exe - 53107 Bytes
C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\Setup.exe - 127488 Bytes
C:\Program Files\InstallShield Installation Information\{111E336D-30BF-4CD4-8D69-4541732AFB27}\setup.exe - 121064 Bytes
C:\Program Files\InstallShield Installation Information\{1A17F47A-B39B-4A25-8C8F-9CA0B39C5544}\Setup.exe - 56320 Bytes
C:\Program Files\InstallShield Installation Information\{252C3736-B08B-4473-9000-C8EE1AF8EDF6}\Setup.exe - 56320 Bytes
C:\Program Files\InstallShield Installation Information\{25331195-4E18-11D7-9D73-0008C7223F91}\Setup.exe - 56320 Bytes
C:\Program Files\InstallShield Installation Information\{31154120-9EB6-11D4-B231-0050DACD394D}\Setup.exe - 165888 Bytes
C:\Program Files\InstallShield Installation Information\{31E9AC0D-24C4-4A6D-81D7-290263E3C131}\setup.exe - 116688 Bytes
C:\Program Files\InstallShield Installation Information\{3AEFE81C-163C-4849-BDE4-B8CFF1406651}\Setup.exe - 56320 Bytes
C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\Setup.exe - 168448 Bytes
C:\Program Files\InstallShield Installation Information\{43801800-CFEE-11D2-A41B-006097B55AD3}\Setup.exe - 12288 Bytes
C:\Program Files\InstallShield Installation Information\{5C13AD07-5129-11D5-96DB-AE99AF79C743}\Setup.exe - 56320 Bytes
C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe - 166400 Bytes
C:\Program Files\InstallShield Installation Information\{7C21EEE0-E6FD-11D4-BD19-00D0B702AEC0}\Setup.exe - 165888 Bytes
C:\Program Files\InstallShield Installation Information\{849754C2-9C82-11D6-A0B1-E987A0BD9F5C}\Setup.exe - 46080 Bytes
C:\Program Files\InstallShield Installation Information\{9984DF60-1C5B-11D3-ACA1-908A4FC10801}\Setup.exe - 165888 Bytes
C:\Program Files\InstallShield Installation Information\{9AB97F52-512B-43EF-AAEC-4825C17B32ED}\Setup.exe - 139264 Bytes
C:\Program Files\InstallShield Installation Information\{9B94BE6F-7CA3-4C40-A266-62667FF746CC}\Setup.exe - 127488 Bytes
C:\Program Files\InstallShield Installation Information\{A6B0E526-D1E8-11D5-AA2E-0008C760B784}\Setup.exe - 166912 Bytes
C:\Program Files\InstallShield Installation Information\{C640CAE0-8024-11D4-0090-B700902724B3}\Setup.exe - 139264 Bytes
C:\Program Files\InstallShield Installation Information\{CE6D39E2-D4CB-4C49-ABD9-8724B095D1EF}\Setup.exe - 165376 Bytes
C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\Setup.exe - 54272 Bytes
C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\Setup.exe - 139264 Bytes
C:\Program Files\Intel\Intel Application Accelerator\intelata.exe - 561152 Bytes
C:\Program Files\InterActual\InterActual Player\inuninst.exe - 132096 Bytes
C:\Program Files\InterActual\InterActual Player\iPlayer.exe - 786432 Bytes
C:\Program Files\Internet Explorer\iedw.exe - 69120 Bytes
C:\Program Files\Internet Explorer\iexplore.exe - 625152 Bytes
C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe - 214528 Bytes
C:\Program Files\Internet Explorer\Connection Wizard\icwconn2.exe - 86016 Bytes
C:\Program Files\Internet Explorer\Connection Wizard\icwrmind.exe - 24576 Bytes
C:\Program Files\Internet Explorer\Connection Wizard\icwtutor.exe - 73728 Bytes
C:\Program Files\Internet Explorer\Connection Wizard\inetwiz.exe - 20480 Bytes
C:\Program Files\Internet Explorer\Connection Wizard\isignup.exe - 16384 Bytes
C:\Program Files\iPod\bin\iPodService.exe - 323584 Bytes
C:\Program Files\iTunes\iTunes.exe - 14135808 Bytes
C:\Program Files\iTunes\iTunesHelper.exe - 278528 Bytes
C:\Program Files\Java\jre1.5.0_06\bin\java.exe - 49248 Bytes
C:\Program Files\Java\jre1.5.0_06\bin\javacpl.exe - 45171 Bytes
C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe - 49250 Bytes
C:\Program Files\Java\jre1.5.0_06\bin\javaws.exe - 127078 Bytes
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe - 241775 Bytes
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe - 36975 Bytes
C:\Program Files\Java\jre1.5.0_06\bin\keytool.exe - 49272 Bytes
C:\Program Files\Java\jre1.5.0_06\bin\kinit.exe - 49268 Bytes
C:\Program Files\Java\jre1.5.0_06\bin\klist.exe - 49268 Bytes
C:\Program Files\Java\jre1.5.0_06\bin\ktab.exe - 49266 Bytes
C:\Program Files\Java\jre1.5.0_06\bin\orbd.exe - 53383 Bytes
C:\Program Files\Java\jre1.5.0_06\bin\pack200.exe - 49280 Bytes
C:\Program Files\Java\jre1.5.0_06\bin\policytool.exe - 49278 Bytes
C:\Program Files\Java\jre1.5.0_06\bin\rmid.exe - 49266 Bytes
C:\Program Files\Java\jre1.5.0_06\bin\rmiregistry.exe - 49278 Bytes
C:\Program Files\Java\jre1.5.0_06\bin\servertool.exe - 49299 Bytes
C:\Program Files\Java\jre1.5.0_06\bin\tnameserv.exe - 53392 Bytes
C:\Program Files\Java\jre1.5.0_06\bin\unpack200.exe - 127101 Bytes
C:\Program Files\Java\jre1.5.0_09\bin\java.exe - 49248 Bytes
C:\Program Files\Java\jre1.5.0_09\bin\javacpl.exe - 45171 Bytes
C:\Program Files\Java\jre1.5.0_09\bin\javaw.exe - 53346 Bytes
C:\Program Files\Java\jre1.5.0_09\bin\javaws.exe - 127078 Bytes
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe - 241775 Bytes
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe - 49263 Bytes
C:\Program Files\Java\jre1.5.0_09\bin\keytool.exe - 53368 Bytes
C:\Program Files\Java\jre1.5.0_09\bin\kinit.exe - 53364 Bytes
C:\Program Files\Java\jre1.5.0_09\bin\klist.exe - 53364 Bytes
C:\Program Files\Java\jre1.5.0_09\bin\ktab.exe - 53362 Bytes
C:\Program Files\Java\jre1.5.0_09\bin\orbd.exe - 53383 Bytes
C:\Program Files\Java\jre1.5.0_09\bin\pack200.exe - 53376 Bytes
C:\Program Files\Java\jre1.5.0_09\bin\policytool.exe - 53374 Bytes
C:\Program Files\Java\jre1.5.0_09\bin\rmid.exe - 53362 Bytes
C:\Program Files\Java\jre1.5.0_09\bin\rmiregistry.exe - 53374 Bytes
C:\Program Files\Java\jre1.5.0_09\bin\servertool.exe - 53395 Bytes
C:\Program Files\Java\jre1.5.0_09\bin\tnameserv.exe - 53392 Bytes
C:\Program Files\Java\jre1.5.0_09\bin\unpack200.exe - 127101 Bytes
C:\Program Files\Java\jre1.5.0_11\bin\java.exe - 49248 Bytes
C:\Program Files\Java\jre1.5.0_11\bin\javacpl.exe - 45171 Bytes
C:\Program Files\Java\jre1.5.0_11\bin\javaw.exe - 53346 Bytes
C:\Program Files\Java\jre1.5.0_11\bin\javaws.exe - 127078 Bytes
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe - 251648 Bytes
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe - 75520 Bytes
C:\Program Files\Java\jre1.5.0_11\bin\keytool.exe - 53368 Bytes
C:\Program Files\Java\jre1.5.0_11\bin\kinit.exe - 53364 Bytes
C:\Program Files\Java\jre1.5.0_11\bin\klist.exe - 53364 Bytes
C:\Program Files\Java\jre1.5.0_11\bin\ktab.exe - 53362 Bytes
C:\Program Files\Java\jre1.5.0_11\bin\orbd.exe - 53383 Bytes
C:\Program Files\Java\jre1.5.0_11\bin\pack200.exe - 53376 Bytes
C:\Program Files\Java\jre1.5.0_11\bin\policytool.exe - 53374 Bytes
C:\Program Files\Java\jre1.5.0_11\bin\rmid.exe - 53362 Bytes
C:\Program Files\Java\jre1.5.0_11\bin\rmiregistry.exe - 53374 Bytes
C:\Program Files\Java\jre1.5.0_11\bin\servertool.exe - 53395 Bytes
C:\Program Files\Java\jre1.5.0_11\bin\tnameserv.exe - 53392 Bytes
C:\Program Files\Java\jre1.5.0_11\bin\unpack200.exe - 127101 Bytes
C:\Program Files\Java\jre1.6.0_02\bin\java-rmi.exe - 25088 Bytes
C:\Program Files\Java\jre1.6.0_02\bin\java.exe - 135168 Bytes
