popup help

I am running Vista.
Firefox.
I have set all my setting to block all popups.
both in Firefox and IE.
I keep getting popups with CiD as the heading opening with Internet Explorer.
FireFox is my default browser.

I have tried all I know to stop these popups.

Any suggestions?

Arty:angry:
 
You're not the only one looking for something to stop popup generators. At one time the infospace toolbar used on IE 6 and then until on IE 7 included an effective popup blocker. The optional setting in IE 7 to stop all popups would block everything until lately when additional protection inplace with the AVG 8.01 security addon toolbar for IE and a spyware prevention program quaranteeded one site with a surpirse attack of a mountain of unstoppable popups and a browser hijack attempt.

The new attacks are scripted to get past both IE and FF. You likely have a generator hidden on the drive somewhere where a good removal program could see that gone. The free program mentioned before is the Spyware Terminator still being put to the test found at http://www.spywareterminator.com/

When hit on one site lately that got busy trying to quaranteen everything while closing the IE finally brought it to a halt once all popups were finally closed. That will run a good scan for registry values created for popups over a former first rated Ad-Aware by Lavasoft. Give that a run to see what it finds.
 
I really appreciate the help, I am downloading the program you have suggested.
I have AVG anti virus, and am running spybot.
Just since being logged onto this site 3 popups have appeared.
There should be a law against such things, these programs are compromising my computer.
 
Those are typical malware type popup generators. The ST program mentioned before is far more effective then Spybot S%D and a number of other spyaware/adaware programs. That places an active guard around the system registry like a good firewall as well as having a far better scanning process. It will find far more then Ad-Aware and more effective then Grisoft's now AVG Antispyware tool formerly known as ewido.

Even when going to uninstall something in Windows ST will prompt to allow or deny. So far that's kept the system here running both XP and Vista virtually spotless despite running into that bad site mentioned before trying to slip something on. The others like Webroot's Spy Sweeper are typically reporting a large number of items but you need to buy the full version to see them fixed type crap.

Besides Spyware Terminator some software companies like Trend Micro have free online system scanners for finding things as well. Trying more then one tool will eventually locate the offender and remove any registry values as well.
 
Go thru Osiris's guide to spyware removal.

Spyware Removal Guide By Osiris

Post you HiJack This log in the Analyze area:

HijackThis Logs (analyze) - Computer Forums

Someone will be along to analyze teh log files and assist you.

Also install AdBlock Plus, AdBlock FilterG Updated, Flash Block and NoScript Extensions in Firefox. For IE install IE7Pro.
 
Okay, now your loosing me.
Update.
I downloaded Spyware Terminator, The scan proved a few issues, I allowed the program to fix them.
Still am having these popups appear CiD, I am also reading "opening with Internet Explorer".
This all began recently, When I first bought this PC these popups didn't happen.
I hope I am understanding you folks correctly, The free aspect of Spyware won't fix the issue, so I should buy the full program???
The issue I have is, why buy the full program and it turns out not to fix the problem?
Please don't think I am being rudd, I am frustrated with these popups, I have all my privacy/security setting set on the highest level and this is no help at all.
Now another person trying to help me is recommending I post my issue on another web site.
What do I do?, when the popup appears, copy what the link? and post it on the website.
Hows does one copy the entire web page these popups are using.
I opened my Yahoo mail this morning and right away a popup with this CiD in the heading appears, whatever is happening here doesn't seem to be using Firefox, just Internet Explorer.
I thought our Government recently found Microsoft to be monopolizing by forcing windows only to work with IE?
This is over my head folks.
I want this to end....Here lately...its nothing but a fight to be on the web...
 
Hey, I do appreciate your help a great deal.
I downloaded that file but couldn't open it, a screen popped up asking me if I wanted to find a program on the web to open the file.
PDF I am assuming...thats the screen it took me to.
I am so disappointed with Vista....None of these problems occurred until I bought this PC running Vista...
These popups appear even if I am not on the web.
Just so you know, I am hooked up to the web 24/7 369, Quest broadband, wireless.
Desktop.
I simply turn off the monitor, when I get up in the morning and turn my monitor on, I have to close many popup windows.
 
Code:
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.6.9.2533. For information, email [email]support@simplysup1.com[/email]
[Unregistered version]
Scan started at: 6:03:24 PM 20 May 2008
Using Database v6998
Operating System:  Windows Vista  [Windows Vista (Build 6000)]
Edition:           Windows Vista (TM) Home Premium
File System:       NTFS
User Account Control is Enabled.
Data directory:    C:\Users\Arty Tovar\AppData\Roaming\Simply Super Software\Trojan Remover\
Logfile directory: C:\Users\Arty Tovar\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges


**************************************************
The following Anti-Malware program(s) are loaded:
Microsoft Windows Defender

**************************************************


**************************************************
6:03:24 PM: Scanning ----------WIN.INI-----------
WIN.INI found in C:\Windows

**************************************************
6:03:24 PM: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\Windows

**************************************************
6:03:24 PM: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

**************************************************
6:03:25 PM: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: explorer.exe
C:\Windows\explorer.exe
2923520 bytes
Created:  1/21/2008
Modified: 1/21/2008
Company:  Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\Windows\system32\userinit.exe
C:\Windows\system32\userinit.exe
24576 bytes
Created:  11/2/2006
Modified: 11/2/2006
Company:  Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: Windows Defender
Value Data: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
C:\Program Files\Windows Defender\MSASCui.exe
1006264 bytes
Created:  8/11/2007
Modified: 8/11/2007
Company:  Microsoft Corporation
--------------------
Value Name: hpsysdrv
Value Data: c:\hp\support\hpsysdrv.exe
c:\hp\support\hpsysdrv.exe
65536 bytes
Created:  8/11/2007
Modified: 4/18/2007
Company:  Hewlett-Packard Company
--------------------
Value Name: OsdMaestro
Value Data: "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
118784 bytes
Created:  8/11/2007
Modified: 2/15/2007
Company:  OsdMaestro
--------------------
Value Name: RtHDVCpl
Value Data: RtHDVCpl.exe
C:\Windows\RtHDVCpl.exe
4702208 bytes
Created:  10/25/2007
Modified: 10/25/2007
Company:  Realtek Semiconductor
--------------------
Value Name: HP Health Check Scheduler
Value Data: c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
71176 bytes
Created:  5/24/2007
Modified: 5/24/2007
Company:  Hewlett-Packard
--------------------
Value Name: SunJavaUpdateReg
Value Data: "C:\Windows\system32\jureg.exe"
C:\Windows\system32\jureg.exe
54936 bytes
Created:  8/11/2007
Modified: 4/7/2007
Company:  Sun Microsystems, Inc.
--------------------
Value Name: HP Software Update
Value Data: c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
49152 bytes
Created:  2/17/2005
Modified: 2/17/2005
Company:  Hewlett-Packard Co.
--------------------
Value Name: 
Value Data: 
The Value Data for this entry appears to be blank
--------------------
Value Name: Adobe Reader Speed Launcher
Value Data: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
39792 bytes
Created:  1/12/2008
Modified: 1/12/2008
Company:  Adobe Systems Incorporated
--------------------
Value Name: Symantec PIF AlertEng
Value Data: "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
583048 bytes
Created:  1/29/2008
Modified: 1/29/2008
Company:  Symantec Corporation
--------------------
Value Name: AVG8_TRAY
Value Data: C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
1177368 bytes
Created:  5/6/2008
Modified: 5/6/2008
Company:  AVG Technologies CZ, s.r.o.
--------------------
Value Name: IgfxTray
Value Data: C:\Windows\system32\igfxtray.exe
C:\Windows\system32\igfxtray.exe
141848 bytes
Created:  3/25/2008
Modified: 3/25/2008
Company:  Intel Corporation
--------------------
Value Name: HotKeysCmds
Value Data: C:\Windows\system32\hkcmd.exe
C:\Windows\system32\hkcmd.exe
166424 bytes
Created:  3/25/2008
Modified: 3/25/2008
Company:  Intel Corporation
--------------------
Value Name: Persistence
Value Data: C:\Windows\system32\igfxpers.exe
C:\Windows\system32\igfxpers.exe
133656 bytes
Created:  3/25/2008
Modified: 3/25/2008
Company:  Intel Corporation
--------------------
Value Name: SpywareTerminator
Value Data: "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
1817600 bytes
Created:  5/19/2008
Modified: 5/19/2008
Company:  Crawler.com
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe
C:\Program Files\Trojan Remover\Trjscan.exe
877136 bytes
Created:  5/20/2008
Modified: 5/18/2008
Company:  Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Value Name: Launcher
Value Data: %WINDIR%\SMINST\launcher.exe
C:\Windows\SMINST\launcher.exe
44168 bytes
Created:  4/3/2007
Modified: 4/3/2007
Company:  soft thinks
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: locks tick title proc
Value Data: "C:\ProgramData\Copy Show Store.npbn4w"
C:\ProgramData\Copy Show Store.npbn4w
4112 bytes
Created:  4/9/2008
Modified: 4/9/2008
Company:  
--------------------
Value Name: 4 city
Value Data: "C:\ProgramData\ByteWinWin.h3hlel"
C:\ProgramData\ByteWinWin.h3hlel
8208 bytes
Created:  5/6/2008
Modified: 5/6/2008
Company:  
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty

**************************************************
6:03:27 PM: Scanning -----SHELLEXECUTEHOOKS-----
ShellExecuteHooks key is empty

**************************************************
6:03:27 PM: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

**************************************************
6:03:27 PM: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\Windows\system32\logon.scr
C:\Windows\system32\logon.scr
5714432 bytes
Created:  11/2/2006
Modified: 11/2/2006
Company:  Microsoft Corporation
--------------------