C:\Program Files\Java\jre1.6.0_02\bin\javacpl.exe - 37376 Bytes
C:\Program Files\Java\jre1.6.0_02\bin\javaw.exe - 135168 Bytes
C:\Program Files\Java\jre1.6.0_02\bin\javaws.exe - 139264 Bytes
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe - 325008 Bytes
C:\Program Files\Java\jre1.6.0_02\bin\jureg.exe - 54672 Bytes
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe - 132496 Bytes
C:\Program Files\Java\jre1.6.0_02\bin\keytool.exe - 25600 Bytes
C:\Program Files\Java\jre1.6.0_02\bin\kinit.exe - 25600 Bytes
C:\Program Files\Java\jre1.6.0_02\bin\klist.exe - 25600 Bytes
C:\Program Files\Java\jre1.6.0_02\bin\ktab.exe - 25600 Bytes
C:\Program Files\Java\jre1.6.0_02\bin\orbd.exe - 25600 Bytes
C:\Program Files\Java\jre1.6.0_02\bin\pack200.exe - 25600 Bytes
C:\Program Files\Java\jre1.6.0_02\bin\policytool.exe - 25600 Bytes
C:\Program Files\Java\jre1.6.0_02\bin\rmid.exe - 25600 Bytes
C:\Program Files\Java\jre1.6.0_02\bin\rmiregistry.exe - 25600 Bytes
C:\Program Files\Java\jre1.6.0_02\bin\servertool.exe - 25600 Bytes
C:\Program Files\Java\jre1.6.0_02\bin\tnameserv.exe - 26112 Bytes
C:\Program Files\Java\jre1.6.0_02\bin\unpack200.exe - 122880 Bytes
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe - 824832 Bytes
C:\Program Files\Lavasoft\Ad-Aware SE Personal\unregaaw.exe - 162816 Bytes
C:\Program Files\Lavasoft\Ad-Aware SE Personal\UNWISE.EXE - 164864 Bytes
C:\Program Files\LimeWire\LimeWire.exe - 159744 Bytes
C:\Program Files\LimeWire\uninstall.exe - 186040 Bytes
C:\Program Files\LimeWire\.NetworkShare\LimeWireWin4.12.6.exe - 3064200 Bytes
C:\Program Files\Mattel Interactive\Barbie (R)\Barbie (R) as Princess Bride (TM)\Barbie.exe - 720896 Bytes
C:\Program Files\Mattel Interactive\Barbie (R)\Barbie (R) as Princess Bride (TM)\EReg\ereg32.exe - 208896 Bytes
C:\Program Files\Messenger\msmsgs.exe - 1694208 Bytes
C:\Program Files\Messenger\msmsgsin.exe - 69663 Bytes
C:\Program Files\Microsoft Encarta\Encarta World Atlas 2001 - WE\MSWORLD6.EXE - 790595 Bytes
C:\Program Files\Microsoft Encarta\Encarta World Atlas 2001 - WE\NHOME.EXE - 204870 Bytes
C:\Program Files\Microsoft Encarta\Encyclopedia Standard Edition 2003\DW.EXE - 152992 Bytes
C:\Program Files\Microsoft Encarta\Encyclopedia Standard Edition 2003\encarta.exe - 2379776 Bytes
C:\Program Files\Microsoft Encarta\Encyclopedia Standard Edition 2004\DW15.EXE - 186952 Bytes
C:\Program Files\Microsoft Encarta\Encyclopedia Standard Edition 2004\encarta.exe - 2957312 Bytes
C:\Program Files\Microsoft Money\System\Money Express.exe - 180279 Bytes
C:\Program Files\Microsoft Office\Office\GRAPH9.EXE - 1843246 Bytes
C:\Program Files\Microsoft Office\Office\MSO7FTP.EXE - 3072 Bytes
C:\Program Files\Microsoft Office\Office\MSO7FTPA.EXE - 3072 Bytes
C:\Program Files\Microsoft Office\Office\MSO7FTPS.EXE - 3072 Bytes
C:\Program Files\Microsoft Office\Office\MSOHTMED.EXE - 41011 Bytes
C:\Program Files\Microsoft Office\Office\OSA9.EXE - 65588 Bytes
C:\Program Files\Microsoft Office\Office\WINWORD.EXE - 8810548 Bytes
C:\Program Files\Microsoft Office\Office\1033\MSOHELP.EXE - 122939 Bytes
C:\Program Files\Microsoft Office\Office10\GRAPH.EXE - 2144824 Bytes
C:\Program Files\Microsoft Office\Office10\MCDLC.EXE - 36864 Bytes
C:\Program Files\Microsoft Office\Office10\MSOHTMED.EXE - 66976 Bytes
C:\Program Files\Microsoft Office\Office10\MSTORDB.EXE - 584264 Bytes
C:\Program Files\Microsoft Office\Office10\MSTORE.EXE - 105016 Bytes
C:\Program Files\Microsoft Office\Office10\OSA.EXE - 83360 Bytes
C:\Program Files\Microsoft Office\Office10\PROFLWIZ.EXE - 142024 Bytes
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE - 10745184 Bytes
C:\Program Files\Microsoft Office\Office10\1033\MSOHELP.EXE - 92872 Bytes
C:\Program Files\Microsoft Office\Office10\2057\MSOHELP.EXE - 91552 Bytes
C:\Program Files\Microsoft Picture It! 7\dw15.exe - 162120 Bytes
C:\Program Files\Microsoft Picture It! 7\GWIG.EXE - 17600 Bytes
C:\Program Files\Microsoft Picture It! 7\Pip.exe - 237568 Bytes
C:\Program Files\Microsoft Picture It! 7\2057\xtractor.exe - 65590 Bytes
C:\Program Files\Microsoft Picture It! 9\dw15.exe - 162120 Bytes
C:\Program Files\Microsoft Picture It! 9\pi.exe - 336384 Bytes
C:\Program Files\Microsoft Picture It! 9\pip.exe - 7680 Bytes
C:\Program Files\Microsoft Works\MsWorks.exe - 524288 Bytes
C:\Program Files\Microsoft Works\WkDetect.exe - 28739 Bytes
C:\Program Files\Microsoft Works\WkDStore.exe - 86016 Bytes
C:\Program Files\Microsoft Works\wkfud.exe - 24576 Bytes
C:\Program Files\Microsoft Works\wkgdcach.exe - 57407 Bytes
C:\Program Files\Microsoft Works\wklnckml.exe - 69704 Bytes
C:\Program Files\Microsoft Works\wkpdfsnf.exe - 24639 Bytes
C:\Program Files\Microsoft Works\wkplmstp.exe - 45056 Bytes
C:\Program Files\Microsoft Works\wksab.exe - 20555 Bytes
C:\Program Files\Microsoft Works\wksdb.exe - 2228282 Bytes
C:\Program Files\Microsoft Works\wkssb.exe - 725046 Bytes
C:\Program Files\Microsoft Works\wksss.exe - 1863740 Bytes
C:\Program Files\Microsoft Works\WksWP.exe - 106556 Bytes
C:\Program Files\Microsoft Works\WkUpdate.exe - 184387 Bytes
C:\Program Files\Microsoft Works\wkwcestp.exe - 32768 Bytes
C:\Program Files\Microsoft Works\WkWdStub.exe - 28743 Bytes
C:\Program Files\Microsoft Works Suite 2001\Setup\launcher.exe - 323584 Bytes
C:\Program Files\Microsoft Works Suite 2001\Setup\unregwtr.exe - 20480 Bytes
C:\Program Files\Microsoft Works Suite 2003\Setup\launcher.exe - 618496 Bytes
C:\Program Files\Microsoft Works Suite 2003\Setup\setups.exe - 36864 Bytes
C:\Program Files\Microsoft Works Suite 2003\Setup\unregwtr.exe - 20480 Bytes
C:\Program Files\Microsoft Works Suite 2004\Setup\launcher.exe - 1531904 Bytes
C:\Program Files\Microsoft Works Suite 2004\Setup\setups.exe - 36864 Bytes
C:\Program Files\Microsoft Works Suite 2004\Setup\unregwtr.exe - 20480 Bytes
C:\Program Files\Movie Maker\moviemk.exe - 3555328 Bytes
C:\Program Files\Mozilla Firefox\firefox.exe - 7644520 Bytes
C:\Program Files\Mozilla Firefox\updater.exe - 129920 Bytes
C:\Program Files\Mozilla Firefox\xpicleanup.exe - 73072 Bytes
C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\talkback.exe - 406776 Bytes
C:\Program Files\Mozilla Firefox\plugins\NPSWF32_FlashUtil.exe - 190072 Bytes
C:\Program Files\Mozilla Firefox\uninstall\helper.exe - 431144 Bytes
C:\Program Files\MP3 Player Utilities 4.13\AMVConverter\amvtransform.exe - 495616 Bytes
C:\Program Files\MP3 Player Utilities 4.13\AMVPlayer\amvplayer.exe - 385024 Bytes
C:\Program Files\MP3 Player Utilities 4.13\MediaManager\MediaManager.exe - 2093056 Bytes
C:\Program Files\MP3 Player Utilities 4.13\RDiskUpdate\RdiskUpdate.exe - 65536 Bytes
C:\Program Files\MP3 Player Utilities 4.13\RDiskUtility\RdiskUtility.exe - 49152 Bytes
C:\Program Files\MrMen\MissNaughty\intro.exe - 24576 Bytes
C:\Program Files\MrMen\MissNaughty\MrMen.exe - 561152 Bytes
C:\Program Files\MrMen\MissNaughty\UNWISE.EXE - 164864 Bytes
C:\Program Files\MrMen\MissSunshine\intro.exe - 24576 Bytes
C:\Program Files\MrMen\MissSunshine\MrMen.exe - 565248 Bytes