**************************************************
6:03:27 PM: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

**************************************************
6:03:27 PM: Scanning ----- SERVICEDLL REGISTRY KEYS -----

**************************************************
6:03:29 PM: Scanning ----- SERVICES REGISTRY KEYS -----
Key:       Afc
ImagePath: system32\drivers\Afc.sys
C:\Windows\system32\drivers\Afc.sys
11776 bytes
Created:  12/17/2007
Modified: 2/23/2005
Company:  Arcsoft, Inc.
----------
Key:       Automatic LiveUpdate Scheduler
ImagePath: "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
554352 bytes
Created:  8/11/2007
Modified: 9/12/2007
Company:  Symantec Corporation
----------
Key:       avg8emc
ImagePath: C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
902424 bytes
Created:  5/6/2008
Modified: 5/6/2008
Company:  AVG Technologies CZ, s.r.o.
----------
Key:       avg8wd
ImagePath: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
282904 bytes
Created:  5/6/2008
Modified: 5/6/2008
Company:  AVG Technologies CZ, s.r.o.
----------
Key:       AvgLdx86
ImagePath: \SystemRoot\System32\Drivers\avgldx86.sys
C:\Windows\System32\Drivers\avgldx86.sys
96520 bytes
Created:  5/6/2008
Modified: 5/6/2008
Company:  AVG Technologies CZ, s.r.o.
----------
Key:       AvgMfx86
ImagePath: \SystemRoot\System32\Drivers\avgmfx86.sys
C:\Windows\System32\Drivers\avgmfx86.sys
26184 bytes
Created:  5/6/2008
Modified: 5/6/2008
Company:  GRISOFT, s.r.o.
----------
Key:       AvgWfpX
ImagePath: \SystemRoot\System32\Drivers\avgwfpx.sys
C:\Windows\System32\Drivers\avgwfpx.sys
67080 bytes
Created:  5/6/2008
Modified: 5/6/2008
Company:  AVG Technologies CZ, s.r.o.
----------
Key:       BCM43XX
ImagePath: system32\DRIVERS\bcmwl6.sys
C:\Windows\system32\DRIVERS\bcmwl6.sys
534016 bytes
Created:  12/10/2007
Modified: 12/19/2006
Company:  Broadcom Corporation
----------
Key:       blbdrive
ImagePath: \SystemRoot\system32\drivers\blbdrive.sys - file is missing - alert is globally excluded
----------
Key:       dot4
ImagePath: system32\DRIVERS\Dot4.sys
C:\Windows\system32\DRIVERS\Dot4.sys
131584 bytes
Created:  11/2/2006
Modified: 11/2/2006
Company:  Microsoft Corporation
----------
Key:       Dot4Print
ImagePath: system32\DRIVERS\Dot4Prt.sys
C:\Windows\system32\DRIVERS\Dot4Prt.sys
16384 bytes
Created:  11/2/2006
Modified: 11/2/2006
Company:  Microsoft Corporation
----------
Key:       Dot4Scan
ImagePath: system32\DRIVERS\Dot4Scan.sys
C:\Windows\system32\DRIVERS\Dot4Scan.sys
10752 bytes
Created:  11/2/2006
Modified: 11/2/2006
Company:  Microsoft Corporation
----------
Key:       dot4usb
ImagePath: system32\DRIVERS\dot4usb.sys
C:\Windows\system32\DRIVERS\dot4usb.sys
36864 bytes
Created:  11/2/2006
Modified: 11/2/2006
Company:  Microsoft Corporation
----------
Key:       HP Health Check Service
ImagePath: "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe"
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
61440 bytes
Created:  5/24/2007
Modified: 5/24/2007
Company:  Hewlett-Packard
----------
Key:       HSF_DP
ImagePath: system32\DRIVERS\HSX_DP.sys
C:\Windows\system32\DRIVERS\HSX_DP.sys
985600 bytes
Created:  2/12/2008
Modified: 2/12/2008
Company:  Conexant Systems, Inc.
----------
Key:       ialm
ImagePath: system32\DRIVERS\igdkmd32.sys
C:\Windows\system32\DRIVERS\igdkmd32.sys
2307072 bytes
Created:  3/25/2008
Modified: 3/25/2008
Company:  Intel Corporation
----------
Key:       IDriverT
ImagePath: "c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
73728 bytes
Created:  10/22/2004
Modified: 10/22/2004
Company:  Macrovision Corporation
----------
Key:       igfx
ImagePath: system32\DRIVERS\igdkmd32.sys
C:\Windows\system32\DRIVERS\igdkmd32.sys
2307072 bytes
Created:  3/25/2008
Modified: 3/25/2008
Company:  Intel Corporation
----------
Key:       IpInIp
ImagePath: system32\DRIVERS\ipinip.sys - file is missing - alert is globally excluded
----------
Key:       kbdhid
ImagePath: \SystemRoot\system32\drivers\kbdhid.sys
C:\Windows\system32\drivers\kbdhid.sys
15872 bytes
Created:  11/2/2006
Modified: 11/2/2006
Company:  Microsoft Corporation
----------
Key:       LiveUpdate
ImagePath: "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
2999664 bytes
Created:  8/11/2007
Modified: 9/12/2007
Company:  Symantec Corporation
----------
Key:       LiveUpdate Notice Ex
ImagePath: "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [file not found to scan]
----------
Key:       LiveUpdate Notice Service
ImagePath: "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll"
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
583048 bytes
Created:  1/29/2008
Modified: 1/29/2008
Company:  Symantec Corporation
----------
Key:       msiserver
ImagePath: %systemroot%\system32\msiexec /V
----------
Key:       NwlnkFlt
ImagePath: system32\DRIVERS\nwlnkflt.sys - file is missing - alert is globally excluded
----------
Key:       NwlnkFwd
ImagePath: system32\DRIVERS\nwlnkfwd.sys - file is missing - alert is globally excluded
----------
Key:       pfc
ImagePath: system32\drivers\pfc.sys
C:\Windows\system32\drivers\pfc.sys [file not found to scan]
----------
Key:       RoxMediaDB9
ImagePath: "c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe"
c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
887544 bytes
Created:  5/11/2007
Modified: 5/11/2007
Company:  Sonic Solutions
----------
Key:       RTL8169
ImagePath: system32\DRIVERS\Rtlh86.sys
C:\Windows\system32\DRIVERS\Rtlh86.sys
104448 bytes
Created:  12/28/2007
Modified: 12/28/2007
Company:  Realtek Corporation                                            
----------
Key:       Serenum
ImagePath: \SystemRoot\system32\drivers\serenum.sys
C:\Windows\system32\drivers\serenum.sys
17920 bytes
Created:  11/2/2006
Modified: 11/2/2006
Company:  Microsoft Corporation
----------
Key:       Serial
ImagePath: \SystemRoot\system32\drivers\serial.sys
C:\Windows\system32\drivers\serial.sys
83456 bytes
Created:  11/2/2006
Modified: 11/2/2006
Company:  Microsoft Corporation
----------
Key:       sp_rsdrv2
ImagePath: \??\C:\Windows\system32\drivers\sp_rsdrv2.sys
C:\Windows\system32\drivers\sp_rsdrv2.sys
141312 bytes
Created:  5/19/2008
Modified: 5/19/2008
Company:  
----------
Key:       sp_rssrv
ImagePath: "C:\Program Files\Spyware Terminator\sp_rsser.exe"
C:\Program Files\Spyware Terminator\sp_rsser.exe
606720 bytes
Created:  5/19/2008
Modified: 5/19/2008
Company:  Crawler.com
----------
Key:       stllssvr
ImagePath: "c:\Program Files\Common Files\SureThing Shared\stllssvr.exe"
c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
-R- 74656 bytes
Created:  5/3/2007
Modified: 5/3/2007
Company:  MicroVision Development, Inc.
----------
Key:       WpdUsb
ImagePath: system32\DRIVERS\wpdusb.sys
C:\Windows\system32\DRIVERS\wpdusb.sys
39936 bytes
Created:  11/2/2006
Modified: 11/2/2006
Company:  Microsoft Corporation
----------

**************************************************
6:03:36 PM: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:

**************************************************
6:03:36 PM: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key: igfxcui
DLL: igfxdev.dll
C:\Windows\system32\igfxdev.dll
204800 bytes
Created:  8/11/2007
Modified: 3/25/2008
Company:  Intel Corporation
----------

**************************************************
6:03:36 PM: Scanning ----- CONTEXTMENUHANDLERS -----
Key:   AVG8 Shell Extension
CLSID: {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
Path:  C:\Program Files\AVG\AVG8\avgse.dll
C:\Program Files\AVG\AVG8\avgse.dll
108824 bytes
Created:  5/6/2008
Modified: 5/6/2008
Company:  AVG Technologies CZ, s.r.o.
----------
Key:   SPTContMenu
CLSID: {BD88A479-9623-4897-8546-BC62B9628F44}
Path:  C:\Program Files\Spyware Terminator\sptcontmenu.dll
C:\Program Files\Spyware Terminator\sptcontmenu.dll
164352 bytes
Created:  5/19/2008
Modified: 5/19/2008
Company:  Crawler.com
----------

**************************************************
6:03:36 PM: Scanning ----- FOLDER\COLUMNHANDLERS -----

**************************************************
6:03:36 PM: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
62080 bytes
Created:  10/23/2006
Modified: 10/23/2006
Company:  Adobe Systems Incorporated
----------
Key: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
BHO: C:\Program Files\AVG\AVG8\avgssie.dll
C:\Program Files\AVG\AVG8\avgssie.dll
419096 bytes
Created:  5/6/2008
Modified: 5/6/2008
Company:  AVG Technologies CZ, s.r.o.
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
501400 bytes
Created:  8/11/2007
Modified: 4/7/2007
Company:  Sun Microsystems, Inc.
----------

**************************************************
6:03:36 PM: Scanning ----- SHELLSERVICEOBJECTS -----

**************************************************
6:03:36 PM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

**************************************************
6:03:36 PM: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

**************************************************
6:03:36 PM: Scanning ----- APPINIT_DLLS -----
AppInitDLLs entry = [avgrsstx.dll]
File: avgrsstx.dll
C:\Windows\system32\avgrsstx.dll
10520 bytes
Created:  5/6/2008
Modified: 5/6/2008
Company:  AVG Technologies CZ, s.r.o.
----------

**************************************************
6:03:37 PM: Scanning ----- SECURITY PROVIDER DLLS -----

**************************************************
6:03:37 PM: Scanning ------ COMMON STARTUP GROUP ------
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created:  11/2/2006
Modified: 1/21/2008
Company:  
--------------------

**************************************************
6:03:37 PM: Scanning ----- USER STARTUP GROUPS -----
Checking Startup Group for: Arty Tovar
[C:\Users\Arty Tovar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
C:\Users\Arty Tovar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created:  12/10/2007
Modified: 1/21/2008
Company:  
----------
--------------------

**************************************************
6:03:37 PM: Scanning ----- SCHEDULED TASKS -----
No Scheduled Tasks found to scan

**************************************************
6:03:37 PM: ----- ADDITIONAL CHECKS -----
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Users\Arty Tovar\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
C:\Users\Arty Tovar\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
1440054 bytes
Created:  4/9/2008
Modified: 4/9/2008
Company:  
----------
Web Desktop Wallpaper: %APPDATA%\Mozilla\Firefox\Desktop Background.bmp
%APPDATA%\Mozilla\Firefox\Desktop Background.bmp [file not found to scan]
----------
Checking Drivers32 entries:
Value Name: midi1
File: wdmaud.drv
C:\Windows\system32\wdmaud.drv
168448 bytes
Created:  11/2/2006
Modified: 11/2/2006
Company:  Microsoft Corporation
----------
--------------------
Additional file checks completed