C:\Program Files\MrMen\MissSunshine\UNWISE.EXE - 164864 Bytes
C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe - 42577 Bytes
C:\Program Files\MSN Gaming Zone\Windows\chkrzm.exe - 42575 Bytes
C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe - 42573 Bytes
C:\Program Files\MSN Gaming Zone\Windows\Rvsezm.exe - 42574 Bytes
C:\Program Files\MSN Gaming Zone\Windows\shvlzm.exe - 42573 Bytes
C:\Program Files\MSN Gaming Zone\Windows\zClientm.exe - 36937 Bytes
C:\Program Files\NetMeeting\cb32.exe - 12288 Bytes
C:\Program Files\NetMeeting\conf.exe - 1032192 Bytes
C:\Program Files\NetMeeting\wb32.exe - 12288 Bytes
C:\Program Files\NetWaiting\netwaiting.exe - 20480 Bytes
C:\Program Files\OpenOffice.org 2.0\program\configimport.exe - 53248 Bytes
C:\Program Files\OpenOffice.org 2.0\program\crashrep.exe - 512000 Bytes
C:\Program Files\OpenOffice.org 2.0\program\gengal.exe - 29184 Bytes
C:\Program Files\OpenOffice.org 2.0\program\jre-1_5_0_06-windows-i586-p.exe - 16779392 Bytes
C:\Program Files\OpenOffice.org 2.0\program\msfontextract.exe - 17920 Bytes
C:\Program Files\OpenOffice.org 2.0\program\msi-pkgchk.exe - 69632 Bytes
C:\Program Files\OpenOffice.org 2.0\program\nsplugin.exe - 40960 Bytes
C:\Program Files\OpenOffice.org 2.0\program\pkgchk.exe - 69632 Bytes
C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe - 61440 Bytes
C:\Program Files\OpenOffice.org 2.0\program\sbase.exe - 110592 Bytes
C:\Program Files\OpenOffice.org 2.0\program\scalc.exe - 110592 Bytes
C:\Program Files\OpenOffice.org 2.0\program\sdraw.exe - 110592 Bytes
C:\Program Files\OpenOffice.org 2.0\program\senddoc.exe - 12800 Bytes
C:\Program Files\OpenOffice.org 2.0\program\setofficelang.exe - 18432 Bytes
C:\Program Files\OpenOffice.org 2.0\program\simpress.exe - 110592 Bytes
C:\Program Files\OpenOffice.org 2.0\program\smath.exe - 110592 Bytes
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe - 2334720 Bytes
C:\Program Files\OpenOffice.org 2.0\program\swriter.exe - 110592 Bytes
C:\Program Files\OpenOffice.org 2.0\program\testtool.exe - 299008 Bytes
C:\Program Files\OpenOffice.org 2.0\program\uno.exe - 94208 Bytes
C:\Program Files\OpenOffice.org 2.0\program\unopkg.exe - 61440 Bytes
C:\Program Files\OpenOffice.org 2.0\program\python-core-2.3.4\bin\python.exe - 4608 Bytes
C:\Program Files\OpenOffice.org 2.0\program\python-core-2.3.4\lib\distutils\command\wininst.exe - 57344 Bytes
C:\Program Files\Outlook Express\msimn.exe - 60416 Bytes
C:\Program Files\Outlook Express\oemig50.exe - 60416 Bytes
C:\Program Files\Outlook Express\setup50.exe - 73216 Bytes
C:\Program Files\Outlook Express\wab.exe - 46080 Bytes
C:\Program Files\Outlook Express\wabmig.exe - 30208 Bytes
C:\Program Files\QuickTime\PictureViewer.exe - 430080 Bytes
C:\Program Files\QuickTime\QTInfo.exe - 585728 Bytes
C:\Program Files\QuickTime\qttask.exe - 155648 Bytes
C:\Program Files\QuickTime\QuickTimePlayer.exe - 4726784 Bytes
C:\Program Files\QuickTime\QTSystem\QTPluginInstaller.exe - 471040 Bytes
C:\Program Files\QuickTime\QTSystem\QuickTimeUpdateHelper.exe - 69632 Bytes
C:\Program Files\RegScrubXP\RegScrubXP.exe - 180224 Bytes
C:\Program Files\RegScrubXP\RegScrubXP120.exe - 180224 Bytes
C:\Program Files\RegScrubXP\unins000.exe - 72748 Bytes
C:\Program Files\Roxio\PhotoSuite 4\PhotoSuite.exe - 212992 Bytes
C:\Program Files\Roxio\PhotoSuite 4\PSViewer.exe - 528384 Bytes
C:\Program Files\Roxio\PhotoSuite 4\PS_Clean.exe - 32768 Bytes
C:\Program Files\Roxio\PhotoSuite 4\System\MGIUninstall.exe - 98304 Bytes
C:\Program Files\Roxio\PhotoSuite 4\System\SSPlayer.exe - 112523 Bytes
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe - 118784 Bytes
C:\Program Files\SpeedTouch\Dr SpeedTouch\php.exe - 45056 Bytes
C:\Program Files\Spybot - Search & Destroy\blindman.exe - 428880 Bytes
C:\Program Files\Spybot - Search & Destroy\SDMain.exe - 414544 Bytes
C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe - 1203024 Bytes
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe - 600912 Bytes
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe - 4943184 Bytes
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe - 1460560 Bytes
C:\Program Files\Spybot - Search & Destroy\unins000.exe - 649378 Bytes
C:\Program Files\Spybot - Search & Destroy\unins001.exe - 690353 Bytes
C:\Program Files\Spybot - Search & Destroy\Update.exe - 464720 Bytes
C:\Program Files\SpywareBlaster\sbautoupdate.exe - 1015808 Bytes
C:\Program Files\SpywareBlaster\spywareblaster.exe - 995328 Bytes
C:\Program Files\SpywareBlaster\unins000.exe - 668938 Bytes
C:\Program Files\Startup Inspector for Windows\unins000.exe - 75922 Bytes
C:\Program Files\Startup Inspector for Windows\wsInspector.exe - 999936 Bytes
C:\Program Files\System Security Suite 1.04\sss.exe - 228864 Bytes
C:\Program Files\System Security Suite 1.04\uninstal.exe - 17946 Bytes
C:\Program Files\The Learning Company\Arthur's Thinking Games\PARK.EXE - 1097728 Bytes
C:\Program Files\The Learning Company\Arthur's Thinking Games\TLCRUN.EXE - 21504 Bytes
C:\Program Files\Thomson\SpeedTouch USB\DRAGDIAG.EXE - 901120 Bytes
C:\Program Files\Thomson\SpeedTouch USB\STDIALUP.EXE - 1659904 Bytes
C:\Program Files\Thomson\SpeedTouch USB\tools\DM.EXE - 38483 Bytes
C:\Program Files\Thomson\SpeedTouch USB\tools\REGUTIL.EXE - 29696 Bytes
C:\Program Files\Thomson\SpeedTouch USB\tools\SCAN.EXE - 33287 Bytes
C:\Program Files\Ubi Soft\Register\register.exe - 897024 Bytes
C:\Program Files\Ubi Soft\Register\schedule.exe - 28672 Bytes
C:\Program Files\Ubi Soft\Studio Mythos\Petz 5\cjpeg.exe - 104960 Bytes
C:\Program Files\Ubi Soft\Studio Mythos\Petz 5\dxsetup.exe - 140288 Bytes
C:\Program Files\Ubi Soft\Studio Mythos\Petz 5\Petz 5.exe - 8679424 Bytes
C:\Program Files\Ubi Soft\Studio Mythos\Petz 5\Publisher.exe - 4479825 Bytes
C:\Program Files\Ubi Soft\Studio Mythos\Petz 5\regsetup.exe - 387584 Bytes
C:\Program Files\Ubi Soft\Studio Mythos\Petz 5\Manuals\Acrobat Reader.exe - 8981440 Bytes
C:\Program Files\Ubi Soft\Studio Mythos\Petz 5\register\register.exe - 897024 Bytes
C:\Program Files\Ubi Soft\Studio Mythos\Petz 5\register\schedule.exe - 28672 Bytes
C:\Program Files\Ubi Soft\Studio Mythos\Petz 5\register\dll\xmlinst.exe - 26088 Bytes
C:\Program Files\Ubi Soft\Studio Mythos\Petz 5\Uninst\Setup.exe - 54784 Bytes
C:\Program Files\Ubi Soft\Studio Mythos\Petz 5\Uninst\Setup1.exe - 54784 Bytes
C:\Program Files\Ubisoft\Peter Jackson's King Kong - The Official Game of the Movie\CheckApplication.exe - 331776 Bytes
C:\Program Files\Ubisoft\Peter Jackson's King Kong - The Official Game of the Movie\Installer.exe - 262144 Bytes
C:\Program Files\Ubisoft\Peter Jackson's King Kong - The Official Game of the Movie\KingKong8.exe - 7450624 Bytes
C:\Program Files\Ubisoft\Peter Jackson's King Kong - The Official Game of the Movie\KingKong9.exe - 4902400 Bytes
C:\Program Files\Ubisoft\Peter Jackson's King Kong - The Official Game of the Movie\KingKong9D.exe - 7720448 Bytes
C:\Program Files\Ubisoft\Peter Jackson's King Kong - The Official Game of the Movie\KingKongP.exe - 30456920 Bytes
C:\Program Files\Ubisoft\Peter Jackson's King Kong - The Official Game of the Movie\RegistrationReminder.exe - 868352 Bytes
C:\Program Files\Ubisoft\Peter Jackson's King Kong - The Official Game of the Movie\SettingsApplication.exe - 344064 Bytes
C:\Program Files\VDMSound\DOSDRV.EXE - 30612 Bytes
C:\Program Files\VDMSound\uninst.exe - 72022 Bytes
C:\Program Files\Windows Media Connect 2\wmccds.exe - 8704 Bytes
C:\Program Files\Windows Media Connect 2\WMCCFG.exe - 8704 Bytes
C:\Program Files\Windows Media Player\dlimport.exe - 294912 Bytes
C:\Program Files\Windows Media Player\migrate.exe - 786432 Bytes
C:\Program Files\Windows Media Player\mplayer2.exe - 4639 Bytes
C:\Program Files\Windows Media Player\setup_wm.exe - 1669120 Bytes
C:\Program Files\Windows Media Player\wmdbexport.exe - 493568 Bytes
C:\Program Files\Windows Media Player\wmlaunch.exe - 241664 Bytes
C:\Program Files\Windows Media Player\wmpenc.exe - 25600 Bytes
C:\Program Files\Windows Media Player\wmplayer.exe - 64000 Bytes
C:\Program Files\Windows Media Player\wmpnetwk.exe - 913408 Bytes
C:\Program Files\Windows Media Player\wmpnscfg.exe - 204288 Bytes
C:\Program Files\Windows Media Player\wmpshare.exe - 36864 Bytes
C:\Program Files\Windows Media Player\wmsetsdk.exe - 1669120 Bytes
C:\Program Files\Windows NT\dialer.exe - 539136 Bytes
C:\Program Files\Windows NT\hypertrm.exe - 28160 Bytes
C:\Program Files\Windows NT\Accessories\wordpad.exe - 214528 Bytes
C:\Program Files\Windows NT\Pinball\pinball.exe - 281088 Bytes
C:\Program Files\XP TCPIP Repair\netrepair.exe - 45056 Bytes
C:\Program Files\XP TCPIP Repair\unins000.exe - 669002 Bytes
C:\Program Files\Yahoo!\Common\unyt.exe - 194680 Bytes
C:\Program Files\Zone Labs\ZoneAlarm\instmtdr.exe - 8103008 Bytes
C:\Program Files\Zone Labs\ZoneAlarm\multiscan.exe - 26352 Bytes
C:\Program Files\Zone Labs\ZoneAlarm\zatutor.exe - 71408 Bytes
C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe - 556696 Bytes
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe - 919280 Bytes
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe - 50928 Bytes
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\AddinMon.exe - 74112 Bytes
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe - 869984 Bytes
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\regsvr32.exe - 11776 Bytes
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\UNWISE.EXE - 153088 Bytes
C:\Program Files\Zone Labs\ZoneAlarm\repair\vsmon.exe - 75568 Bytes
C:\Program Files\Zoom\Reg32.exe - 36864 Bytes
C:\Program Files\Zoom\MOHAPP\setup.exe - 168448 Bytes
C:\RECYCLER\S-1-5-21-3933941919-1915199407-1856476967-1005\Dc1.exe - 32768 Bytes
C:\RECYCLER\S-1-5-21-3933941919-1915199407-1856476967-1006\Dc108.exe - 4878136 Bytes
C:\RECYCLER\S-1-5-21-3933941919-1915199407-1856476967-1006\Dc110.exe - 0 Bytes
C:\RECYCLER\S-1-5-21-3933941919-1915199407-1856476967-1006\Dc112.exe - 0 Bytes
C:\RECYCLER\S-1-5-21-3933941919-1915199407-1856476967-1006\Dc87.exe - 863744 Bytes
C:\RECYCLER\S-1-5-21-3933941919-1915199407-1856476967-1006\Dc100\stng260-1.exe - 1144839 Bytes
C:\RECYCLER\S-1-5-21-3933941919-1915199407-1856476967-1006\Dc101\UnknownDeviceIdentifier.exe - 863744 Bytes
C:\RECYCLER\S-1-5-21-3933941919-1915199407-1856476967-1006\Dc103\BELARC\advisor.exe - 850416 Bytes
C:\RECYCLER\S-1-5-21-3933941919-1915199407-1856476967-1006\Dc103\CPU-Z WHATS IN MY PC\cpuz.exe - 976857 Bytes
C:\RECYCLER\S-1-5-21-3933941919-1915199407-1856476967-1006\Dc103\CPU-Z WHATS IN MY PC\latency.exe - 49152 Bytes
C:\RECYCLER\S-1-5-21-3933941919-1915199407-1856476967-1006\Dc103\SIW WHATS IN MY PC\siw.exe - 1351680 Bytes
C:\RECYCLER\S-1-5-21-3933941919-1915199407-1856476967-1006\Dc104\whoizsetup.exe - 495660 Bytes
C:\RECYCLER\S-1-5-21-3933941919-1915199407-1856476967-1006\Dc105\regscrubxpsetup_3.2.exe - 593556 Bytes
C:\RECYCLER\S-1-5-21-3933941919-1915199407-1856476967-1006\Dc88\aswclnr.exe - 393392 Bytes
C:\RECYCLER\S-1-5-21-3933941919-1915199407-1856476967-1006\Dc89\CleanUp40.exe - 318775 Bytes
C:\RECYCLER\S-1-5-21-3933941919-1915199407-1856476967-1006\Dc90\cpuz.exe - 976857 Bytes
C:\RECYCLER\S-1-5-21-3933941919-1915199407-1856476967-1006\Dc90\latency.exe - 49152 Bytes
C:\RECYCLER\S-1-5-21-3933941919-1915199407-1856476967-1006\Dc91\ccsetup117.exe - 412585 Bytes
C:\RECYCLER\S-1-5-21-3933941919-1915199407-1856476967-1006\Dc91\ccsetup118.exe - 418168 Bytes
C:\RECYCLER\S-1-5-21-3933941919-1915199407-1856476967-1006\Dc91\ccsetup119.exe - 446398 Bytes
C:\RECYCLER\S-1-5-21-3933941919-1915199407-1856476967-1006\Dc91\ccsetup120.exe - 482342 Bytes
C:\RECYCLER\S-1-5-21-3933941919-1915199407-1856476967-1006\Dc91\ccsetup121.exe - 484089 Bytes
C:\RECYCLER\S-1-5-21-3933941919-1915199407-1856476967-1006\Dc91\ccsetup127.exe - 1308503 Bytes
C:\RECYCLER\S-1-5-21-3933941919-1915199407-1856476967-1006\Dc91\ccsetup131.exe - 1458008 Bytes
C:\RECYCLER\S-1-5-21-3933941919-1915199407-1856476967-1006\Dc91\ccsetup132.exe - 1468464 Bytes
C:\RECYCLER\S-1-5-21-3933941919-1915199407-1856476967-1006\Dc91\ccsetup133_slim.exe - 450152 Bytes
C:\RECYCLER\S-1-5-21-3933941919-1915199407-1856476967-1006\Dc91\ccsetup134.exe - 1496208 Bytes
C:\RECYCLER\S-1-5-21-3933941919-1915199407-1856476967-1006\Dc91\CCleaner\ccleaner.exe - 585728 Bytes
C:\RECYCLER\S-1-5-21-3933941919-1915199407-1856476967-1006\Dc91\CCleaner\uninst.exe - 102307 Bytes
C:\RECYCLER\S-1-5-21-3933941919-1915199407-1856476967-1006\Dc92\jv16 PowerTools.exe - 989696 Bytes
C:\RECYCLER\S-1-5-21-3933941919-1915199407-1856476967-1006\Dc92\unins000.exe - 72748 Bytes
C:\RECYCLER\S-1-5-21-3933941919-1915199407-1856476967-1006\Dc92\Backups\RegEdit.exe - 134144 Bytes
C:\RECYCLER\S-1-5-21-3933941919-1915199407-1856476967-1006\Dc92\Plug-ins\TempTool.exe - 679936 Bytes
C:\RECYCLER\S-1-5-21-3933941919-1915199407-1856476967-1006\Dc93\kazaabegone\KazaaBegone.exe - 37888 Bytes
C:\RECYCLER\S-1-5-21-3933941919-1915199407-1856476967-1006\Dc94\memtest\memtest.exe - 24576 Bytes
C:\RECYCLER\S-1-5-21-3933941919-1915199407-1856476967-1006\Dc96\nsb-install-8-1-2.exe - 19203280 Bytes
C:\RECYCLER\S-1-5-21-3933941919-1915199407-1856476967-1006\Dc98\sitehound_141.exe - 1438895 Bytes
C:\RECYCLER\S-1-5-21-3933941919-1915199407-1856476967-1006\Dc99\siw.exe - 1351680 Bytes
C:\temp\Spliter.exe - 45056 Bytes
C:\temp\photosmart\hphipm09.exe - 77824 Bytes
C:\temp\photosmart\hpzglu04.exe - 262144 Bytes
C:\temp\photosmart\setup.exe - 40960 Bytes
C:\temp\photosmart\ccc\270615USAM.EXE - 149656 Bytes
C:\temp\photosmart\ccc\Get Device ID.exe - 27648 Bytes
C:\temp\photosmart\ccc\Q283787_W2K_SP3_x86_en.EXE - 103664 Bytes
C:\temp\photosmart\ccc\Q299956_W2k_SP3_x86_en.exe - 233144 Bytes
C:\temp\photosmart\ccc\SysReq.exe - 36864 Bytes
C:\temp\photosmart\ccc\usbready.exe - 545280 Bytes
C:\temp\photosmart\ccc\usbview.exe - 263688 Bytes
C:\temp\photosmart\ccc\WhiteLine_patch.exe - 212992 Bytes
C:\temp\photosmart\ccc\1200\IoInst.exe - 256012 Bytes
C:\temp\photosmart\ccc\enu\240075.exe - 162304 Bytes
C:\temp\photosmart\ccc\enu\Q256858_W2K_SP1_x86.EXE - 164432 Bytes
C:\temp\photosmart\ccc\enu\Q283787_W2K_SP3_x86.EXE - 97630 Bytes