**************************************************
6:03:38 PM: Scanning ----- RUNNING PROCESSES -----

C:\Windows\System32\smss.exe
--------------------
C:\Windows\system32\csrss.exe
--------------------
C:\Windows\system32\wininit.exe
--------------------
C:\Windows\system32\csrss.exe
--------------------
C:\Windows\system32\services.exe
--------------------
C:\Windows\system32\lsass.exe
--------------------
C:\Windows\system32\lsm.exe
--------------------
C:\Windows\system32\winlogon.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Windows\System32\svchost.exe
--------------------
C:\Windows\System32\svchost.exe
--------------------
C:\Windows\System32\svchost.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Windows\system32\SLsvc.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Windows\system32\Dwm.exe
--------------------
C:\Windows\Explorer.EXE
--------------------
C:\Windows\System32\spoolsv.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Windows\system32\taskeng.exe
--------------------
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
--------------------
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
--------------------
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
--------------------
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Program Files\Spyware Terminator\sp_rsser.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Windows\System32\svchost.exe
--------------------
C:\Windows\system32\SearchIndexer.exe
--------------------
C:\Windows\system32\DRIVERS\xaudio.exe
--------------------
C:\Windows\system32\WUDFHost.exe
--------------------
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
--------------------
C:\PROGRA~1\AVG\AVG8\avgemc.exe
--------------------
C:\Windows\system32\taskeng.exe
--------------------
C:\Program Files\Windows Defender\MSASCui.exe
--------------------
C:\hp\support\hpsysdrv.exe
--------------------
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
--------------------
C:\Windows\RtHDVCpl.exe
--------------------
C:\Windows\system32\schtasks.exe
--------------------
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
--------------------
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
--------------------
C:\Program Files\AVG\AVG8\avgtray.exe
--------------------
C:\Windows\System32\hkcmd.exe
--------------------
C:\Windows\System32\igfxpers.exe
--------------------
C:\Windows\system32\igfxsrvc.exe
--------------------
C:\Program Files\Internet Explorer\iexplore.exe
--------------------
C:\Program Files\Internet Explorer\iexplore.exe
--------------------
C:\Program Files\Internet Explorer\iexplore.exe
--------------------
C:\Windows\System32\mobsync.exe
--------------------
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
--------------------
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
--------------------
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
--------------------
C:\Program Files\Microsoft Works\wkswp.exe
--------------------
C:\Program Files\Microsoft Works\WkDStore.exe
--------------------
C:\Program Files\Microsoft Works\wkgdcach.exe
--------------------
C:\Program Files\Trojan Remover\Rmvtrjan.exe
FileSize:          2482752
[This is a Trojan Remover component]
--------------------
--------------------
C:\Windows\NOTEPAD.EXE
--------------------

**************************************************
6:03:42 PM: Checking HOSTS file
No malicious entries were found in the HOSTS file

**************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Start Page":
[url="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop"]AOL.com - Welcome to AOL[/url]
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Search Page":
[url="http://go.microsoft.com/fwlink/?LinkId=54896"]Live Search[/url]
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
[url="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop"]AOL.com - Welcome to AOL[/url]
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
[url="http://go.microsoft.com/fwlink/?LinkId=54896"]Live Search[/url]
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
[url="http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327"]Search Assistant[/url]
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
[url="http://www.crawler.com/search/ie.aspx?tb_id=60327"]Internet Explorer Search[/url]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page":
[url="http://www.yahoo.com/"]Yahoo![/url]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page":
[url="http://go.microsoft.com/fwlink/?LinkId=54896"]Live Search[/url]

**************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 6:03:42 PM 20 May 2008
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.6.9.2533. For information, email [email]support@simplysup1.com[/email]
[Unregistered version]
Scan started at: 5:55:31 PM 20 May 2008
Using Database v6998
Operating System:  Windows Vista  [Windows Vista (Build 6000)]
Edition:           Windows Vista (TM) Home Premium
File System:       NTFS
User Account Control is Enabled.
Data directory:    C:\Users\Arty Tovar\AppData\Roaming\Simply Super Software\Trojan Remover\
Logfile directory: C:\Users\Arty Tovar\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges


**************************************************
The following Anti-Malware program(s) are loaded:
Microsoft Windows Defender

**************************************************


**************************************************
5:55:31 PM: Scanning ----------WIN.INI-----------
WIN.INI found in C:\Windows

**************************************************
5:55:31 PM: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\Windows

**************************************************
5:55:31 PM: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

**************************************************
5:55:32 PM: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: explorer.exe
C:\Windows\explorer.exe
2923520 bytes
Created:  1/21/2008
Modified: 1/21/2008
Company:  Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\Windows\system32\userinit.exe
C:\Windows\system32\userinit.exe
24576 bytes
Created:  11/2/2006
Modified: 11/2/2006
Company:  Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: Windows Defender
Value Data: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
C:\Program Files\Windows Defender\MSASCui.exe
1006264 bytes
Created:  8/11/2007
Modified: 8/11/2007
Company:  Microsoft Corporation
--------------------
Value Name: hpsysdrv
Value Data: c:\hp\support\hpsysdrv.exe
c:\hp\support\hpsysdrv.exe
65536 bytes
Created:  8/11/2007
Modified: 4/18/2007
Company:  Hewlett-Packard Company
--------------------
Value Name: OsdMaestro
Value Data: "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
118784 bytes
Created:  8/11/2007
Modified: 2/15/2007
Company:  OsdMaestro
--------------------
Value Name: RtHDVCpl
Value Data: RtHDVCpl.exe
C:\Windows\RtHDVCpl.exe
4702208 bytes
Created:  10/25/2007
Modified: 10/25/2007
Company:  Realtek Semiconductor
--------------------
Value Name: HP Health Check Scheduler
Value Data: c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
71176 bytes
Created:  5/24/2007
Modified: 5/24/2007
Company:  Hewlett-Packard
--------------------
Value Name: SunJavaUpdateReg
Value Data: "C:\Windows\system32\jureg.exe"
C:\Windows\system32\jureg.exe
54936 bytes
Created:  8/11/2007
Modified: 4/7/2007
Company:  Sun Microsystems, Inc.
--------------------
Value Name: HP Software Update
Value Data: c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
49152 bytes
Created:  2/17/2005
Modified: 2/17/2005
Company:  Hewlett-Packard Co.
--------------------
Value Name: 
Value Data: 
The Value Data for this entry appears to be blank
--------------------
Value Name: Adobe Reader Speed Launcher
Value Data: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
39792 bytes
Created:  1/12/2008
Modified: 1/12/2008
Company:  Adobe Systems Incorporated
--------------------
Value Name: Symantec PIF AlertEng
Value Data: "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
583048 bytes
Created:  1/29/2008
Modified: 1/29/2008
Company:  Symantec Corporation
--------------------
Value Name: AVG8_TRAY
Value Data: C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
1177368 bytes
Created:  5/6/2008
Modified: 5/6/2008
Company:  AVG Technologies CZ, s.r.o.
--------------------
Value Name: IgfxTray
Value Data: C:\Windows\system32\igfxtray.exe
C:\Windows\system32\igfxtray.exe
141848 bytes
Created:  3/25/2008
Modified: 3/25/2008
Company:  Intel Corporation
--------------------
Value Name: HotKeysCmds
Value Data: C:\Windows\system32\hkcmd.exe
C:\Windows\system32\hkcmd.exe
166424 bytes
Created:  3/25/2008
Modified: 3/25/2008
Company:  Intel Corporation
--------------------
Value Name: Persistence
Value Data: C:\Windows\system32\igfxpers.exe
C:\Windows\system32\igfxpers.exe
133656 bytes
Created:  3/25/2008
Modified: 3/25/2008
Company:  Intel Corporation
--------------------
Value Name: SpywareTerminator
Value Data: "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
1817600 bytes
Created:  5/19/2008
Modified: 5/19/2008
Company:  Crawler.com
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe
C:\Program Files\Trojan Remover\Trjscan.exe
877136 bytes
Created:  5/20/2008
Modified: 5/18/2008
Company:  Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Value Name: Launcher
Value Data: %WINDIR%\SMINST\launcher.exe
C:\Windows\SMINST\launcher.exe
44168 bytes
Created:  4/3/2007
Modified: 4/3/2007
Company:  soft thinks
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: locks tick title proc
Value Data: "C:\ProgramData\Copy Show Store.npbn4w"
C:\ProgramData\Copy Show Store.npbn4w
4112 bytes
Created:  4/9/2008
Modified: 4/9/2008
Company:  
--------------------
Value Name: 4 city
Value Data: "C:\ProgramData\ByteWinWin.h3hlel"
C:\ProgramData\ByteWinWin.h3hlel
8208 bytes
Created:  5/6/2008
Modified: 5/6/2008
Company:  
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty

**************************************************
5:55:34 PM: Scanning -----SHELLEXECUTEHOOKS-----
ShellExecuteHooks key is empty

**************************************************
5:55:34 PM: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

**************************************************
5:55:34 PM: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\Windows\system32\logon.scr
C:\Windows\system32\logon.scr
5714432 bytes
Created:  11/2/2006
Modified: 11/2/2006
Company:  Microsoft Corporation
--------------------