C:\temp\photosmart\ccc\enu\Q299956_W2k_SP3_x86.exe - 233144 Bytes
C:\temp\photosmart\ccc\P1000\IoInst.exe - 256488 Bytes
C:\temp\photosmart\enu\drivers\win2k_xp\HPHmon03.exe - 311296 Bytes
C:\temp\photosmart\enu\drivers\win2k_xp\hph_asui.exe - 249856 Bytes
C:\temp\photosmart\enu\nt4\Disk1\setup.exe - 40960 Bytes
C:\temp\photosmart\enu\nt4\Disk1\nt4\hpfldr.exe - 143872 Bytes
C:\temp\photosmart\enu\nt4\Disk1\nt4\hpfsplsh.exe - 120832 Bytes
C:\temp\photosmart\enu\nt4\Disk1\nt4\Hphuni03.exe - 344064 Bytes
C:\temp\photosmart\util\Hid\hphghl03.exe - 188416 Bytes
C:\temp\photosmart\util\Hid\hphpdi03.exe - 225280 Bytes
C:\temp\photosmart\w2kio\HPHipm09.exe - 77824 Bytes
C:\TOMBRAID\dgvoodoo.exe - 45056 Bytes
C:\TOMBRAID\dgvoodoosetup.exe - 139264 Bytes
C:\TOMBRAID\DOS4GW.EXE - 265396 Bytes
C:\TOMBRAID\dosdrv.exe - 30612 Bytes
C:\TOMBRAID\INSTALL.EXE - 214281 Bytes
C:\TOMBRAID\sapucdex.exe - 923 Bytes
C:\TOMBRAID\SETUP.EXE - 214281 Bytes
C:\TOMBRAID\TOMB.EXE - 873739 Bytes
C:\TOMBRAID\vdmsound.2.1.0.exe - 1839040 Bytes
C:\TOMBRAID\VDMSound\DOSDRV.EXE - 30612 Bytes
C:\TOMBRAID\VDMSound\MOUSE2KV.EXE - 15759 Bytes
C:\TOMBRAID\VDMSound\SAPUCDEX.EXE - 923 Bytes
C:\TOMBRAID\VDMSound\SPEEDSET.EXE - 1523 Bytes
C:\TOMBRAID\VDMSound\uninst.exe - 72022 Bytes
C:\WINDOWS\ajyxmn.exe - 0 Bytes
C:\WINDOWS\alcrmv.exe - 135168 Bytes
C:\WINDOWS\alcupd.exe - 208896 Bytes
C:\WINDOWS\explorer.exe - 1033216 Bytes
C:\WINDOWS\hh.exe - 10752 Bytes
C:\WINDOWS\hpfsched.exe - 36864 Bytes
C:\WINDOWS\ieuninst.exe - 33792 Bytes
C:\WINDOWS\imgurla.exe - 102340 Bytes
C:\WINDOWS\IsUninst.exe - 306688 Bytes
C:\WINDOWS\mynewimurl.exe - 102304 Bytes
C:\WINDOWS\notepad.exe - 69120 Bytes
C:\WINDOWS\Pingu.exe - 2441030 Bytes
C:\WINDOWS\PLAY32.EXE - 107008 Bytes
C:\WINDOWS\Q330994.exe - 33792 Bytes
C:\WINDOWS\QT32INST.EXE - 2058752 Bytes
C:\WINDOWS\QTW32DEL.EXE - 169472 Bytes
C:\WINDOWS\regedit.exe - 146432 Bytes
C:\WINDOWS\setdebug.exe - 46352 Bytes
C:\WINDOWS\slrundll.exe - 32866 Bytes
C:\WINDOWS\SOUNDMAN.EXE - 46592 Bytes
C:\WINDOWS\TASKMAN.EXE - 15360 Bytes
C:\WINDOWS\twunk_16.exe - 49680 Bytes
C:\WINDOWS\twunk_32.exe - 25600 Bytes
C:\WINDOWS\UninstallFirefox.exe - 99965 Bytes
C:\WINDOWS\unstall.exe - 45056 Bytes
C:\WINDOWS\VIEW32.EXE - 93184 Bytes
C:\WINDOWS\winhelp.exe - 256192 Bytes
C:\WINDOWS\winhlp32.exe - 283648 Bytes
C:\WINDOWS\wins.exe - 10240 Bytes
C:\WINDOWS\zllsputility.exe - 75512 Bytes
C:\WINDOWS\$hf_mig$\KB873333\spuninst.exe - 169984 Bytes
C:\WINDOWS\$hf_mig$\KB873333\update\update.exe - 654848 Bytes
C:\WINDOWS\$hf_mig$\KB873339\spuninst.exe - 169984 Bytes
C:\WINDOWS\$hf_mig$\KB873339\update\update.exe - 654848 Bytes
C:\WINDOWS\$hf_mig$\KB885250\spuninst.exe - 169984 Bytes
C:\WINDOWS\$hf_mig$\KB885250\update\update.exe - 654848 Bytes
C:\WINDOWS\$hf_mig$\KB885835\spuninst.exe - 169984 Bytes
C:\WINDOWS\$hf_mig$\KB885835\update\update.exe - 654848 Bytes
C:\WINDOWS\$hf_mig$\KB885836\spuninst.exe - 169984 Bytes
C:\WINDOWS\$hf_mig$\KB885836\update\update.exe - 654848 Bytes
C:\WINDOWS\$hf_mig$\KB886185\spuninst.exe - 169984 Bytes
C:\WINDOWS\$hf_mig$\KB886185\update\update.exe - 654848 Bytes
C:\WINDOWS\$hf_mig$\KB887472\spuninst.exe - 169984 Bytes
C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe - 1694208 Bytes
C:\WINDOWS\$hf_mig$\KB887472\update\update.exe - 654848 Bytes
C:\WINDOWS\$hf_mig$\KB887742\spuninst.exe - 169984 Bytes
C:\WINDOWS\$hf_mig$\KB887742\update\update.exe - 654848 Bytes
C:\WINDOWS\$hf_mig$\KB888113\spuninst.exe - 169984 Bytes
C:\WINDOWS\$hf_mig$\KB888113\update\update.exe - 654848 Bytes
C:\WINDOWS\$hf_mig$\KB888302\spuninst.exe - 169984 Bytes
C:\WINDOWS\$hf_mig$\KB888302\update\update.exe - 654848 Bytes
C:\WINDOWS\$hf_mig$\KB890046\spuninst.exe - 209632 Bytes
C:\WINDOWS\$hf_mig$\KB890046\update\update.exe - 718048 Bytes
C:\WINDOWS\$hf_mig$\KB890859\spuninst.exe - 209632 Bytes
C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\ntkrnlmp.exe - 2135552 Bytes
C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\ntkrnlpa.exe - 2056832 Bytes
C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\ntkrpamp.exe - 2015232 Bytes
C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\ntoskrnl.exe - 2179328 Bytes
C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlmp.exe - 2135552 Bytes
C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe - 2056832 Bytes
C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrpamp.exe - 2015232 Bytes
C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe - 2179456 Bytes
C:\WINDOWS\$hf_mig$\KB890859\update\update.exe - 718048 Bytes
C:\WINDOWS\$hf_mig$\KB891781\spuninst.exe - 169984 Bytes
C:\WINDOWS\$hf_mig$\KB891781\update\update.exe - 654848 Bytes
C:\WINDOWS\$hf_mig$\KB893066\spuninst.exe - 209632 Bytes
C:\WINDOWS\$hf_mig$\KB893066\update\update.exe - 718048 Bytes
C:\WINDOWS\$hf_mig$\KB893086\spuninst.exe - 209632 Bytes
C:\WINDOWS\$hf_mig$\KB893086\update\update.exe - 718048 Bytes
C:\WINDOWS\$hf_mig$\KB893756\spuninst.exe - 209632 Bytes
C:\WINDOWS\$hf_mig$\KB893756\update\arpidfix.exe - 30720 Bytes
C:\WINDOWS\$hf_mig$\KB893756\update\update.exe - 718048 Bytes
C:\WINDOWS\$hf_mig$\KB894391\spuninst.exe - 209632 Bytes
C:\WINDOWS\$hf_mig$\KB894391\update\update.exe - 718048 Bytes
C:\WINDOWS\$hf_mig$\KB896358\spuninst.exe - 209632 Bytes
C:\WINDOWS\$hf_mig$\KB896358\SP2GDR\hh.exe - 10752 Bytes
C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\hh.exe - 10752 Bytes
C:\WINDOWS\$hf_mig$\KB896358\update\update.exe - 718048 Bytes
C:\WINDOWS\$hf_mig$\KB896422\spuninst.exe - 209632 Bytes
C:\WINDOWS\$hf_mig$\KB896422\update\update.exe - 718048 Bytes
C:\WINDOWS\$hf_mig$\KB896423\spuninst.exe - 209632 Bytes
C:\WINDOWS\$hf_mig$\KB896423\SP2GDR\spoolsv.exe - 57856 Bytes
C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe - 57856 Bytes
C:\WINDOWS\$hf_mig$\KB896423\update\arpidfix.exe - 30720 Bytes
C:\WINDOWS\$hf_mig$\KB896423\update\update.exe - 718048 Bytes
C:\WINDOWS\$hf_mig$\KB896424\spuninst.exe - 209632 Bytes
C:\WINDOWS\$hf_mig$\KB896424\update\arpidfix.exe - 30720 Bytes
C:\WINDOWS\$hf_mig$\KB896424\update\update.exe - 718048 Bytes
C:\WINDOWS\$hf_mig$\KB896428\spuninst.exe - 209632 Bytes
C:\WINDOWS\$hf_mig$\KB896428\SP2GDR\telnet.exe - 75776 Bytes
C:\WINDOWS\$hf_mig$\KB896428\SP2QFE\telnet.exe - 75776 Bytes
C:\WINDOWS\$hf_mig$\KB896428\update\update.exe - 718048 Bytes
C:\WINDOWS\$hf_mig$\KB896688\spuninst.exe - 209632 Bytes
C:\WINDOWS\$hf_mig$\KB896688\SP2QFE\iedw.exe - 18432 Bytes
C:\WINDOWS\$hf_mig$\KB896688\update\arpidfix.exe - 30720 Bytes
C:\WINDOWS\$hf_mig$\KB896688\update\update.exe - 718048 Bytes
C:\WINDOWS\$hf_mig$\KB896727\spuninst.exe - 209632 Bytes
C:\WINDOWS\$hf_mig$\KB896727\SP2QFE\iedw.exe - 18432 Bytes
C:\WINDOWS\$hf_mig$\KB896727\update\arpidfix.exe - 30720 Bytes
C:\WINDOWS\$hf_mig$\KB896727\update\update.exe - 718048 Bytes
C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe - 209632 Bytes
C:\WINDOWS\$hf_mig$\KB898461\spupdsvc.exe - 22752 Bytes
C:\WINDOWS\$hf_mig$\KB898461\update\update.exe - 718048 Bytes
C:\WINDOWS\$hf_mig$\KB899587\spuninst.exe - 209632 Bytes
C:\WINDOWS\$hf_mig$\KB899587\update\arpidfix.exe - 30720 Bytes
C:\WINDOWS\$hf_mig$\KB899587\update\update.exe - 718048 Bytes
C:\WINDOWS\$hf_mig$\KB899588\spuninst.exe - 209632 Bytes
C:\WINDOWS\$hf_mig$\KB899588\update\arpidfix.exe - 30720 Bytes
C:\WINDOWS\$hf_mig$\KB899588\update\update.exe - 718048 Bytes
C:\WINDOWS\$hf_mig$\KB899591\spuninst.exe - 209632 Bytes
C:\WINDOWS\$hf_mig$\KB899591\update\arpidfix.exe - 30720 Bytes
C:\WINDOWS\$hf_mig$\KB899591\update\update.exe - 718048 Bytes
C:\WINDOWS\$hf_mig$\KB900485\spuninst.exe - 213216 Bytes
C:\WINDOWS\$hf_mig$\KB900485\update\update.exe - 716000 Bytes
C:\WINDOWS\$hf_mig$\KB900725\spuninst.exe - 209632 Bytes
C:\WINDOWS\$hf_mig$\KB900725\update\arpidfix.exe - 30720 Bytes
C:\WINDOWS\$hf_mig$\KB900725\update\update.exe - 718048 Bytes
C:\WINDOWS\$hf_mig$\KB901017\spuninst.exe - 209632 Bytes
C:\WINDOWS\$hf_mig$\KB901017\update\arpidfix.exe - 30720 Bytes
C:\WINDOWS\$hf_mig$\KB901017\update\update.exe - 718048 Bytes
C:\WINDOWS\$hf_mig$\KB901214\spuninst.exe - 209632 Bytes
C:\WINDOWS\$hf_mig$\KB901214\update\update.exe - 718048 Bytes
C:\WINDOWS\$hf_mig$\KB902400\spuninst.exe - 209632 Bytes
C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\migregdb.exe - 8704 Bytes
C:\WINDOWS\$hf_mig$\KB902400\update\arpidfix.exe - 30720 Bytes
C:\WINDOWS\$hf_mig$\KB902400\update\update.exe - 718048 Bytes
C:\WINDOWS\$hf_mig$\KB904706\spuninst.exe - 209632 Bytes
C:\WINDOWS\$hf_mig$\KB904706\update\arpidfix.exe - 30720 Bytes
C:\WINDOWS\$hf_mig$\KB904706\update\update.exe - 718048 Bytes
C:\WINDOWS\$hf_mig$\KB905414\spuninst.exe - 209632 Bytes
C:\WINDOWS\$hf_mig$\KB905414\update\arpidfix.exe - 30720 Bytes
C:\WINDOWS\$hf_mig$\KB905414\update\update.exe - 718048 Bytes
C:\WINDOWS\$hf_mig$\KB905749\spuninst.exe - 209632 Bytes
C:\WINDOWS\$hf_mig$\KB905749\update\arpidfix.exe - 30720 Bytes
C:\WINDOWS\$hf_mig$\KB905749\update\update.exe - 718048 Bytes
C:\WINDOWS\$hf_mig$\KB905915\spuninst.exe - 213216 Bytes
C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\iedw.exe - 18432 Bytes
C:\WINDOWS\$hf_mig$\KB905915\update\update.exe - 716000 Bytes
C:\WINDOWS\$hf_mig$\KB908519\spuninst.exe - 213216 Bytes
C:\WINDOWS\$hf_mig$\KB908519\update\update.exe - 716000 Bytes
C:\WINDOWS\$hf_mig$\KB908531\spuninst.exe - 213216 Bytes
C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\verclsid.exe - 28672 Bytes
C:\WINDOWS\$hf_mig$\KB908531\update\update.exe - 716000 Bytes
C:\WINDOWS\$hf_mig$\KB910437\spuninst.exe - 213216 Bytes
C:\WINDOWS\$hf_mig$\KB910437\update\update.exe - 716000 Bytes
C:\WINDOWS\$hf_mig$\KB911280\spuninst.exe - 213216 Bytes
C:\WINDOWS\$hf_mig$\KB911280\update\update.exe - 716000 Bytes
C:\WINDOWS\$hf_mig$\KB911562\spuninst.exe - 213216 Bytes
C:\WINDOWS\$hf_mig$\KB911562\update\update.exe - 716000 Bytes
C:\WINDOWS\$hf_mig$\KB911567\spuninst.exe - 213216 Bytes
C:\WINDOWS\$hf_mig$\KB911567\update\update.exe - 716000 Bytes
C:\WINDOWS\$hf_mig$\KB911927\spuninst.exe - 213216 Bytes
C:\WINDOWS\$hf_mig$\KB911927\update\update.exe - 716000 Bytes
C:\WINDOWS\$hf_mig$\KB912812\spuninst.exe - 213216 Bytes
C:\WINDOWS\$hf_mig$\KB912812\SP2QFE\iedw.exe - 18432 Bytes
C:\WINDOWS\$hf_mig$\KB912812\update\update.exe - 716000 Bytes
C:\WINDOWS\$hf_mig$\KB912919\spuninst.exe - 213216 Bytes
C:\WINDOWS\$hf_mig$\KB912919\update\update.exe - 716000 Bytes
C:\WINDOWS\$hf_mig$\KB913446\spuninst.exe - 213216 Bytes
C:\WINDOWS\$hf_mig$\KB913446\update\update.exe - 716000 Bytes
C:\WINDOWS\$hf_mig$\KB913580\spuninst.exe - 213216 Bytes
C:\WINDOWS\$hf_mig$\KB913580\update\update.exe - 716000 Bytes
C:\WINDOWS\$hf_mig$\KB914388\spuninst.exe - 213216 Bytes
C:\WINDOWS\$hf_mig$\KB914388\update\update.exe - 716000 Bytes
C:\WINDOWS\$hf_mig$\KB914389\spuninst.exe - 213216 Bytes
C:\WINDOWS\$hf_mig$\KB914389\update\update.exe - 716000 Bytes
C:\WINDOWS\$hf_mig$\KB915865\spuninst.exe - 213216 Bytes
C:\WINDOWS\$hf_mig$\KB915865\update\update.exe - 716000 Bytes
C:\WINDOWS\$hf_mig$\KB916281\spuninst.exe - 213216 Bytes
C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\iedw.exe - 18432 Bytes
C:\WINDOWS\$hf_mig$\KB916281\update\update.exe - 716000 Bytes
C:\WINDOWS\$hf_mig$\KB916595\spuninst.exe - 213216 Bytes
C:\WINDOWS\$hf_mig$\KB916595\update\update.exe - 716000 Bytes
C:\WINDOWS\$hf_mig$\KB917159\spuninst.exe - 213216 Bytes
C:\WINDOWS\$hf_mig$\KB917159\update\update.exe - 716000 Bytes
C:\WINDOWS\$hf_mig$\KB917344\spuninst.exe - 213216 Bytes
C:\WINDOWS\$hf_mig$\KB917344\update\update.exe - 716000 Bytes
C:\WINDOWS\$hf_mig$\KB917422\spuninst.exe - 213216 Bytes
C:\WINDOWS\$hf_mig$\KB917422\update\update.exe - 716000 Bytes
C:\WINDOWS\$hf_mig$\KB917953\spuninst.exe - 213216 Bytes
C:\WINDOWS\$hf_mig$\KB917953\update\update.exe - 716000 Bytes
C:\WINDOWS\$hf_mig$\KB918118\spuninst.exe - 213216 Bytes
C:\WINDOWS\$hf_mig$\KB918118\update\update.exe - 716000 Bytes
C:\WINDOWS\$hf_mig$\KB918439\spuninst.exe - 213216 Bytes
C:\WINDOWS\$hf_mig$\KB918439\update\update.exe - 716000 Bytes
C:\WINDOWS\$hf_mig$\KB918899\spuninst.exe - 213216 Bytes
C:\WINDOWS\$hf_mig$\KB918899\SP2QFE\iedw.exe - 18432 Bytes
C:\WINDOWS\$hf_mig$\KB918899\update\update.exe - 716000 Bytes
C:\WINDOWS\$hf_mig$\KB919007\spuninst.exe - 213216 Bytes
C:\WINDOWS\$hf_mig$\KB919007\update\update.exe - 716000 Bytes
C:\WINDOWS\$hf_mig$\KB920213\spuninst.exe - 213216 Bytes
C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\agentsvr.exe - 256512 Bytes
C:\WINDOWS\$hf_mig$\KB920213\update\update.exe - 716000 Bytes
C:\WINDOWS\$hf_mig$\KB920214\spuninst.exe - 213216 Bytes
C:\WINDOWS\$hf_mig$\KB920214\update\update.exe - 716000 Bytes
C:\WINDOWS\$hf_mig$\KB920670\spuninst.exe - 213216 Bytes
C:\WINDOWS\$hf_mig$\KB920670\update\update.exe - 716000 Bytes
C:\WINDOWS\$hf_mig$\KB920683\spuninst.exe - 213216 Bytes
C:\WINDOWS\$hf_mig$\KB920683\update\update.exe - 716000 Bytes
C:\WINDOWS\$hf_mig$\KB920685\spuninst.exe - 213216 Bytes
C:\WINDOWS\$hf_mig$\KB920685\update\update.exe - 716000 Bytes
C:\WINDOWS\$hf_mig$\KB920872\spuninst.exe - 213216 Bytes
C:\WINDOWS\$hf_mig$\KB920872\update\update.exe - 716000 Bytes
C:\WINDOWS\$hf_mig$\KB921398\spuninst.exe - 213216 Bytes
C:\WINDOWS\$hf_mig$\KB921398\update\update.exe - 716000 Bytes
C:\WINDOWS\$hf_mig$\KB921503\spuninst.exe - 213216 Bytes
C:\WINDOWS\$hf_mig$\KB921503\update\update.exe - 716000 Bytes
C:\WINDOWS\$hf_mig$\KB921883\spuninst.exe - 213216 Bytes
C:\WINDOWS\$hf_mig$\KB921883\update\update.exe - 716000 Bytes
C:\WINDOWS\$hf_mig$\KB922582\spuninst.exe - 213216 Bytes
C:\WINDOWS\$hf_mig$\KB922582\SP2QFE\fltmc.exe - 23040 Bytes
C:\WINDOWS\$hf_mig$\KB922582\update\update.exe - 716000 Bytes
C:\WINDOWS\$hf_mig$\KB922616\spuninst.exe - 213216 Bytes
C:\WINDOWS\$hf_mig$\KB922616\update\update.exe - 716000 Bytes
C:\WINDOWS\$hf_mig$\KB922760\spuninst.exe - 213216 Bytes
C:\WINDOWS\$hf_mig$\KB922760\SP2QFE\iedw.exe - 18432 Bytes
C:\WINDOWS\$hf_mig$\KB922760\update\update.exe - 716000 Bytes
C:\WINDOWS\$hf_mig$\KB922819\spuninst.exe - 213216 Bytes
C:\WINDOWS\$hf_mig$\KB922819\update\update.exe - 716000 Bytes
C:\WINDOWS\$hf_mig$\KB92341
thefrenchlady
Active Member
 