**************************************************
5:55:34 PM: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

**************************************************
5:55:35 PM: Scanning ----- SERVICEDLL REGISTRY KEYS -----

**************************************************
5:55:36 PM: Scanning ----- SERVICES REGISTRY KEYS -----
Key:       Afc
ImagePath: system32\drivers\Afc.sys
C:\Windows\system32\drivers\Afc.sys
11776 bytes
Created:  12/17/2007
Modified: 2/23/2005
Company:  Arcsoft, Inc.
----------
Key:       Automatic LiveUpdate Scheduler
ImagePath: "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
554352 bytes
Created:  8/11/2007
Modified: 9/12/2007
Company:  Symantec Corporation
----------
Key:       avg8emc
ImagePath: C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
902424 bytes
Created:  5/6/2008
Modified: 5/6/2008
Company:  AVG Technologies CZ, s.r.o.
----------
Key:       avg8wd
ImagePath: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
282904 bytes
Created:  5/6/2008
Modified: 5/6/2008
Company:  AVG Technologies CZ, s.r.o.
----------
Key:       AvgLdx86
ImagePath: \SystemRoot\System32\Drivers\avgldx86.sys
C:\Windows\System32\Drivers\avgldx86.sys
96520 bytes
Created:  5/6/2008
Modified: 5/6/2008
Company:  AVG Technologies CZ, s.r.o.
----------
Key:       AvgMfx86
ImagePath: \SystemRoot\System32\Drivers\avgmfx86.sys
C:\Windows\System32\Drivers\avgmfx86.sys
26184 bytes
Created:  5/6/2008
Modified: 5/6/2008
Company:  GRISOFT, s.r.o.
----------
Key:       AvgWfpX
ImagePath: \SystemRoot\System32\Drivers\avgwfpx.sys
C:\Windows\System32\Drivers\avgwfpx.sys
67080 bytes
Created:  5/6/2008
Modified: 5/6/2008
Company:  AVG Technologies CZ, s.r.o.
----------
Key:       BCM43XX
ImagePath: system32\DRIVERS\bcmwl6.sys
C:\Windows\system32\DRIVERS\bcmwl6.sys
534016 bytes
Created:  12/10/2007
Modified: 12/19/2006
Company:  Broadcom Corporation
----------
Key:       blbdrive
ImagePath: \SystemRoot\system32\drivers\blbdrive.sys - file is missing - alert is globally excluded
----------
Key:       dot4
ImagePath: system32\DRIVERS\Dot4.sys
C:\Windows\system32\DRIVERS\Dot4.sys
131584 bytes
Created:  11/2/2006
Modified: 11/2/2006
Company:  Microsoft Corporation
----------
Key:       Dot4Print
ImagePath: system32\DRIVERS\Dot4Prt.sys
C:\Windows\system32\DRIVERS\Dot4Prt.sys
16384 bytes
Created:  11/2/2006
Modified: 11/2/2006
Company:  Microsoft Corporation
----------
Key:       Dot4Scan
ImagePath: system32\DRIVERS\Dot4Scan.sys
C:\Windows\system32\DRIVERS\Dot4Scan.sys
10752 bytes
Created:  11/2/2006
Modified: 11/2/2006
Company:  Microsoft Corporation
----------
Key:       dot4usb
ImagePath: system32\DRIVERS\dot4usb.sys
C:\Windows\system32\DRIVERS\dot4usb.sys
36864 bytes
Created:  11/2/2006
Modified: 11/2/2006
Company:  Microsoft Corporation
----------
Key:       HP Health Check Service
ImagePath: "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe"
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
61440 bytes
Created:  5/24/2007
Modified: 5/24/2007
Company:  Hewlett-Packard
----------
Key:       HSF_DP
ImagePath: system32\DRIVERS\HSX_DP.sys
C:\Windows\system32\DRIVERS\HSX_DP.sys
985600 bytes
Created:  2/12/2008
Modified: 2/12/2008
Company:  Conexant Systems, Inc.
----------
Key:       ialm
ImagePath: system32\DRIVERS\igdkmd32.sys
C:\Windows\system32\DRIVERS\igdkmd32.sys
2307072 bytes
Created:  3/25/2008
Modified: 3/25/2008
Company:  Intel Corporation
----------
Key:       IDriverT
ImagePath: "c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
73728 bytes
Created:  10/22/2004
Modified: 10/22/2004
Company:  Macrovision Corporation
----------
Key:       igfx
ImagePath: system32\DRIVERS\igdkmd32.sys
C:\Windows\system32\DRIVERS\igdkmd32.sys
2307072 bytes
Created:  3/25/2008
Modified: 3/25/2008
Company:  Intel Corporation
----------
Key:       IpInIp
ImagePath: system32\DRIVERS\ipinip.sys - file is missing - alert is globally excluded
----------
Key:       kbdhid
ImagePath: \SystemRoot\system32\drivers\kbdhid.sys
C:\Windows\system32\drivers\kbdhid.sys
15872 bytes
Created:  11/2/2006
Modified: 11/2/2006
Company:  Microsoft Corporation
----------
Key:       LiveUpdate
ImagePath: "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
2999664 bytes
Created:  8/11/2007
Modified: 9/12/2007
Company:  Symantec Corporation
----------
Key:       LiveUpdate Notice Ex
ImagePath: "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [file not found to scan]
----------
Key:       LiveUpdate Notice Service
ImagePath: "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll"
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
583048 bytes
Created:  1/29/2008
Modified: 1/29/2008
Company:  Symantec Corporation
----------
Key:       msiserver
ImagePath: %systemroot%\system32\msiexec /V
----------
Key:       NwlnkFlt
ImagePath: system32\DRIVERS\nwlnkflt.sys - file is missing - alert is globally excluded
----------
Key:       NwlnkFwd
ImagePath: system32\DRIVERS\nwlnkfwd.sys - file is missing - alert is globally excluded
----------
Key:       pfc
ImagePath: system32\drivers\pfc.sys
C:\Windows\system32\drivers\pfc.sys [file not found to scan]
----------
Key:       RoxMediaDB9
ImagePath: "c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe"
c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
887544 bytes
Created:  5/11/2007
Modified: 5/11/2007
Company:  Sonic Solutions
----------
Key:       RTL8169
ImagePath: system32\DRIVERS\Rtlh86.sys
C:\Windows\system32\DRIVERS\Rtlh86.sys
104448 bytes
Created:  12/28/2007
Modified: 12/28/2007
Company:  Realtek Corporation                                            
----------
Key:       Serenum
ImagePath: \SystemRoot\system32\drivers\serenum.sys
C:\Windows\system32\drivers\serenum.sys
17920 bytes
Created:  11/2/2006
Modified: 11/2/2006
Company:  Microsoft Corporation
----------
Key:       Serial
ImagePath: \SystemRoot\system32\drivers\serial.sys
C:\Windows\system32\drivers\serial.sys
83456 bytes
Created:  11/2/2006
Modified: 11/2/2006
Company:  Microsoft Corporation
----------
Key:       sp_rsdrv2
ImagePath: \??\C:\Windows\system32\drivers\sp_rsdrv2.sys
C:\Windows\system32\drivers\sp_rsdrv2.sys
141312 bytes
Created:  5/19/2008
Modified: 5/19/2008
Company:  
----------
Key:       sp_rssrv
ImagePath: "C:\Program Files\Spyware Terminator\sp_rsser.exe"
C:\Program Files\Spyware Terminator\sp_rsser.exe
606720 bytes
Created:  5/19/2008
Modified: 5/19/2008
Company:  Crawler.com
----------
Key:       stllssvr
ImagePath: "c:\Program Files\Common Files\SureThing Shared\stllssvr.exe"
c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
-R- 74656 bytes
Created:  5/3/2007
Modified: 5/3/2007
Company:  MicroVision Development, Inc.
----------
Key:       WpdUsb
ImagePath: system32\DRIVERS\wpdusb.sys
C:\Windows\system32\DRIVERS\wpdusb.sys
39936 bytes
Created:  11/2/2006
Modified: 11/2/2006
Company:  Microsoft Corporation
----------

**************************************************
5:55:43 PM: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:

**************************************************
5:55:43 PM: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key: igfxcui
DLL: igfxdev.dll
C:\Windows\system32\igfxdev.dll
204800 bytes
Created:  8/11/2007
Modified: 3/25/2008
Company:  Intel Corporation
----------

**************************************************
5:55:43 PM: Scanning ----- CONTEXTMENUHANDLERS -----
Key:   AVG8 Shell Extension
CLSID: {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
Path:  C:\Program Files\AVG\AVG8\avgse.dll
C:\Program Files\AVG\AVG8\avgse.dll
108824 bytes
Created:  5/6/2008
Modified: 5/6/2008
Company:  AVG Technologies CZ, s.r.o.
----------
Key:   SPTContMenu
CLSID: {BD88A479-9623-4897-8546-BC62B9628F44}
Path:  C:\Program Files\Spyware Terminator\sptcontmenu.dll
C:\Program Files\Spyware Terminator\sptcontmenu.dll
164352 bytes
Created:  5/19/2008
Modified: 5/19/2008
Company:  Crawler.com
----------

**************************************************
5:55:43 PM: Scanning ----- FOLDER\COLUMNHANDLERS -----

**************************************************
5:55:43 PM: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
62080 bytes
Created:  10/23/2006
Modified: 10/23/2006
Company:  Adobe Systems Incorporated
----------
Key: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
BHO: C:\Program Files\AVG\AVG8\avgssie.dll
C:\Program Files\AVG\AVG8\avgssie.dll
419096 bytes
Created:  5/6/2008
Modified: 5/6/2008
Company:  AVG Technologies CZ, s.r.o.
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
501400 bytes
Created:  8/11/2007
Modified: 4/7/2007
Company:  Sun Microsystems, Inc.
----------

**************************************************
5:55:44 PM: Scanning ----- SHELLSERVICEOBJECTS -----

**************************************************
5:55:44 PM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

**************************************************
5:55:44 PM: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

**************************************************
5:55:44 PM: Scanning ----- APPINIT_DLLS -----
AppInitDLLs entry = [avgrsstx.dll]
File: avgrsstx.dll
C:\Windows\system32\avgrsstx.dll
10520 bytes
Created:  5/6/2008
Modified: 5/6/2008
Company:  AVG Technologies CZ, s.r.o.
----------

**************************************************
5:55:44 PM: Scanning ----- SECURITY PROVIDER DLLS -----

**************************************************
5:55:44 PM: Scanning ------ COMMON STARTUP GROUP ------
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created:  11/2/2006
Modified: 1/21/2008
Company:  
--------------------

**************************************************
5:55:45 PM: Scanning ----- USER STARTUP GROUPS -----
Checking Startup Group for: Arty Tovar
[C:\Users\Arty Tovar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
C:\Users\Arty Tovar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created:  12/10/2007
Modified: 1/21/2008
Company:  
----------
--------------------

**************************************************
5:55:45 PM: Scanning ----- SCHEDULED TASKS -----
No Scheduled Tasks found to scan

**************************************************
5:55:45 PM: ----- ADDITIONAL CHECKS -----
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Users\Arty Tovar\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
C:\Users\Arty Tovar\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
1440054 bytes
Created:  4/9/2008
Modified: 4/9/2008
Company:  
----------
Web Desktop Wallpaper: %APPDATA%\Mozilla\Firefox\Desktop Background.bmp
%APPDATA%\Mozilla\Firefox\Desktop Background.bmp [file not found to scan]
----------
Checking Drivers32 entries:
Value Name: midi1
File: wdmaud.drv
C:\Windows\system32\wdmaud.drv
168448 bytes
Created:  11/2/2006
Modified: 11/2/2006
Company:  Microsoft Corporation
----------
--------------------
Additional file checks completed

**************************************************
5:55:45 PM: Scanning ----- RUNNING PROCESSES -----

C:\Windows\System32\smss.exe
--------------------
C:\Windows\system32\csrss.exe
--------------------
C:\Windows\system32\wininit.exe
--------------------
C:\Windows\system32\csrss.exe
--------------------
C:\Windows\system32\services.exe
--------------------
C:\Windows\system32\lsass.exe
--------------------
C:\Windows\system32\lsm.exe
--------------------
C:\Windows\system32\winlogon.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Windows\System32\svchost.exe
--------------------
C:\Windows\System32\svchost.exe
--------------------
C:\Windows\System32\svchost.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Windows\system32\SLsvc.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Windows\system32\Dwm.exe
--------------------
C:\Windows\Explorer.EXE
--------------------
C:\Windows\System32\spoolsv.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Windows\system32\taskeng.exe
--------------------
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
--------------------
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
--------------------
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
--------------------
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Program Files\Spyware Terminator\sp_rsser.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Windows\System32\svchost.exe
--------------------
C:\Windows\system32\SearchIndexer.exe
--------------------
C:\Windows\system32\DRIVERS\xaudio.exe
--------------------
C:\Windows\system32\WUDFHost.exe
--------------------
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
--------------------
C:\PROGRA~1\AVG\AVG8\avgemc.exe
--------------------
C:\Windows\system32\taskeng.exe
--------------------
C:\Program Files\Windows Defender\MSASCui.exe
--------------------
C:\hp\support\hpsysdrv.exe
--------------------
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
--------------------
C:\Windows\RtHDVCpl.exe
--------------------
C:\Windows\system32\schtasks.exe
--------------------
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
--------------------
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
--------------------
C:\Program Files\AVG\AVG8\avgtray.exe
--------------------
C:\Windows\System32\hkcmd.exe
--------------------
C:\Windows\System32\igfxpers.exe
--------------------
C:\Windows\system32\igfxsrvc.exe
--------------------
C:\Program Files\Internet Explorer\iexplore.exe
--------------------
C:\Program Files\Internet Explorer\iexplore.exe
--------------------
C:\Program Files\Internet Explorer\iexplore.exe
--------------------
C:\Windows\System32\mobsync.exe
--------------------
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
--------------------
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
--------------------
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
--------------------
C:\Program Files\Microsoft Works\wkswp.exe
--------------------
C:\Program Files\Microsoft Works\WkDStore.exe
--------------------
C:\Program Files\Microsoft Works\wkgdcach.exe
--------------------
C:\Program Files\Trojan Remover\Rmvtrjan.exe
FileSize:          2482752
[This is a Trojan Remover component]
--------------------
--------------------
C:\Windows\system32\taskeng.exe
--------------------
C:\Windows\system32\SearchProtocolHost.exe
--------------------
C:\Windows\system32\SearchFilterHost.exe
--------------------

**************************************************
5:55:49 PM: Checking HOSTS file
No malicious entries were found in the HOSTS file

**************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Start Page":
[url="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop"]AOL.com - Welcome to AOL[/url]
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Search Page":
[url="http://go.microsoft.com/fwlink/?LinkId=54896"]Live Search[/url]
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
[url="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop"]AOL.com - Welcome to AOL[/url]
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
[url="http://go.microsoft.com/fwlink/?LinkId=54896"]Live Search[/url]
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
[url="http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327"]Search Assistant[/url]
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
[url="http://www.crawler.com/search/ie.aspx?tb_id=60327"]Internet Explorer Search[/url]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page":
[url="http://www.yahoo.com/"]Yahoo![/url]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page":
[url="http://go.microsoft.com/fwlink/?LinkId=54896"]Live Search[/url]

**************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 5:55:50 PM 20 May 2008
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.6.9.2533. For information, email [email]support@simplysup1.com[/email]
[Unregistered version]
Scan started at: 5:54:47 PM 20 May 2008
Using Database v6998
Operating System:  Windows Vista  [Windows Vista (Build 6000)]
Edition:           Windows Vista (TM) Home Premium
File System:       NTFS
User Account Control is Enabled.
Data directory:    C:\Users\Arty Tovar\AppData\Roaming\Simply Super Software\Trojan Remover\
Logfile directory: C:\Users\Arty Tovar\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges


**************************************************
The following Anti-Malware program(s) are loaded:
Microsoft Windows Defender

**************************************************


**************************************************
5:54:47 PM: Scanning ----------WIN.INI-----------
WIN.INI found in C:\Windows

**************************************************
5:54:47 PM: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\Windows

**************************************************
5:54:47 PM: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

**************************************************
5:54:49 PM: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: explorer.exe
C:\Windows\explorer.exe
2923520 bytes
Created:  1/21/2008
Modified: 1/21/2008
Company:  Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\Windows\system32\userinit.exe
C:\Windows\system32\userinit.exe
24576 bytes
Created:  11/2/2006
Modified: 11/2/2006
Company:  Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: Windows Defender
Value Data: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
C:\Program Files\Windows Defender\MSASCui.exe
1006264 bytes
Created:  8/11/2007
Modified: 8/11/2007
Company:  Microsoft Corporation
--------------------
Value Name: hpsysdrv
Value Data: c:\hp\support\hpsysdrv.exe
c:\hp\support\hpsysdrv.exe
65536 bytes
Created:  8/11/2007
Modified: 4/18/2007
Company:  Hewlett-Packard Company
--------------------
Value Name: OsdMaestro
Value Data: "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
118784 bytes
Created:  8/11/2007
Modified: 2/15/2007
Company:  OsdMaestro
--------------------
Value Name: RtHDVCpl
Value Data: RtHDVCpl.exe
C:\Windows\RtHDVCpl.exe
4702208 bytes
Created:  10/25/2007
Modified: 10/25/2007
Company:  Realtek Semiconductor
--------------------
Value Name: HP Health Check Scheduler
Value Data: c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
71176 bytes
Created:  5/24/2007
Modified: 5/24/2007
Company:  Hewlett-Packard
--------------------
Value Name: SunJavaUpdateReg
Value Data: "C:\Windows\system32\jureg.exe"
C:\Windows\system32\jureg.exe
54936 bytes
Created:  8/11/2007
Modified: 4/7/2007
Company:  Sun Microsystems, Inc.
--------------------
Value Name: HP Software Update
Value Data: c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
49152 bytes
Created:  2/17/2005
Modified: 2/17/2005
Company:  Hewlett-Packard Co.
--------------------
Value Name: 
Value Data: 
The Value Data for this entry appears to be blank
--------------------
Value Name: Adobe Reader Speed Launcher
Value Data: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
39792 bytes
Created:  1/12/2008
Modified: 1/12/2008
Company:  Adobe Systems Incorporated
--------------------
Value Name: Symantec PIF AlertEng
Value Data: "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
583048 bytes
Created:  1/29/2008
Modified: 1/29/2008
Company:  Symantec Corporation
--------------------
Value Name: AVG8_TRAY
Value Data: C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
1177368 bytes
Created:  5/6/2008
Modified: 5/6/2008
Company:  AVG Technologies CZ, s.r.o.
--------------------
Value Name: IgfxTray
Value Data: C:\Windows\system32\igfxtray.exe
C:\Windows\system32\igfxtray.exe
141848 bytes
Created:  3/25/2008
Modified: 3/25/2008
Company:  Intel Corporation
--------------------
Value Name: HotKeysCmds
Value Data: C:\Windows\system32\hkcmd.exe
C:\Windows\system32\hkcmd.exe
166424 bytes
Created:  3/25/2008
Modified: 3/25/2008
Company:  Intel Corporation
--------------------
Value Name: Persistence
Value Data: C:\Windows\system32\igfxpers.exe
C:\Windows\system32\igfxpers.exe
133656 bytes
Created:  3/25/2008
Modified: 3/25/2008
Company:  Intel Corporation
--------------------
Value Name: SpywareTerminator
Value Data: "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
1817600 bytes
Created:  5/19/2008
Modified: 5/19/2008
Company:  Crawler.com
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe
C:\Program Files\Trojan Remover\Trjscan.exe
877136 bytes
Created:  5/20/2008
Modified: 5/18/2008
Company:  Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Value Name: Launcher
Value Data: %WINDIR%\SMINST\launcher.exe
C:\Windows\SMINST\launcher.exe
44168 bytes
Created:  4/3/2007
Modified: 4/3/2007
Company:  soft thinks
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: locks tick title proc
Value Data: "C:\ProgramData\Copy Show Store.npbn4w"
C:\ProgramData\Copy Show Store.npbn4w
4112 bytes
Created:  4/9/2008
Modified: 4/9/2008
Company:  
--------------------
Value Name: 4 city
Value Data: "C:\ProgramData\ByteWinWin.h3hlel"
C:\ProgramData\ByteWinWin.h3hlel
8208 bytes
Created:  5/6/2008
Modified: 5/6/2008
Company:  
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty

**************************************************
5:54:51 PM: Scanning -----SHELLEXECUTEHOOKS-----
ShellExecuteHooks key is empty

**************************************************
5:54:51 PM: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

**************************************************
5:54:52 PM: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\Windows\system32\logon.scr
C:\Windows\system32\logon.scr
5714432 bytes
Created:  11/2/2006
Modified: 11/2/2006
Company:  Microsoft Corporation
--------------------

**************************************************
5:54:52 PM: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

**************************************************
5:54:52 PM: Scanning ----- SERVICEDLL REGISTRY KEYS -----

**************************************************
5:54:55 PM: Scanning ----- SERVICES REGISTRY KEYS -----
Key:       Afc
ImagePath: system32\drivers\Afc.sys
C:\Windows\system32\drivers\Afc.sys
11776 bytes
Created:  12/17/2007
Modified: 2/23/2005
Company:  Arcsoft, Inc.
----------
Key:       Automatic LiveUpdate Scheduler
ImagePath: "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
554352 bytes
Created:  8/11/2007
Modified: 9/12/2007
Company:  Symantec Corporation
----------
Key:       avg8emc
ImagePath: C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
902424 bytes
Created:  5/6/2008
Modified: 5/6/2008
Company:  AVG Technologies CZ, s.r.o.
----------
Key:       avg8wd
ImagePath: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
282904 bytes
Created:  5/6/2008
Modified: 5/6/2008
Company:  AVG Technologies CZ, s.r.o.
----------
Key:       AvgLdx86
ImagePath: \SystemRoot\System32\Drivers\avgldx86.sys
C:\Windows\System32\Drivers\avgldx86.sys
96520 bytes
Created:  5/6/2008
Modified: 5/6/2008
Company:  AVG Technologies CZ, s.r.o.
----------
Key:       AvgMfx86
ImagePath: \SystemRoot\System32\Drivers\avgmfx86.sys
C:\Windows\System32\Drivers\avgmfx86.sys
26184 bytes
Created:  5/6/2008
Modified: 5/6/2008
Company:  GRISOFT, s.r.o.
----------
Key:       AvgWfpX
ImagePath: \SystemRoot\System32\Drivers\avgwfpx.sys
C:\Windows\System32\Drivers\avgwfpx.sys
67080 bytes
Created:  5/6/2008
Modified: 5/6/2008
Company:  AVG Technologies CZ, s.r.o.
----------
Key:       BCM43XX
ImagePath: system32\DRIVERS\bcmwl6.sys
C:\Windows\system32\DRIVERS\bcmwl6.sys
534016 bytes
Created:  12/10/2007
Modified: 12/19/2006
Company:  Broadcom Corporation
----------
Key:       blbdrive
ImagePath: \SystemRoot\system32\drivers\blbdrive.sys - file is missing - alert is globally excluded
----------
Key:       dot4
ImagePath: system32\DRIVERS\Dot4.sys
C:\Windows\system32\DRIVERS\Dot4.sys
131584 bytes
Created:  11/2/2006
Modified: 11/2/2006
Company:  Microsoft Corporation
----------
Key:       Dot4Print
ImagePath: system32\DRIVERS\Dot4Prt.sys
C:\Windows\system32\DRIVERS\Dot4Prt.sys
16384 bytes
Created:  11/2/2006
Modified: 11/2/2006
Company:  Microsoft Corporation
----------
Key:       Dot4Scan
ImagePath: system32\DRIVERS\Dot4Scan.sys
C:\Windows\system32\DRIVERS\Dot4Scan.sys
10752 bytes
Created:  11/2/2006
Modified: 11/2/2006
Company:  Microsoft Corporation
----------
Key:       dot4usb
ImagePath: system32\DRIVERS\dot4usb.sys
C:\Windows\system32\DRIVERS\dot4usb.sys
36864 bytes
Created:  11/2/2006
Modified: 11/2/2006
Company:  Microsoft Corporation
----------
Key:       HP Health Check Service
ImagePath: "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe"
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
61440 bytes
Created:  5/24/2007
Modified: 5/24/2007
Company:  Hewlett-Packard
----------
Key:       HSF_DP
ImagePath: system32\DRIVERS\HSX_DP.sys
C:\Windows\system32\DRIVERS\HSX_DP.sys
985600 bytes
Created:  2/12/2008
Modified: 2/12/2008
Company:  Conexant Systems, Inc.
----------
Key:       ialm
ImagePath: system32\DRIVERS\igdkmd32.sys
C:\Windows\system32\DRIVERS\igdkmd32.sys
2307072 bytes
Created:  3/25/2008
Modified: 3/25/2008
Company:  Intel Corporation
----------
Key:       IDriverT
ImagePath: "c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
73728 bytes
Created:  10/22/2004
Modified: 10/22/2004
Company:  Macrovision Corporation
----------
Key:       igfx
ImagePath: system32\DRIVERS\igdkmd32.sys
C:\Windows\system32\DRIVERS\igdkmd32.sys
2307072 bytes
Created:  3/25/2008
Modified: 3/25/2008
Company:  Intel Corporation
----------
Key:       IpInIp
ImagePath: system32\DRIVERS\ipinip.sys - file is missing - alert is globally excluded
----------
Key:       kbdhid
ImagePath: \SystemRoot\system32\drivers\kbdhid.sys
C:\Windows\system32\drivers\kbdhid.sys
15872 bytes
Created:  11/2/2006
Modified: 11/2/2006
Company:  Microsoft Corporation
----------
Key:       LiveUpdate
ImagePath: "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
2999664 bytes
Created:  8/11/2007
Modified: 9/12/2007
Company:  Symantec Corporation
----------
Key:       LiveUpdate Notice Ex
ImagePath: "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [file not found to scan]
----------
Key:       LiveUpdate Notice Service
ImagePath: "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll"
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
583048 bytes
Created:  1/29/2008
Modified: 1/29/2008
Company:  Symantec Corporation
----------
Key:       msiserver
ImagePath: %systemroot%\system32\msiexec /V
----------
Key:       NwlnkFlt
ImagePath: system32\DRIVERS\nwlnkflt.sys - file is missing - alert is globally excluded
----------
Key:       NwlnkFwd
ImagePath: system32\DRIVERS\nwlnkfwd.sys - file is missing - alert is globally excluded
----------
Key:       pfc
ImagePath: system32\drivers\pfc.sys
C:\Windows\system32\drivers\pfc.sys [file not found to scan]
----------
Key:       RoxMediaDB9
ImagePath: "c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe"
c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
887544 bytes
Created:  5/11/2007
Modified: 5/11/2007
Company:  Sonic Solutions
----------
Key:       RTL8169
ImagePath: system32\DRIVERS\Rtlh86.sys
C:\Windows\system32\DRIVERS\Rtlh86.sys
104448 bytes
Created:  12/28/2007
Modified: 12/28/2007
Company:  Realtek Corporation                                            
----------
Key:       Serenum
ImagePath: \SystemRoot\system32\drivers\serenum.sys
C:\Windows\system32\drivers\serenum.sys
17920 bytes
Created:  11/2/2006
Modified: 11/2/2006
Company:  Microsoft Corporation
----------
Key:       Serial
ImagePath: \SystemRoot\system32\drivers\serial.sys
C:\Windows\system32\drivers\serial.sys
83456 bytes
Created:  11/2/2006
Modified: 11/2/2006
Company:  Microsoft Corporation
----------
Key:       sp_rsdrv2
ImagePath: \??\C:\Windows\system32\drivers\sp_rsdrv2.sys
C:\Windows\system32\drivers\sp_rsdrv2.sys
141312 bytes
Created:  5/19/2008
Modified: 5/19/2008
Company:  
----------
Key:       sp_rssrv
ImagePath: "C:\Program Files\Spyware Terminator\sp_rsser.exe"
C:\Program Files\Spyware Terminator\sp_rsser.exe
606720 bytes
Created:  5/19/2008
Modified: 5/19/2008
Company:  Crawler.com
----------
Key:       stllssvr
ImagePath: "c:\Program Files\Common Files\SureThing Shared\stllssvr.exe"
c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
-R- 74656 bytes
Created:  5/3/2007
Modified: 5/3/2007
Company:  MicroVision Development, Inc.
----------
Key:       WpdUsb
ImagePath: system32\DRIVERS\wpdusb.sys
C:\Windows\system32\DRIVERS\wpdusb.sys
39936 bytes
Created:  11/2/2006
Modified: 11/2/2006
Company:  Microsoft Corporation
----------

**************************************************
5:55:11 PM: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:

**************************************************
5:55:11 PM: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key: igfxcui
DLL: igfxdev.dll
C:\Windows\system32\igfxdev.dll
204800 bytes
Created:  8/11/2007
Modified: 3/25/2008
Company:  Intel Corporation
----------

**************************************************
5:55:11 PM: Scanning ----- CONTEXTMENUHANDLERS -----
Key:   AVG8 Shell Extension
CLSID: {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
Path:  C:\Program Files\AVG\AVG8\avgse.dll
C:\Program Files\AVG\AVG8\avgse.dll
108824 bytes
Created:  5/6/2008
Modified: 5/6/2008
Company:  AVG Technologies CZ, s.r.o.
----------
Key:   SPTContMenu
CLSID: {BD88A479-9623-4897-8546-BC62B9628F44}
Path:  C:\Program Files\Spyware Terminator\sptcontmenu.dll
C:\Program Files\Spyware Terminator\sptcontmenu.dll
164352 bytes
Created:  5/19/2008
Modified: 5/19/2008
Company:  Crawler.com
----------

**************************************************
5:55:12 PM: Scanning ----- FOLDER\COLUMNHANDLERS -----

**************************************************
5:55:13 PM: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
62080 bytes
Created:  10/23/2006
Modified: 10/23/2006
Company:  Adobe Systems Incorporated
----------
Key: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
BHO: C:\Program Files\AVG\AVG8\avgssie.dll
C:\Program Files\AVG\AVG8\avgssie.dll
419096 bytes
Created:  5/6/2008
Modified: 5/6/2008
Company:  AVG Technologies CZ, s.r.o.
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
501400 bytes
Created:  8/11/2007
Modified: 4/7/2007
Company:  Sun Microsystems, Inc.
----------

**************************************************
5:55:13 PM: Scanning ----- SHELLSERVICEOBJECTS -----

**************************************************
5:55:13 PM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

**************************************************
5:55:13 PM: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

**************************************************
5:55:13 PM: Scanning ----- APPINIT_DLLS -----
AppInitDLLs entry = [avgrsstx.dll]
File: avgrsstx.dll
C:\Windows\system32\avgrsstx.dll
10520 bytes
Created:  5/6/2008
Modified: 5/6/2008
Company:  AVG Technologies CZ, s.r.o.
----------

**************************************************
5:55:13 PM: Scanning ----- SECURITY PROVIDER DLLS -----

**************************************************
5:55:14 PM: Scanning ------ COMMON STARTUP GROUP ------
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created:  11/2/2006
Modified: 1/21/2008
Company:  
--------------------

**************************************************
5:55:14 PM: Scanning ----- USER STARTUP GROUPS -----
Checking Startup Group for: Arty Tovar
[C:\Users\Arty Tovar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
C:\Users\Arty Tovar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created:  12/10/2007
Modified: 1/21/2008
Company:  
----------
--------------------

**************************************************
5:55:14 PM: Scanning ----- SCHEDULED TASKS -----
No Scheduled Tasks found to scan

**************************************************
5:55:14 PM: ----- ADDITIONAL CHECKS -----
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Users\Arty Tovar\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
C:\Users\Arty Tovar\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
1440054 bytes
Created:  4/9/2008
Modified: 4/9/2008
Company:  
----------
Web Desktop Wallpaper: %APPDATA%\Mozilla\Firefox\Desktop Background.bmp
%APPDATA%\Mozilla\Firefox\Desktop Background.bmp [file not found to scan]
----------
Checking Drivers32 entries:
Value Name: midi1
File: wdmaud.drv
C:\Windows\system32\wdmaud.drv
168448 bytes
Created:  11/2/2006
Modified: 11/2/2006
Company:  Microsoft Corporation
----------
--------------------
Additional file checks completed

**************************************************
5:55:14 PM: Scanning ----- RUNNING PROCESSES -----

C:\Windows\System32\smss.exe
--------------------
C:\Windows\system32\csrss.exe
--------------------
C:\Windows\system32\wininit.exe
--------------------
C:\Windows\system32\csrss.exe
--------------------
C:\Windows\system32\services.exe
--------------------
C:\Windows\system32\lsass.exe
--------------------
C:\Windows\system32\lsm.exe
--------------------
C:\Windows\system32\winlogon.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Windows\System32\svchost.exe
--------------------
C:\Windows\System32\svchost.exe
--------------------
C:\Windows\System32\svchost.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Windows\system32\SLsvc.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Windows\system32\Dwm.exe
--------------------
C:\Windows\Explorer.EXE
--------------------
C:\Windows\System32\spoolsv.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Windows\system32\taskeng.exe
--------------------
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
--------------------
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
--------------------
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
--------------------
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Program Files\Spyware Terminator\sp_rsser.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Windows\System32\svchost.exe
--------------------
C:\Windows\system32\SearchIndexer.exe
--------------------
C:\Windows\system32\DRIVERS\xaudio.exe
--------------------
C:\Windows\system32\WUDFHost.exe
--------------------
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
--------------------
C:\PROGRA~1\AVG\AVG8\avgemc.exe
--------------------
C:\Windows\system32\taskeng.exe
--------------------
C:\Program Files\Windows Defender\MSASCui.exe
--------------------
C:\hp\support\hpsysdrv.exe
--------------------
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
--------------------
C:\Windows\RtHDVCpl.exe
--------------------
C:\Windows\system32\schtasks.exe
--------------------
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
--------------------
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
--------------------
C:\Program Files\AVG\AVG8\avgtray.exe
--------------------
C:\Windows\System32\hkcmd.exe
--------------------
C:\Windows\System32\igfxpers.exe
--------------------
C:\Windows\system32\igfxsrvc.exe
--------------------
C:\Program Files\Internet Explorer\iexplore.exe
--------------------
C:\Program Files\Internet Explorer\iexplore.exe
--------------------
C:\Program Files\Internet Explorer\iexplore.exe
--------------------
C:\Windows\System32\mobsync.exe
--------------------
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
--------------------
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
--------------------
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
--------------------
C:\Program Files\Microsoft Works\wkswp.exe
--------------------
C:\Program Files\Microsoft Works\WkDStore.exe
--------------------
C:\Program Files\Microsoft Works\wkgdcach.exe
--------------------
C:\Program Files\Trojan Remover\Rmvtrjan.exe
FileSize:          2482752
[This is a Trojan Remover component]
--------------------
--------------------
C:\Windows\system32\taskeng.exe
--------------------

**************************************************
5:55:20 PM: Checking HOSTS file
No malicious entries were found in the HOSTS file

**************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Start Page":
[url="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop"]AOL.com - Welcome to AOL[/url]
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Search Page":
[url="http://go.microsoft.com/fwlink/?LinkId=54896"]Live Search[/url]
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
[url="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop"]AOL.com - Welcome to AOL[/url]
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
[url="http://go.microsoft.com/fwlink/?LinkId=54896"]Live Search[/url]
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
[url="http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327"]Search Assistant[/url]
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
[url="http://www.crawler.com/search/ie.aspx?tb_id=60327"]Internet Explorer Search[/url]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page":
[url="http://www.yahoo.com/"]Yahoo![/url]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page":
[url="http://go.microsoft.com/fwlink/?LinkId=54896"]Live Search[/url]

**************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 5:55:20 PM 20 May 2008
************************************************************
 
Last edited by a moderator:
I deleted some of Norton systemtech, I believe all that left is the updater.
I will do my best to get rid of the rest.
Best Buy offered to rid the computer of all the junk and install Norton full version for close to $200.00 but I said no.
Any advise to rid my pc of all the extra crap?
What about those entries you mention.
I am currently running VundoFix.
 
Best Buy and Geek Squad are fools. I was teaching them how to do things that is how low tech they are. :wink:

Use the PC Decrapifier. That will get rid of loads of stuff. Use the Norton removal tool and use AVG Free or Avast. Much better than Norton all the way.

After Vundofix run Hijack real quick and post up a log. I can read thru that real quick.
 
VundoFix found nothing wrong.
I just went into the control panel.
I found a entry named CiD Help, This is what is appearing on all the popups CiD, so I uninstalled it.
I removed symatec updater, I removed all symatec entries.
 
I can certainly agree on Best Buy and Geek Squad there! When asked for help with upgrading a used laptop a friend's sibling recommended Geek Sqaud while I frowned since the upgrade was a simple swap to a larger hard drive, 2gb of memory, and seeing a clean install of XP to replace the copy preinstalled on the original drive.

Norton is an overpriced pile of bloatware you want off. That's almost as low end as McAfee! Makaveli213 is making some good points here to follow.
 
Reg Crawler found 190 entries.
CiD.
The green bar is still working but it says Ready at the bottom.
I can't seem to delete these entries.
I can't find a Select all, I tried to highlight each entry and choose delete but nothing seems to be working.


Addendum:

Code:
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_usbccid.inf.resources_31bf3856ad364e35_en-us_7c7782d1310db104
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-f..truetype-lucidasans_31bf3856ad364e35_none_8b2357e8eb5c77de
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-f..etype-lucidaconsole_31bf3856ad364e35_none_8beeda31b419f86e
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6001.18000_001c50b5\ComponentFamilies\x86_usbccid.inf.resources_31bf3856ad364e35_en-us_7c7782d1310db104
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6001.18000_001c50b5\ComponentFamilies\x86_microsoft-windows-f..truetype-lucidasans_31bf3856ad364e35_none_8b2357e8eb5c77de
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6001.18000_001c50b5\ComponentFamilies\x86_microsoft-windows-f..etype-lucidaconsole_31bf3856ad364e35_none_8beeda31b419f86e
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_usbccid.inf.resources_31bf3856ad364e35_6.0.6000.16386_en-us_8229b3ce173e4082
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_microsoft-windows-f..truetype-lucidasans_31bf3856ad364e35_6.0.6000.16386_none_72bcc3ac8a7942d8
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_microsoft-windows-f..etype-lucidaconsole_31bf3856ad364e35_6.0.6000.16386_none_fd10303d7bcfbdc8
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Parental Controls\Ratings Systems\Web\LCIDS
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Parental Controls\Ratings Systems\Games\LCIDS
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\DirectDraw\Compatibility\Terracide
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\System.Security.Permissions.GacIdentityPermission
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\SVCID.Local
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\SVCID
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{F88A4455-BEB8-4D91-8C13-6807B0147727}\LCID
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{E6DEC310-673A-450A-B3E9-FC35AF04F1E7}\LCID
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{C77A3910-BAB0-4A38-A0A1-405FA9257C1B}\LCID
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{A96434FF-30F1-430E-B568-DCCCB831FFCE}\LCID
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{478DD7E7-228D-44B7-9854-DFB0E818D8A7}\LCID
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{37C15872-BF9C-4695-B29C-62646509DDDB}\LCID
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{26fa7c37-2cd3-4897-9499-33330e075cbd}\LCID
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{16743a99-a049-4ade-bd5d-21cf615b61e8}\LCID
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{07461CC0-878C-4C0F-9255-7DDB269B363B}\LCID
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CddbMusicIDRoxio.CDDBMusicIDManager.1
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CddbMusicIDRoxio.CDDBMusicIDManager
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CddbMusicIDRoxio.CddbFileInfoLists.1
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CddbMusicIDRoxio.CddbFileInfoLists
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CddbMusicIDRoxio.CddbFileInfoList.1
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CddbMusicIDRoxio.CddbFileInfoList
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CddbMusicIDRoxio.CddbFileInfo.1
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CddbMusicIDRoxio.CddbFileInfo
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CddbMusicIDGnote.CddbMusicIDSettings.1
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CddbMusicIDGnote.CddbMusicIDSettings
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\.msrcincident
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts (Lucida Sans Demibold Italic (TrueType))
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts (Lucida Sans Demibold Roman (TrueType))
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts (Lucida Sans Regular (TrueType))
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts (Lucida Sans Italic (TrueType))
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts (Occidental)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts (Lucida Sans Unicode (TrueType))
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts (Lucida Console (TrueType))
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink (Lucida Sans Unicode)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_usbccid.inf.resources_31bf3856ad364e35_6.0.6000.16386_en-us_8229b3ce173e4082 (f!usbccid.inf_loc_f2475b840ecf0e3b)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_microsoft-windows-i..xing-service-server_31bf3856ad364e35_6.0.6000.16386_none_ad591e193b4c64d4 (f!cidaemon.exe)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs (c:\Windows\system32\CddbMusicIDRoxio.dll)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7DC1B83906C7E194AA09F18188612804\Features (ACNonGNMusicIDHelpTRK)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7DC1B83906C7E194AA09F18188612804\Features (ACNonGNMusicIDHelpSVE)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7DC1B83906C7E194AA09F18188612804\Features (ACNonGNMusicIDHelpPTG)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7DC1B83906C7E194AA09F18188612804\Features (ACNonGNMusicIDHelpPTB)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7DC1B83906C7E194AA09F18188612804\Features (ACNonGNMusicIDHelpNOR)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7DC1B83906C7E194AA09F18188612804\Features (ACNonGNMusicIDHelpNLD)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7DC1B83906C7E194AA09F18188612804\Features (ACNonGNMusicIDHelpKOR)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7DC1B83906C7E194AA09F18188612804\Features (ACNonGNMusicIDHelpJPN)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7DC1B83906C7E194AA09F18188612804\Features (ACNonGNMusicIDHelpITA)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7DC1B83906C7E194AA09F18188612804\Features (ACNonGNMusicIDHelpFRA)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7DC1B83906C7E194AA09F18188612804\Features (ACNonGNMusicIDHelpFIN)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7DC1B83906C7E194AA09F18188612804\Features (ACNonGNMusicIDHelpESN)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7DC1B83906C7E194AA09F18188612804\Features (ACNonGNMusicIDHelpENU)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7DC1B83906C7E194AA09F18188612804\Features (ACNonGNMusicIDHelpDEU)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7DC1B83906C7E194AA09F18188612804\Features (ACNonGNMusicIDHelpDAN)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7DC1B83906C7E194AA09F18188612804\Features (ACNonGNMusicIDHelpCHT)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7DC1B83906C7E194AA09F18188612804\Features (ACNonGNMusicIDHelpCHS)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7DC1B83906C7E194AA09F18188612804\Features (ACGNMusicIDHelpTRK)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{fe10683d-a006-49f4-b29b-2ad3de62a063}\Modifiers (CID)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{d84ae79e-5824-47ca-95a4-e0e23ebecade}\Modifiers (CID)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{b3690e58-e961-423b-b687-386ebfd83239}\Modifiers (CID)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{af9c03d6-7db9-4a15-9464-13bf9fb69a2a}\Modifiers (CID)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{822b2508-bccc-457a-b698-a3e06bc68f1b}\Modifiers (CID)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{7d49d726-3c21-4f05-99aa-fdc2c9474656}\Modifiers (CID)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{6772c27f-12ca-4857-90f2-901494c4c7c7}\Modifiers (CID)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{5c4f28b5-f869-4e84-8e60-f11db97c5cc7}\Modifiers (CID)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{459a0903-a203-447e-afc9-fa37ca6a9fe7}\Modifiers (CID)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{0b87a7a4-ab43-4c4b-b4b4-9e55a9261f41}\Modifiers (CID)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{0b7467fb-84ba-4aae-a09b-15b71097af9e}\Modifiers (CID)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\Installer\Features\7DC1B83906C7E194AA09F18188612804 (ACNonGNMusicIDHelpTRK)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\Installer\Features\7DC1B83906C7E194AA09F18188612804 (ACNonGNMusicIDHelpSVE)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\Installer\Features\7DC1B83906C7E194AA09F18188612804 (ACNonGNMusicIDHelpPTG)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\Installer\Features\7DC1B83906C7E194AA09F18188612804 (ACNonGNMusicIDHelpPTB)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\Installer\Features\7DC1B83906C7E194AA09F18188612804 (ACNonGNMusicIDHelpNOR)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\Installer\Features\7DC1B83906C7E194AA09F18188612804 (ACNonGNMusicIDHelpNLD)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\Installer\Features\7DC1B83906C7E194AA09F18188612804 (ACNonGNMusicIDHelpKOR)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\Installer\Features\7DC1B83906C7E194AA09F18188612804 (ACNonGNMusicIDHelpJPN)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\Installer\Features\7DC1B83906C7E194AA09F18188612804 (ACNonGNMusicIDHelpITA)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\Installer\Features\7DC1B83906C7E194AA09F18188612804 (ACNonGNMusicIDHelpFRA)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\Installer\Features\7DC1B83906C7E194AA09F18188612804 (ACNonGNMusicIDHelpFIN)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\Installer\Features\7DC1B83906C7E194AA09F18188612804 (ACNonGNMusicIDHelpESN)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\Installer\Features\7DC1B83906C7E194AA09F18188612804 (ACNonGNMusicIDHelpENU)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\Installer\Features\7DC1B83906C7E194AA09F18188612804 (ACNonGNMusicIDHelpDEU)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\Installer\Features\7DC1B83906C7E194AA09F18188612804 (ACNonGNMusicIDHelpDAN)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\Installer\Features\7DC1B83906C7E194AA09F18188612804 (ACNonGNMusicIDHelpCHT)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\Installer\Features\7DC1B83906C7E194AA09F18188612804 (ACNonGNMusicIDHelpCHS)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\Installer\Features\7DC1B83906C7E194AA09F18188612804 (ACGNMusicIDHelpTRK)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{E6DEC310-673A-450A-B3E9-FC35AF04F1E7}\LCID (LCID1)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{E6DEC310-673A-450A-B3E9-FC35AF04F1E7}\LCID (LCID2)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{37C15872-BF9C-4695-B29C-62646509DDDB}\LCID (LCID3)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{37C15872-BF9C-4695-B29C-62646509DDDB}\LCID (LCID1)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{37C15872-BF9C-4695-B29C-62646509DDDB}\LCID (LCID8)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{37C15872-BF9C-4695-B29C-62646509DDDB}\LCID (LCID6)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{37C15872-BF9C-4695-B29C-62646509DDDB}\LCID (LCID4)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{37C15872-BF9C-4695-B29C-62646509DDDB}\LCID (LCID2)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{37C15872-BF9C-4695-B29C-62646509DDDB}\LCID (LCID9)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{37C15872-BF9C-4695-B29C-62646509DDDB}\LCID (LCID7)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{37C15872-BF9C-4695-B29C-62646509DDDB}\LCID (LCID5)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{16743a99-a049-4ade-bd5d-21cf615b61e8}\LCID (LCID3)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{16743a99-a049-4ade-bd5d-21cf615b61e8}\LCID (LCID1)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{16743a99-a049-4ade-bd5d-21cf615b61e8}\LCID (LCID8)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{16743a99-a049-4ade-bd5d-21cf615b61e8}\LCID (LCID6)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{16743a99-a049-4ade-bd5d-21cf615b61e8}\LCID (LCID4)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{16743a99-a049-4ade-bd5d-21cf615b61e8}\LCID (LCID2)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{16743a99-a049-4ade-bd5d-21cf615b61e8}\LCID (LCID7)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{16743a99-a049-4ade-bd5d-21cf615b61e8}\LCID (LCID5)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts (Occidental=OCCIDENT.TTF)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Console\TrueTypeFont (0=Lucida Console)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3C9ED5DD187248E4BBB1C43007313114 (7DC1B83906C7E194AA09F18188612804=c?\Windows\system32\CddbMusicIDRoxio.dll)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3C9ED5DD187248E4BBB1C43007313114 (B0860B8CEADC9084F91983B7D60EF0C7=c?\Windows\system32\CddbMusicIDRoxio.dll)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{e24204ae-906c-4257-bd4f-1bef1a85d7dd} (CanonicalName=PicturesCID)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{e105a509-fce2-46d3-a86e-3940dc30c4ac} (CanonicalName=LibraryStackedCID)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{b06a8644-232d-4b6a-87bc-75e061534d8b} (CanonicalName=NotSpecifiedCID)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{98e8e94c-0e11-4f8a-827e-106df642335d} (CanonicalName=EmailStackedCID)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{91293551-1b82-4c88-8753-db10769522b5} (CanonicalName=MusicStackedCID)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{8deceb73-8f51-4942-81a6-45cdcfcb44d2} (CanonicalName=PicturesStackedCID)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{880dba32-2fc3-4102-ae87-a66c677d43cc} (CanonicalName=DocumentsCID)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{806eea73-76ea-44be-a05e-003c15a80e35} (CanonicalName=MusicCID)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{3f795800-2c8e-4ab1-96ae-381b5cd86519} (CanonicalName=MusicAlbumCID)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{29777ee1-edb4-401d-a10d-56c83351f7e0} (CanonicalName=PicturesSearchCID)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\FolderTypes\{2546d349-173f-4a7d-ab23-94d58d630ab3} (CanonicalName=DocumentsStackedCID)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Notepad\DefaultFonts (lfFaceName=Lucida Console)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN (Start Page=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\TypeLib\{48BD9519-52C0-44C4-A400-4E30A8AFF61C}\1.0\0\win32 (Default=c:\Windows\system32\CddbMusicIDRoxio.dll)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\TypeLib\{48BD9519-52C0-44C4-A400-4E30A8AFF61C}\1.0 (Default=CddbMusicID(Roxio) 1.0 Type Library)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\TypeLib\{433340D0-D397-4A1E-874E-DFD1C5BB8A84}\1.0\0\win32 (Default=c:\Windows\system32\CddbMusicIDRoxio.dll)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\TypeLib\{433340D0-D397-4A1E-874E-DFD1C5BB8A84}\1.0 (Default=CddbMusicID(Roxio) 1.0 Type Library)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\System.Security.Permissions.GacIdentityPermission (Default=System.Security.Permissions.GacIdentityPermission)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\MIME\Database\Codepage\50000 (ProportionalFont=Lucida Sans Unicode)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\Interface\{EF26B434-ECB8-44E1-A5A6-AFB68C9DF128} (Default=ICddbMusicIDFingerprint)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\Interface\{E7157988-478A-4D3D-B624-703D455DCDF7} (Default=ICddbMusicIDFingerprint)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\Interface\{A9637792-5BE8-3C93-A501-49F0E840DE38} (Default=_GacIdentityPermission)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\Interface\{9A37D8B2-2256-3FE3-8BF0-4FC421A1244F} (Default=_GenericIdentity)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\Interface\{81F9B44F-BA3A-4F5D-9B51-090C74A9B3A4} (Default=IAccID)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\Interface\{7852B78D-1CFD-41C1-A615-9C0C85960B5F} (Default=IAccIdentity)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\Interface\{736D8A2B-6895-4944-9567-DA67D00B0DCA} (Default=ISyncIdentity)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\Interface\{69122750-9A2E-48CF-A819-39D0B0119B98} (Default=ICddbMusicIDSettings)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\Interface\{62A9BB89-008E-4FE0-9E52-23B4654BEB27} (Default=ICDDBMusicIDManager)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\Interface\{5F19E082-26F8-3361-B338-9BACB98809A4} (Default=_GacIdentityPermissionAttribute)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\Interface\{5D55C186-6DD0-47CF-B142-FF19B753B230} (Default=ICddbMusicIDFingerprinter)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\Interface\{59D8D495-BDEF-47CE-AA63-4398C33E45F2} (Default=_ICDDBMusicIDManagerEvents)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\Interface\{4AB67927-3C86-328A-8186-F85357DD5527} (Default=_LCIDConversionAttribute)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\Interface\{48616F09-0666-4F16-B45D-F0AF7ECFA95D} (Default=_ICDDBMusicIDManagerEvents)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\Interface\{2E70088D-8FD2-466F-8CD6-3AAEF8037148} (Default=ICDDBMusicIDManager2)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\Interface\{2CBEEEAB-DECC-4449-979F-A9D3D1F93619} (Default=ICddbMusicIDFingerprinter)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\Interface\{2282639C-69DB-4A08-97F0-D49AD409E00D} (Default=ICDDBMusicIDManager)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\Interface\{10E7DF8D-25BF-4467-B2E3-E6D694B40FF9} (Default=ICDDBMusicIDManager3)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{dff5f135-52d5-425f-8565-d6330d47432c}\VersionIndependentProgID (Default=CddbMusicIDGnote.CddbMusicIDSettings)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{dff5f135-52d5-425f-8565-d6330d47432c}\ProgID (Default=CddbMusicIDGnote.CddbMusicIDSettings.1)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{dff5f135-52d5-425f-8565-d6330d47432c}\InprocServer32 (Default=c:\Windows\system32\CddbMusicIDRoxio.dll)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{dff5f135-52d5-425f-8565-d6330d47432c} (Default=CddbMusicIDSettings Class)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{cf2a0e95-24b4-4b42-9023-9c3336ef324f}\VersionIndependentProgID (Default=CddbMusicIDRoxio.CDDBRoxioMusicIDManager)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{cf2a0e95-24b4-4b42-9023-9c3336ef324f}\ProgID (Default=CddbMusicIDRoxio.CDDBRoxioMusicIDManager.1)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{cf2a0e95-24b4-4b42-9023-9c3336ef324f}\InprocServer32 (Default=c:\Windows\system32\CddbMusicIDRoxio.dll)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{cf2a0e95-24b4-4b42-9023-9c3336ef324f} (Default=CDDBRoxioMusicIDManager Class)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{cd6e92c0-a520-4944-9125-23069903570d}\VersionIndependentProgID (Default=CddbMusicIDRoxio.CddbFileInfo)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{cd6e92c0-a520-4944-9125-23069903570d}\ProgID (Default=CddbMusicIDRoxio.CddbFileInfo.1)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{cd6e92c0-a520-4944-9125-23069903570d}\InprocServer32 (Default=c:\Windows\system32\CddbMusicIDRoxio.dll)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{ae7e3f27-d2b9-4518-adda-89d3a4038c19}\VersionIndependentProgID (Default=CddbMusicIDRoxio.CDDBRoxioMusicIDManager)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{ae7e3f27-d2b9-4518-adda-89d3a4038c19}\ProgID (Default=CddbMusicIDRoxio.CDDBRoxioMusicIDManager.1)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{ae7e3f27-d2b9-4518-adda-89d3a4038c19}\InprocServer32 (Default=c:\Windows\system32\CddbMusicIDRoxio.dll)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{ae7e3f27-d2b9-4518-adda-89d3a4038c19} (Default=CDDBRoxioMusicIDManager Class)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{7c2236d1-6569-4535-80ee-99d19ad82531}\VersionIndependentProgID (Default=CddbMusicIDRoxio.CddbFileInfoLists)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{7c2236d1-6569-4535-80ee-99d19ad82531}\ProgID (Default=CddbMusicIDRoxio.CddbFileInfoLists.1)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{7c2236d1-6569-4535-80ee-99d19ad82531}\InprocServer32 (Default=c:\Windows\system32\CddbMusicIDRoxio.dll)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{41b05194-72c7-46d7-a2e0-5f240321f758}\VersionIndependentProgID (Default=CddbMusicIDRoxio.CddbFileInfoList)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{41b05194-72c7-46d7-a2e0-5f240321f758}\ProgID (Default=CddbMusicIDRoxio.CddbFileInfoList.1)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{41b05194-72c7-46d7-a2e0-5f240321f758}\InprocServer32 (Default=c:\Windows\system32\CddbMusicIDRoxio.dll)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{29A6CF6F-D663-31A7-9210-1347871681FC}\ProgId (Default=System.Security.Permissions.GacIdentityPermission)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{29A6CF6F-D663-31A7-9210-1347871681FC}\InprocServer32\2.0.0.0 (Class=System.Security.Permissions.GacIdentityPermission)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{29A6CF6F-D663-31A7-9210-1347871681FC}\InprocServer32 (Class=System.Security.Permissions.GacIdentityPermission)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CLSID\{29A6CF6F-D663-31A7-9210-1347871681FC} (Default=System.Security.Permissions.GacIdentityPermission)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CddbMusicIDRoxio.CDDBMusicIDManager.1 (Default=CDDBRoxioMusicIDManager Class)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CddbMusicIDRoxio.CDDBMusicIDManager\CurVer (Default=CddbMusicIDRoxio.CDDBRoxioMusicIDManager.1)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CddbMusicIDRoxio.CDDBMusicIDManager (Default=CDDBRoxioMusicIDManager Class)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CddbMusicIDGnote.CddbMusicIDSettings.1 (Default=CddbMusicIDSettings Class)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Classes\CddbMusicIDGnote.CddbMusicIDSettings (Default=CddbMusicIDSettings Class)
HKEY_USERS\S-1-5-21-1436681402-654956806-2171875868-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\4Developers\RCrawler\Settings (LastSearch=CiD)
 
Last edited by a moderator:
Alright select one of the files then hit Ctrl+A to select all. Then hit hte Dlete key. Get rid of them once and for all.
 
Back
Top