Posts: 13
Joined: September 6th, 2007, 1:26 pm

Re: services being disabled is this a virus?

Unread postby Navigator » September 9th, 2007, 4:34 pm

thefrenchlady wrote:Thankyou for answering my original problem - I hope that I have followed your instructions and done this right. (thanks also to friend Mike who put me on to you people)
What happens now ?

kind regards
the french lady



You are welcome.

Well, two things...

The file we are looking for is iexplore.exe that is NOT in the usual location on your system (which is C:\Program Files\Internet Explorer\iexplore.exe).

The export you gave me appears to be 'cut off' or not complete..(it may be too long for one reply), but it has a lot more files than I would have expected for doing a 'filefind' for iexplore.exe. I'm not sure why all those other files that do not contain iexplore.exe are in the find results. Are you sure you put iexplore.exe in the 'file' find box? If you did put that filename in the 'file' find box, can you post the rest of the export.txt file? In your post, it is cut off after the C:\WINDOWS\$hf_mig$\KB92341 entry....which is before the C:\windows\system32\iexplore.exe entry I am expecting to find..

Let's try this to locate the offending file too:

Right-click on start and select explore ....navigate to this file on the C:\ drive and see if it exists:
    C:\windows\system32\iexplore.exe
.

If you find the above file on your system, I want you to submit it to Jotti for analysis:

There are some files I'd like to get analyzed:


    C:\windows\system32\iexplore.exe


Just to be safe, go to this site and have it scan them:
Jotti virus scan

Use the Browse button at Jotti, navigate to the file's location on your hard drive and submit them one at a time.

Let me know the results....
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

services being disabled is this a virus?

Unread postby thefrenchlady » September 10th, 2007, 4:49 pm

Hello again - I did not get the first request right - attached below is iexplore.exe search

I could not find the file c/windows/system32/iexplore.exe on the system when I tried explore.

hope you can get something from the attached search

thanks again in anticipation

thefrenchlady


C:\Program Files\Internet Explorer\iexplore.exe - 625152 Bytes
C:\WINDOWS\$hf_mig$\KB931768-IE7\SP2QFE\iexplore.exe - 625152 Bytes
C:\WINDOWS\$hf_mig$\KB933566-IE7\SP2QFE\iexplore.exe - 625152 Bytes
C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\iexplore.exe - 625152 Bytes
C:\WINDOWS\$NtServicePackUninstall$\iexplore.exe - 91136 Bytes
C:\WINDOWS\ie7\iexplore.exe - 93184 Bytes
C:\WINDOWS\ie7updates\KB928090-IE7\iexplore.exe - 622080 Bytes
C:\WINDOWS\ie7updates\KB931768-IE7\iexplore.exe - 623616 Bytes
C:\WINDOWS\ie7updates\KB933566-IE7\iexplore.exe - 623616 Bytes
C:\WINDOWS\ie7updates\KB937143-IE7\iexplore.exe - 625152 Bytes
C:\WINDOWS\ServicePackFiles\i386\iexplore.exe - 93184 Bytes
C:\WINDOWS\system32\dllcache\iexplore.exe - 625152 Bytes
thefrenchlady
Active Member
 
Posts: 13
Joined: September 6th, 2007, 1:26 pm

Unread postby thefrenchlady » September 10th, 2007, 6:32 pm

In addition have just scanned the files listed above in jotti virus scan and all files are OK

where do we go from here?

regards
thefrenchlady
thefrenchlady
Active Member
 
Posts: 13
Joined: September 6th, 2007, 1:26 pm

Unread postby Navigator » September 10th, 2007, 6:39 pm

Hmmm...interesting.

I'm not seeing what I thought I would. I want to check for a rootkit while I get some other opinions from my fellow experts...

I am concerned that you may have a Worm/trojan on your system that has possible 'backdoor' functionality which would allow unauthorized remote access to your system and the possible theft of information...do you use this computer for any confidential or sensitive information (such as banking, internet commerce, personal information)? If you do, as a precaution I would suggest that you go to a known clean computer and change all passwords etc to sites you use and closely monitor accounts etc while we work on the computer.

Please do this:

1.

  • Please download F-Secure Blacklight (fsbl.exe) from here
  • Save into C:\ with a name of fsbl.exe
  • Go to Start > Run
  • Copy and paste the contents of the below codebox into the run box
    Code: Select all
    C:\fsbl.exe /expert
  • Click OK
  • This will launch BlackLight
  • Select I accept the agreement
  • Click Next
  • Click Scan
  • Wait for the scan to finish
  • Click on Next>
  • Click Exit
  • A logfile will have been created in the C:\ drive
  • It will be named fsbl-xxxxxxxxxxxxxx.log where xxxxxxxxxxxxxx is the date and time of the scan
  • Use notepad to open that log
  • Post the contents of that log as a reply to this topic
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Unread postby Navigator » September 10th, 2007, 10:26 pm

Hello again thefrenchlady...

Can you also do this for me?

1. Please open HijackThis.


Click on Open Misc Tools Section
Make sure that both boxes beside "Generate StartupList Log" are checked:
  • List all minor sections(Full)
  • List Empty Sections(Complete)
Click Generate StartupList Log.
Click Yes at the prompt.
It will open a text file. Please copy the entire contents of that page and paste it here[/b]
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Unread postby thefrenchlady » September 11th, 2007, 3:34 pm

thanks for keeping trying
this is log from blacklight
regards again thefrenchlady

09/11/07 19:54:18 [Info]: BlackLight Engine 1.0.64 initialized
09/11/07 19:54:18 [Info]: OS: 5.1 build 2600 (Service Pack 2)
09/11/07 19:54:18 [Note]: 7019 4
09/11/07 19:54:18 [Note]: 7005 0
09/11/07 19:54:22 [Note]: 7006 0
09/11/07 19:54:22 [Note]: 7022 0
09/11/07 19:54:22 [Note]: 7011 264
09/11/07 19:54:22 [Note]: 7026 0
09/11/07 19:54:23 [Note]: 7026 0
09/11/07 19:54:29 [Note]: FSRAW library version 1.7.1022
09/11/07 20:02:05 [Note]: 2000 1012
09/11/07 20:04:43 [Note]: 7007 0
thefrenchlady
Active Member
 
Posts: 13
Joined: September 6th, 2007, 1:26 pm

Unread postby thefrenchlady » September 11th, 2007, 3:51 pm

have done hijackthis thing
hope this helps - thefrenchlady



StartupList report, 11/09/2007, 20:21:57
StartupList version: 1.52.2
Started from : C:\Documents and Settings\JON\Desktop\HiJackThis_v2.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16512)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\freecell.exe
C:\Documents and Settings\JON\Desktop\HiJackThis_v2.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\JON\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

AVG7_CC = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
SunJavaUpdateSched = C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
HPDJ Taskbar Utility = C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
ZoneAlarm Client = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

Zonealarm = iexplore.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
STManager = "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
StubPath = C:\WINDOWS\system32\ieudinit.exe

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - c:\program files\google\googletoolbar3.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

--------------------------------------------------

Enumerating Task Scheduler jobs:

*No jobs found*

--------------------------------------------------

Enumerating Download Program Files:

[DirectAnimation Java Classes]
CODEBASE = file://C:\WINDOWS\Java\classes\dajava.cab
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://fpdownload.macromedia.com/get/sh ... tor/sw.cab

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.microsoft.com/microsoftup ... 3354245246

[Java Plug-in 1.6.0_02]
InProcServer32 = C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab

[Java Plug-in 1.5.0_06]
InProcServer32 = C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab

[Java Plug-in 1.5.0_09]
InProcServer32 = C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab

[Java Plug-in 1.5.0_11]
InProcServer32 = C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab

[Java Plug-in 1.6.0_02]
InProcServer32 = C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab

[Java Plug-in 1.6.0_02]
InProcServer32 = C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx
CODEBASE = http://download.macromedia.com/pub/shoc ... wflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
NameSpace #4: C:\WINDOWS\System32\nwprovau.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll
Protocol #19: C:\WINDOWS\system32\mswsock.dll
Protocol #20: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system)
SpeedTouch USB ADSL PPP Networking Driver (NDISWAN): System32\DRIVERS\alcan5wn.sys (manual start)
SpeedTouch ADSL Modem ATM Transport: System32\DRIVERS\alcaudsl.sys (manual start)
Service for Avance AC97 Audio (WDM): system32\drivers\ALCXWDM.SYS (manual start)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter: System32\DRIVERS\AN983.sys (manual start)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Aspi32: System32\drivers\aspi32.sys (autostart)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
Ati HotKey Poller: %SystemRoot%\System32\Ati2evxx.exe (manual start)
ATI Smart: C:\WINDOWS\system32\ati2sgag.exe (manual start)
ati2mtag: System32\DRIVERS\ati2mtag.sys (manual start)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
AVG Anti-Spyware Driver: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys (system)
AVG Anti-Spyware Guard: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (autostart)
AVG7 Alert Manager Server: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (autostart)
AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system)
AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system)
AVG7 Resident Driver XP: \SystemRoot\System32\Drivers\avg7rsxp.sys (system)
AVG7 Update Service: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (autostart)
AVG Anti-Spyware Clean Driver: System32\DRIVERS\AvgAsCln.sys (system)
AVG7 Clean Driver: \SystemRoot\System32\Drivers\avgclean.sys (system)
AVG E-mail Scanner: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe (autostart)
AVG Network Redirector: \SystemRoot\System32\Drivers\avgtdi.sys (autostart)
AVK Service: C:\Program Files\AVP2K5\AVKService.exe (manual start)
AVP Monitor: C:\Program Files\AVP2K5\AVKWCtl.exe (manual start)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (autostart)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Creative AudioPCI (ES1371,ES1373) (WDM): system32\drivers\es1371mp.sys (manual start)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
Game Port Enumerator: System32\DRIVERS\gameenum.sys (manual start)
GDInterceptor: \??\C:\WINDOWS\System32\interceptor.sys (manual start)
GEARAspiWDM: System32\Drivers\GEARAspiWDM.sys (manual start)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Google Updater Service: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (autostart)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (manual start)
HookCentre: \??\C:\WINDOWS\System32\drivers\HookCentre.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
IdeBusDr: System32\DRIVERS\IdeBusDr.sys (system)
Intel(R) Ultra ATA Controller: System32\DRIVERS\IdeChnDr.sys (system)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
CD-Burning Filter Driver: System32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
IntelIde: System32\DRIVERS\intelide.sys (system)
Intel Processor Driver: System32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
iPodService: C:\Program Files\iPod\bin\iPodService.exe (autostart)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
TCP/IP Print Server: %SystemRoot%\System32\tcpsvcs.exe (manual start)
Zoom V.92 PCI Modem Driver: System32\ltmdmnt.sys (manual start)
mdmxsdk: System32\DRIVERS\mdmxsdk.sys (autostart)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Unimodem Streaming Filter Device: system32\drivers\MODEMCSA.sys (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
Microsoft MPU-401 MIDI UART Driver: system32\drivers\msmpu401.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: System32\DRIVERS\nv4_mini.sys (manual start)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver: System32\DRIVERS\RTL8139.SYS (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (autostart)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
StarForce Protection Environment Driver (version 1.x): System32\drivers\sfdrv01.sys (system)
StarForce Protection Helper Driver (version 2.x): System32\drivers\sfhlp02.sys (system)
StarForce Protection Synchronization Driver (version 2.x): System32\drivers\sfsync02.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SNMP Service: %SystemRoot%\System32\snmp.exe (manual start)
SNMP Trap Service: %SystemRoot%\System32\snmptrap.exe (manual start)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: \SystemRoot\System32\DRIVERS\sr.sys (disabled)
srescan: system32\ZoneLabs\srescan.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
SVKP: \??\C:\WINDOWS\System32\SVKP.sys (autostart)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{C1AF3BE3-EF4F-436B-983B-957C55609CE1} (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
tmcomm: \??\C:\WINDOWS\system32\drivers\tmcomm.sys (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
vsdatant: System32\vsdatant.sys (system)
TrueVector Internet Monitor: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service (autostart)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Windows CE USB Serial Host Driver: system32\DRIVERS\wceusbsh.sys (system)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Winachcf: System32\DRIVERS\winachcf.sys (manual start)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Windows Media Player Network Sharing Service: "C:\Program Files\Windows Media Player\WMPNetwk.exe" (autostart)
WpdUsb: system32\DRIVERS\wpdusb.sys (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (system)
Windows Driver Foundation - User-mode Driver Framework Reflector: system32\DRIVERS\wudfrd.sys (manual start)
Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 35,703 bytes
Report generated in 0.591 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
thefrenchlady
Active Member
 
Posts: 13
Joined: September 6th, 2007, 1:26 pm

Unread postby Navigator » September 11th, 2007, 10:19 pm

thefrenchlady wrote:thanks for keeping trying
this is log from blacklight
regards again thefrenchlady


Hello thefrenchlady...you are welcome.

OK, nothing is showing that file...I have been discussing this with other experts at this site, and the suggestion has been made that it is likely that your AV program found and deleted that 'problem' file we are looking for...and what I am seeing in HJT is likely an 'orphaned' registry entry. We'll fix that in a minute...

The blacklight scan was also negative, and that is good.

Perusing the list of files in those reports though, I'd like you to repeat the Jotti instructions above for the following 2 files, and give me the results:
    C:\WINDOWS\unstall.exe
    C:\WINDOWS\wins.exe


Then we'll move on with fixing...thanks!
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Unread postby thefrenchlady » September 13th, 2007, 3:26 pm

hello again - Jotti scan for unstall gave the following - will do the other one now



Scan taken on 13 Sep 2007 19:22:40 (GMT)
A-Squared
Found nothing
AntiVir
Found ADSPY/Media-Motor
ArcaVir
Found nothing
Avast
Found Win32:VB-MD
AVG Antivirus
Found Generic.BWN
BitDefender
Found Adware.Sahagent.AG
ClamAV
Found Adware.MeMo-2
CPsecure
Found nothing
Dr.Web
Found Adware.SAHAgent
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found Adware/Generic.95C5
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found SAHAgent.F
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found Adware.SAHAgent
thefrenchlady
Active Member
 
Posts: 13
Joined: September 6th, 2007, 1:26 pm

Unread postby thefrenchlady » September 13th, 2007, 3:29 pm

hello - the wins scan returned nothing found
thankyou again

regards thefrenchlady
thefrenchlady
Active Member
 
Posts: 13
Joined: September 6th, 2007, 1:26 pm

Unread postby Navigator » September 13th, 2007, 8:11 pm

Really? I was expecting it to be 'bad'....strange.

OK, let's proceed like this to do some cleaning and see what the scans show:

You may want to print out the instructions below as later we will be in safe mode and this webpage will be unavailable to you.

1. I see you have the latest version of Java installed on your system (1.6.0 u2)...but you also have other older versions of Java installed on your system which need to be removed as the presence of old Java versions on your system is a known security risk:

Remove older Java Versions:
  • Close any programs you may have running - especially your web browser.
  • Go to Start >> Control Panel double-click on Add/Remove Programs and remove all older versions of Java (any version OTHER than 1.6 update2).
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name (any version OTHER than 1.6 update2).
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each old Java versions.
  • Reboot your computer once all Java components are removed.

2. I'll take the time to talk about P2P programs now...

While it is not my place to tell you what to do, you have LimeWire, a P2P/file sharing program installed on your computer. P2p apps like it are the largest source of malware we see. You'll be doing yourself a favor by removing it.

P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

Some other references for the risk of these programs are here: http://www.microsoft.com/windows/ie/com ... ction.mspx here: http://www.techweb.com/wire/160500554 and here: http://www.internetworldstats.com/articles/art053.htm

I would recommend that you uninstall LimeWire, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

3. I see you have AVG Anti-Spyware installed on your system. Please make sure it is fully updated, and then please set up the program as follows:
  • Click the Shield icon at the top and under Resident shield is... click active. This should now change to inactive.
  • Click the Update icon and untick the automatic update option.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act? - make sure that Quarantine is selected.
    • Under How to scan? - All checkboxes should be ticked.
    • Under Possibly unwanted software - All checkboxes should be ticked.
    • Under Reports - Select Do not automatically generate reports.
    • Under What to scan? - Select Scan every file.

Close AVG Anti-spyware for now.

4. Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Save it to your desktop, we will use it later.

5. Please re-open HiJackThis and choose scan only. Check the boxes next to all the entries listed below.

O4 - HKLM\..\RunServices: [Zonealarm] iexplore.exe


Now close all windows other than HiJackThis, then click Fix Checked.

6. Reboot into safe mode by restarting your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

7. Please delete these files using Windows Explorer(if present):
  • Click Start>>All Programs>>Accessories>>Windows Explorer
  • Navigate to the listed files, then right-click to select them and click delete:


C:\WINDOWS\unstall.exe


8. Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
9. IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG-anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG and reboot your system back into Normal Mode.

10. Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases

  • Click OK
  • Now under select a target to scan:
      Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


11. Post the results of the AVG report scan, the Kaspersky Scan and a new HJT log for me to review....
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Unread postby thefrenchlady » September 15th, 2007, 7:06 pm

hello again - not quite finished all the instructions but AVG scan came back with two things
Adware 180 solution and Adware Delfin

Also - now every time I start the pc the following message appears
"application failed to start because MFC71.DLL was not found. Restarting the application may fix the problem".
This does not seem to effect running of the pc and restarting does not stop the message appearing.

Now on step 10 and having trouble trying to open Kaspersky online scanner.

will try again tomorrow - getting tired

thanks again for your comprehensive help

regards
the Frenchlady
thefrenchlady
Active Member
 
Posts: 13
Joined: September 6th, 2007, 1:26 pm

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: Gary R and 30 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware