Good morning. I wanted to post my logs to have someone look them over. I've been having blue screen "errors" for a long while now, and I wanted to make sure that this was not due to a virus or spyware before I start uninstalling software, etc. Here are my logs, and I've also downloaded ERUNT but not used it yet. I've made a "rescue CD" and backed everything up to an external hard drive. Thanks for your help.

MySystem-Search


MSS v1.7


Basic System Information

Username: Tricia - Date: 01/18/2011 - Time: 8:08:31

Microsoft Windows [Version 6.1.7600]
Processor type: Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
Total processors: 4
Computer Name: TRICIA-PC
Logon Server: \\TRICIA-PC


CD Emulation Drivers running?



Peer-to-Peer applications?



Security Tools Check

CCleaner
Malwarebytes' Anti-Malware
ERUNT
SUPERAntiSpyware


File associations

.exe=exefile
.scr=scrfile
.pif=piffile
.com=comfile
.bat=batfile
.cmd=cmdfile
.log=txtfile
.txt=txtfile
.reg=regfile
.sys=sysfile
.dll=dllfile
.ini=inifile
.inf=inffile


Running processes

PROCESS PID PRIO PATH
HPAdvisor.exe 3264 Normal C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
soffice.exe 3768 Normal C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
soffice.bin 3796 Normal C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
QLBCtrl.exe 3804 Normal C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
hpwuschd2.exe 3828 Normal C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
zlclient.exe 3872 Normal C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
CorelIOMonitor.exe 3888 Normal C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
CLMLSvc.exe 3228 Below Normal c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
firefox.exe 4912 Normal C:\Program Files (x86)\Mozilla Firefox\firefox.exe
hpqToaster.exe 4232 Normal C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
plugin-container.exe 252 Normal C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
mss.exe 764 Normal C:\Users\Tricia\Desktop\mss.exe
cmd.exe 4188 Normal C:\Windows\SysWOW64\cmd.exe
pv.exe 2956 Normal C:\Users\Tricia\Desktop\pv.exe


User Profile check

Public
Tricia


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
ProfilesDirectory REG_EXPAND_SZ %SystemDrive%\Users
Default REG_EXPAND_SZ %SystemDrive%\Users\Default
Public REG_EXPAND_SZ %SystemDrive%\Users\Public
ProgramData REG_EXPAND_SZ %SystemDrive%\ProgramData

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
Flags REG_DWORD 0xc
State REG_DWORD 0x0
RefCount REG_DWORD 0x1
Sid REG_BINARY 010100000000000512000000
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ C:\Windows\ServiceProfiles\LocalService
Flags REG_DWORD 0x0
State REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ C:\Windows\ServiceProfiles\NetworkService
Flags REG_DWORD 0x0
State REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2250689432-1227836745-599068024-1001
ProfileImagePath REG_EXPAND_SZ C:\Users\Tricia
Flags REG_DWORD 0x0
State REG_DWORD 0x0
Sid REG_BINARY 01050000000000051500000098CB2686494D2F49780DB523E9030000
ProfileLoadTimeLow REG_DWORD 0x0
ProfileLoadTimeHigh REG_DWORD 0x0
RefCount REG_DWORD 0x2
RunLogonScriptSync REG_DWORD 0x0

Current Scheduled Tasks

PATH: C:\Windows\Tasks

GlaryInitialize.job
HPCeeScheduleForTricia.job
SCHEDLGU.TXT
SA.DAT


Windows Drivers and NT-Services

Volume in drive C has no label.
Volume Serial Number is 5440-3100

Directory of C:\Windows\System32\Drivers

02/11/2010 01:30 PM 0 103C_HP_cNB_Pavilion dv7 Notebook PC_Y5335KV_0U_QCNF0033D71_E587925-003_4A_I365C_SHP_V32.23_F.15_T100105_WU3-0_L409_M4023_J500_7Intel_8652_92.27_#100120_N14E44357_(WA721UA#ABA)_XMOBILE_CN10_Z.MRK
1 File(s) 0 bytes
0 Dir(s) 408,632,004,608 bytes free
Volume in drive C has no label.
Volume Serial Number is 5440-3100

Directory of C:\Windows\System32\Drivers

06/10/2009 04:14 PM 3,440,660 gm.dls
06/10/2009 04:14 PM 646 gmreadme.txt
07/13/2009 08:19 PM 19,008 wimmount.sys
07/14/2009 12:37 AM UMDF
07/14/2009 12:37 AM en-US
06/09/2010 06:16 PM 456,280 vsdatant.sys
12/20/2010 06:09 PM 38,224 mbamswissarmy.sys
01/15/2011 02:37 PM .
01/15/2011 02:37 PM ..
5 File(s) 3,954,818 bytes
4 Dir(s) 408,632,004,608 bytes free


Stealth malware?


Internet Explorer


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
AutoHide REG_SZ yes
Security Risk Page REG_SZ about:SecurityRisk
Extensions Off Page REG_SZ about:NoAdd-ons
Default_Search_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
Default_Page_URL REG_SZ http://g.msn.com/HPNOT/1
Anchor_Visitation_Horizon REG_BINARY 01000000
Cache_Percent_of_Disk REG_BINARY 0A000000
Placeholder_Width REG_BINARY 1A000000
Placeholder_Height REG_BINARY 1A000000
Default_Secondary_Page_URL REG_MULTI_SZ
Use_Async_DNS REG_SZ yes
Start Page REG_SZ http://g.msn.com/HPNOT/1
Local Page REG_SZ C:\Windows\SysWOW64\blank.htm
Search Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit REG_SZ yes
Enable_Disk_Cache REG_SZ yes

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\ErrorThresholds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\UrlTemplate

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
IE5_UA_Backup_Flag REG_SZ 5.0
User Agent REG_SZ Mozilla/4.0 (compatible; MSIE 8.0; Win32)
EmailName REG_SZ User@
PrivDiscUiShown REG_DWORD 0x1
EnableHttp1_1 REG_DWORD 0x1
WarnOnIntranet REG_DWORD 0x1
MimeExclusionListForCache REG_SZ multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
AutoConfigProxy REG_SZ wininet.dll
UseSchannelDirectly REG_BINARY 01000000
EnableNegotiate REG_DWORD 0x1
MigrateProxy REG_DWORD 0x1
ProxyEnable REG_DWORD 0x0
WarnOnPost REG_BINARY 01000000
UrlEncoding REG_DWORD 0x0
SecureProtocols REG_DWORD 0xa0
PrivacyAdvanced REG_DWORD 0x0
ZonesSecurityUpgrade REG_BINARY 50F9745849ABCA01
DisableCachingOfSSLPages REG_DWORD 0x0
WarnonZoneCrossing REG_DWORD 0x0
CertificateRevocation REG_DWORD 0x1
GlobalUserOffline REG_DWORD 0x0
EnableAutodial REG_DWORD 0x0
NoNetAutodial REG_DWORD 0x1

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CACHE
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
Disable Script Debugger REG_SZ yes
Start Page REG_SZ
Default_Page_URL REG_SZ http://g.msn.com/HPNOT/1
Anchor Underline REG_SZ yes
Cache_Update_Frequency REG_SZ Once_Per_Session
Display Inline Images REG_SZ yes
Do404Search REG_BINARY 01000000
Local Page REG_SZ C:\Windows\system32\blank.htm
Save_Session_History_On_Exit REG_SZ no
Show_FullURL REG_SZ no
Show_StatusBar REG_SZ yes
Show_ToolBar REG_SZ yes
Show_URLinStatusBar REG_SZ yes
Show_URLToolBar REG_SZ yes
Use_DlgBox_Colors REG_SZ yes
Search Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
XMLHTTP REG_DWORD 0x1
NoUpdateCheck REG_DWORD 0x1
UseClearType REG_SZ no
Enable Browser Extensions REG_SZ yes
Play_Background_Sounds REG_SZ yes
Play_Animations REG_SZ yes
CompatibilityFlags REG_DWORD 0x0
FullScreen REG_SZ no
Window_Placement REG_BINARY 2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB8000000B8000000A004000010030000
TabShutdownDelay REG_DWORD 0x0
IE8RunOnceLastShown REG_DWORD 0x1
IE8RunOnceLastShown_TIMESTAMP REG_BINARY FCE4021EE5B5CB01
IE8TourShown REG_DWORD 0x1
IE8TourShownTime REG_BINARY CD54F97467ABCA01
IE8TourNoShow REG_DWORD 0x1
NotifyDownloadComplete REG_SZ yes
Check_Associations REG_SZ no
Use FormSuggest REG_SZ no

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default Feeds
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} REG_SZ


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} REG_BINARY 00
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} REG_SZ ZoneAlarm Toolbar


HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel


Security Center


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging


Uninstall List


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EPSON Scanner
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ERUNT_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Glary Utilities_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HOMESTUDENTR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Legacy 7.4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (3.6.13)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Encoder 9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuite
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm Extreme Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{01FB4998-33C4-4431-85ED-079E3EEFE75D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{049D96D7-E082-4FB5-BF64-CD3460E6877C}_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{07FA4960-B038-49EB-891B-9F95930AA544}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0B0F231F-CE6A-483D-AA23-77B364F75917}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1747DF05-6890-440B-B094-2146F5DC50E0}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{17B4760F-334B-475D-829F-1A3E94A6A4E6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{19BA08F7-C728-469C-8A35-BFBD3633BE08}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{254C37AA-6B72-4300-84F6-98A82419187E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26604C7E-A313-4D12-867F-7C6E7820BE4C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216017F0}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216020F0}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216020FF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{287ECFA4-719A-2143-A09B-D6A12DE54E40}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2EBA8202-FBD5-4004-81EA-BDC38C054CE2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3023EBDA-BF1B-4831-B347-E5018555F26E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3336F667-9049-4D46-98B6-4C743EEBC5B1}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{34D2AB40-150D-475D-AE32-BD23FB5EE355}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{34F4D9A4-42C2-4348-BEF4-E553C84549E7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35021DFB-F9CA-402A-89A2-47F91E506465}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C901-7B90-4727-A639-B6ED2DD59D43}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{40BF1E83-20EB-11D8-97C5-0009C5020658}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{47D7C9B8-BD44-4D2E-9040-E946477B2F9A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4E432692-A736-4F77-AF77-F9078CF88D31}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5A13987D-55F4-4271-A40E-76AC9B1B38FD}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{669D4A35-146B-4314-89F1-1AC3D7B88367}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67626E09-5366-4480-8F1E-93FADF50CA15}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7299052b-02a4-4627-81f2-1818da5d550d}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{75C885D4-C758-4896-A3B4-90DA34B44C31}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{770657D0-A123-3C07-8E44-1C83EC895118}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{80956555-A512-4190-9CAD-B000C36D6B6B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{82A213BD-B6AA-4281-A2D3-59D51893CC56}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-040C-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0C0A-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0020-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{FB166E7C-8AA6-48C8-B726-1F25BEE7825A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0115-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{210B16C0-CEBD-4DE9-B474-04A7E8735E16}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{329050A9-EF80-40F9-B633-74508F54C1FF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3DED0A62-44C8-4E00-A785-5212F297A9D9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{536FB502-775F-4494-BACE-C02CC90B7A5B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{5C497F0B-2061-4CC9-A61C-6B45B867354D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FC5C4C1-D7AE-44C3-94B7-6424FC3E752F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{7F207DCA-3399-40CB-A968-6E5991B1421A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{B23002DD-34EC-4988-B810-A5E2A0BF04F1}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CD769337-C8AC-46DB-A7DC-643E50089263}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{FCD742B9-7A55-44BC-A776-F795F21FEDDC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92EA4134-10D1-418A-91E1-5A0453131A38}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{95120000-00AF-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9D56775A-93F3-44A3-8092-840E3826DE30}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2BCA9F1-566C-4805-97D1-7FDC93386723}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A726AE06-AAA3-43D1-87E3-70F510314F04}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAF454FC-82CA-4F29-AB31-6A109485E76E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-A91000000001}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BB8B979E-E336-47E7-96BC-1031C1B94561}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C59C179C-668D-49A9-B6EA-0121CCFC1243}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C66824E4-CBB3-4851-BB3F-E8CFD6350923}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CC8E94A2-55C7-4460-953C-2A790180578C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0B44725-3666-492D-BEF6-587A14BD9BD9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D436F577-1695-4D2F-8B44-AC76C99E0002}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D46D081B-F60E-467E-A7C4-117B70D76731}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DF802C05-4660-418c-970C-B988ADB1D316}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E09C4DB7-630C-4F06-A631-8EA7239923AF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EB4DF488-AAEF-406F-A341-CB2AAA315B90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F1D7AC58-554A-4A58-B784-B61558B1449A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2160841
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HuluDesktop

Adobe Products


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin
DisplayName REG_SZ Adobe Flash Player 10 Plugin
Publisher REG_SZ Adobe Systems Incorporated
DisplayVersion REG_SZ 10.1.102.64
HelpLink REG_SZ http://www.adobe.com/go/flashplayer_support/
NoModify REG_DWORD 0x1
NoRepair REG_DWORD 0x1
RequiresIESysFile REG_SZ 4.70.0.1155
URLInfoAbout REG_SZ http://www.adobe.com
URLUpdateInfo REG_SZ http://www.adobe.com/go/getflashplayer/
VersionMajor REG_DWORD 0xa
VersionMinor REG_DWORD 0x1
UninstallString REG_SZ C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_Plugin.exe -maintain plugin
DisplayIcon REG_SZ C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_Plugin.exe
EstimatedSize REG_DWORD 0x1800



Autorun


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HPADVISOR REG_SZ C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
RESTART_STICKY_NOTES REG_SZ C:\Windows\System32\StikyNot.exe


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HPCam_Menu REG_SZ "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
QlbCtrl.exe REG_SZ C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
Adobe Reader Speed Launcher REG_SZ "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HP Software Update REG_SZ C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
WirelessAssistant REG_SZ C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
ZoneAlarm Client REG_SZ "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
Corel File Shell Monitor REG_SZ C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents


Restrictions - Internet Explorer



Restrictions - REGEDIT



Restrictions - Explorer



DNS Settings


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1045521A-BBB0-46F1-9A9F-4CC09D5ACA95}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2562EC07-3FD4-4ECB-A78C-9BB865666D10}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{40F03F56-2EC1-4F39-967B-A1FFCC9898DC}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{716714CF-A120-4BA2-991E-599CC9DC6827}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}

Windows IP Configuration

Host Name . . . . . . . . . . . . : Tricia-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Belkin

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Broadcom 43225 802.11b/g/n
Physical Address. . . . . . . . . : C4-17-FE-1D-DE-4C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.2.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, January 18, 2011 7:21:13 AM
Lease Expires . . . . . . . . . . : Thursday, January 16, 2020 7:21:13 AM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DNS Servers . . . . . . . . . . . : 192.168.2.1
192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled


AppInit DLLs


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs REG_SZ



Shell Service Object Delay Load


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
WebCheck REG_SZ {E6FB5E20-DE35-11CF-9C87-00AA005127ED}




Shell Execute Hooks


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} REG_SZ



Image File Execution Options


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEInstal.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MovieMaker.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WLXAlbumDownloadWizard.exe


Security Providers



Local Security Authority


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
auditbaseobjects REG_DWORD 0x0
auditbasedirectories REG_DWORD 0x0
crashonauditfail REG_DWORD 0x0
fullprivilegeauditing REG_BINARY 00
Bounds REG_BINARY 0030000000200000
LimitBlankPasswordUse REG_DWORD 0x1
NoLmHash REG_DWORD 0x1
Notification Packages REG_MULTI_SZ scecli
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0tspkg\0pku2u\0livessp
Authentication Packages REG_MULTI_SZ msv1_0
LsaPid REG_DWORD 0x270
SecureBoot REG_DWORD 0x1
ProductType REG_DWORD 0x3
disabledomaincreds REG_DWORD 0x0
everyoneincludesanonymous REG_DWORD 0x0
forceguest REG_DWORD 0x0
restrictanonymous REG_DWORD 0x0
restrictanonymoussam REG_DWORD 0x1

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\MSV1_0
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache


AppCert DLLs



App Paths

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths
Path REG_SZ C:\Program Files\IDT\
(Default) REG_SZ C:\Program Files\IDT\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\AcroRd32.exe
Path REG_SZ C:\Program Files (x86)\Adobe\Reader 9.0\Reader\
(Default) REG_SZ C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ccleaner.exe
(Default) REG_SZ C:\Program Files (x86)\CCleaner\ccleaner.exe
Path REG_SZ C:\Program Files (x86)\CCleaner

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\cmmgr32.exe
CmstpExtensionDll REG_SZ C:\Windows\system32\cmcfg32.dll
CmNative REG_DWORD 0x2

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\dvdmaker.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\DVD Maker\dvdmaker.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Escndv.exe
(Default) REG_SZ C:\Windows\twain_32\escndv\Escndv.exe
Path REG_SZ C:\Windows\twain_32\escndv

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\excel.exe
(Default) REG_SZ C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE
Path REG_SZ C:\Program Files (x86)\Microsoft Office\Office12\
SaveURL REG_SZ 1
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\fde_recwiz.exe
Default REG_SZ C:\Program Files (x86)\Zone Labs\ZoneAlarm\fde\fde_recwiz.exe
Path REG_SZ C:\Windows\system32\ZoneLabs

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\fde_stub.exe
Default REG_SZ C:\Program Files (x86)\Zone Labs\ZoneAlarm\fde\fde_stub.exe
Path REG_SZ C:\Windows\system32\ZoneLabs

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\firefox.exe
(Default) REG_SZ C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Path REG_SZ C:\Program Files (x86)\Mozilla Firefox

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\fsquirt.exe
DropTarget REG_SZ {047ea9a0-93bb-415f-a1c3-d7aeb3dd5087}

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\HPTouchSmartMusic.exe
(Default) REG_SZ c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
Path REG_SZ c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\HPTouchSmartPhoto.exe
(Default) REG_SZ c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
Path REG_SZ c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\HPTouchSmartVideo.exe
(Default) REG_SZ c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
Path REG_SZ c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\IEXPLORE.EXE
(Default) REG_SZ C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Path REG_SZ C:\Program Files (x86)\Internet Explorer;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\install.exe
BlockOnTSNonInstallMode REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\javaws.exe
(Default) REG_SZ C:\Windows\system32\javaws.exe
Path REG_SZ C:\Windows\system32

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\LabelPrint
Path REG_SZ C:\Program Files (x86)\CyberLink\LabelPrint
(Default) REG_SZ C:\Program Files (x86)\CyberLink\LabelPrint\LabelPrint.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\LabelPrint.exe
(Default) REG_SZ C:\Program Files (x86)\CyberLink\LabelPrint\LabelPrint.exe
path REG_SZ C:\Program Files (x86)\CyberLink\LabelPrint

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\LangSelector.exe
(Default) REG_SZ C:\Program Files (x86)\Windows Live\Installer\LangSelector.exe
Path REG_SZ C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\LightScribeControlPanel.exe
(Default) REG_SZ C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
Path REG_SZ C:\Program Files (x86)\Common Files\LightScribe\;C:\Program Files (x86)\Common Files\LightScribe\controlpanel\;;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mantispm.exe
(Default) REG_SZ C:\PROGRA~2\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
Path REG_SZ C:\PROGRA~2\ZONELA~1\ZONEAL~1\MAILFR~1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mbam.exe
(Default) REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
Path REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MediaSmart Internet TV
Path REG_SZ C:\Program Files (x86)\Hewlett-Packard\Media\iTV
(Default) REG_SZ C:\Program Files (x86)\Hewlett-Packard\Media\iTV\HPiTV.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MediaSmart Live TV
Path REG_SZ c:\Program Files (x86)\Hewlett-Packard\Media\Live TV
(Default) REG_SZ c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\HPTV.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MediaSmartWebcam
Path REG_SZ c:\Program Files (x86)\Hewlett-Packard\Media\Webcam
(Default) REG_SZ c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\HPMediaSmartWebcam.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\migwiz.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MlfHook64.dll
(Default) REG_SZ C:\PROGRA~2\ZONELA~1\ZONEAL~1\MAILFR~1\MlfHook64.dll
Path REG_SZ C:\PROGRA~2\ZONELA~1\ZONEAL~1\MAILFR~1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MlfOE64.dll
(Default) REG_SZ C:\PROGRA~2\ZONELA~1\ZONEAL~1\MAILFR~1\MlfOE64.dll
Path REG_SZ C:\PROGRA~2\ZONELA~1\ZONEAL~1\MAILFR~1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mlfoshim.dll
(Default) REG_SZ C:\PROGRA~2\ZONELA~1\ZONEAL~1\MAILFR~1\mlfoshim.dll
Path REG_SZ C:\PROGRA~2\ZONELA~1\ZONEAL~1\MAILFR~1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MovieMaker.exe
(Default) REG_SZ C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe
Path REG_SZ C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mplayer2.exe
(Default) REG_EXPAND_SZ %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
Path REG_EXPAND_SZ %ProgramFiles(x86)%\Windows Media Player

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSNMSGR.EXE
(Default) REG_SZ C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe
Path REG_SZ C:\Program Files (x86)\Windows Live\Messenger\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MsoHtmEd.exe
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msoxmled.exe
(Default) REG_SZ C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSOXMLED.EXE
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msworks.exe
(Default) REG_SZ C:\Program Files (x86)\Microsoft Works\msworks.exe
Path REG_SZ C:\Program Files (x86)\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ois.exe
(Default) REG_SZ C:\PROGRA~2\MICROS~4\Office12\OIS.EXE
Path REG_SZ C:\Program Files (x86)\Microsoft Office\Office12\
SaveURL REG_SZ 0
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\OneNote.exe
(Default) REG_SZ C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE
Path REG_SZ C:\Program Files (x86)\Microsoft Office\Office12\
SaveURL REG_SZ 1
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\pbrush.exe
(Default) REG_EXPAND_SZ %SystemRoot%\System32\mspaint.exe
Path REG_EXPAND_SZ %SystemRoot%\System32

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PictureViewer.exe
Path REG_SZ C:\Program Files (x86)\QuickTime\
(Default) REG_SZ C:\Program Files (x86)\QuickTime\PictureViewer.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Power2Go
Path REG_SZ C:\Program Files (x86)\CyberLink\Power2Go
(Default) REG_SZ C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Power2Go.exe
(Default) REG_SZ C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe
Path REG_SZ C:\Program Files (x86)\CyberLink\Power2Go

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Power2GoExpress.exe
(Default) REG_SZ C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe
Path REG_SZ C:\Program Files (x86)\CyberLink\Power2Go

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PowerDirector
Path REG_SZ C:\Program Files (x86)\CyberLink\PowerDirector
(Default) REG_SZ C:\Program Files (x86)\CyberLink\PowerDirector\PDR.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\powerpnt.exe
(Default) REG_SZ C:\PROGRA~2\MICROS~4\Office12\POWERPNT.EXE
Path REG_SZ C:\Program Files (x86)\Microsoft Office\Office12\
useURL REG_SZ 1
SaveURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PowerRecover
Path REG_SZ C:\Program Files (x86)\Hewlett-Packard\Recovery
(Default) REG_SZ C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PowerShell.exe
(Default) REG_SZ %SystemRoot%\system32\WindowsPowerShell\v1.0\PowerShell.exe
Path REG_SZ %SystemRoot%\system32\WindowsPowerShell\v1.0\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\QuickTimePlayer.exe
(Default) REG_SZ C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe
Path REG_SZ C:\Program Files (x86)\QuickTime\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\sbase.exe
(Default) REG_SZ C:\Program Files (x86)\OpenOffice.org 3\program\sbase.exe
Path REG_SZ C:\Program Files (x86)\OpenOffice.org 3\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\scalc.exe
(Default) REG_SZ C:\Program Files (x86)\OpenOffice.org 3\program\scalc.exe
Path REG_SZ C:\Program Files (x86)\OpenOffice.org 3\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\sdraw.exe
(Default) REG_SZ C:\Program Files (x86)\OpenOffice.org 3\program\sdraw.exe
Path REG_SZ C:\Program Files (x86)\OpenOffice.org 3\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\setup.exe
BlockOnTSNonInstallMode REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\sidebar.exe
(Default) REG_EXPAND_SZ "%ProgramFiles%\Windows Sidebar\sidebar.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\simpress.exe
(Default) REG_SZ C:\Program Files (x86)\OpenOffice.org 3\program\simpress.exe
Path REG_SZ C:\Program Files (x86)\OpenOffice.org 3\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\smath.exe
(Default) REG_SZ C:\Program Files (x86)\OpenOffice.org 3\program\smath.exe
Path REG_SZ C:\Program Files (x86)\OpenOffice.org 3\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\SnippingTool.exe
(Default) REG_EXPAND_SZ %SystemRoot%\system32\SnippingTool.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\soffice.exe
(Default) REG_SZ C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
Path REG_SZ C:\Program Files (x86)\OpenOffice.org 3\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\swriter.exe
(Default) REG_SZ C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe
Path REG_SZ C:\Program Files (x86)\OpenOffice.org 3\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\table30.exe
UseShortName REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\TouchSmart Media
Path REG_SZ c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media
(Default) REG_SZ c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\unopkg.exe
(Default) REG_SZ C:\Program Files (x86)\OpenOffice.org 3\program\unopkg.exe
Path REG_SZ C:\Program Files (x86)\OpenOffice.org 3\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wab.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Windows Mail\wab.exe
Path REG_EXPAND_SZ %ProgramFiles%\Windows Mail

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wabmig.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Windows Mail\wabmig.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WindowsLivePhotoViewer.exe
(Default) REG_SZ C:\Program Files (x86)\Windows Live\Photo Gallery\WindowsLivePhotoViewer.exe
Path REG_SZ C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WindowsLiveWriter.exe
(Default) REG_SZ C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriter.exe
Path REG_SZ C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Winword.exe
(Default) REG_SZ C:\PROGRA~2\MICROS~4\Office12\WINWORD.EXE
Path REG_SZ C:\Program Files (x86)\Microsoft Office\Office12\
useURL REG_SZ 1
SaveURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WKSAB.EXE
(Default) REG_SZ C:\Program Files (x86)\Microsoft Works\WKSAB.exe
Path REG_SZ C:\Program Files (x86)\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wkscal.exe
(Default) REG_SZ C:\PROGRA~2\MICROS~3\WksCal.exe
Path REG_SZ C:\Program Files (x86)\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wksdb.exe
(Default) REG_SZ C:\Program Files (x86)\Microsoft Works\wksdb.exe
Path REG_SZ C:\Program Files (x86)\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WKSSB.EXE
(Default) REG_SZ C:\Program Files (x86)\Microsoft Works\WKSSB.exe
Path REG_SZ C:\Program Files (x86)\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wksss.exe
(Default) REG_SZ C:\Program Files (x86)\Microsoft Works\wksss.exe
Path REG_SZ C:\Program Files (x86)\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wkswp.exe
(Default) REG_SZ C:\Program Files (x86)\Microsoft Works\wkswp.exe
Path REG_SZ C:\Program Files (x86)\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wlarp.exe
(Default) REG_SZ C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Path REG_SZ C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wlmail.exe
Path REG_EXPAND_SZ C:\Program Files (x86)\Windows Live\Mail\
(Default) REG_EXPAND_SZ C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wlsettings.exe
(Default) REG_SZ C:\Program Files (x86)\Windows Live\Installer\wlsettings.exe
Path REG_SZ C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wlstartup.exe
(Default) REG_SZ C:\Program Files (x86)\Windows Live\Installer\wlstartup.exe
Path REG_SZ C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WLXAlbumDownloadWizard.exe
(Default) REG_SZ C:\Program Files (x86)\Windows Live\Photo Gallery\WLXAlbumDownloadWizard.exe
Path REG_SZ C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WLXPhotoGallery.exe
(Default) REG_SZ C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
Path REG_SZ C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wmenc.exe
Path REG_SZ C:\Program Files (x86)\Windows Media Components\Encoder\
(Default) REG_SZ C:\Program Files (x86)\Windows Media Components\Encoder\WMEnc.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wmplayer.exe
(Default) REG_EXPAND_SZ %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
Path REG_EXPAND_SZ %ProgramFiles(x86)%\Windows Media Player

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WORDPAD.EXE
(Default) REG_EXPAND_SZ "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WRITE.EXE
(Default) REG_EXPAND_SZ "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

Mozilla


HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions
smartwebprinting@hp.com REG_SZ C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
{FFB96CC1-7EB3-449D-B827-DB661701C6BB} REG_SZ C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
(Default) REG_SZ 1.9.2.13
CurrentVersion REG_SZ 3.6.13 (en-US)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\3.6.13 (en-US)
(Default) REG_SZ 3.6.13 (en-US)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\3.6.13 (en-US)\Main
Install Directory REG_SZ C:\Program Files (x86)\Mozilla Firefox
PathToExe REG_SZ C:\Program Files (x86)\Mozilla Firefox\firefox.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\3.6.13 (en-US)\Uninstall
Description REG_SZ Mozilla Firefox (3.6.13)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.6.13
GeckoVer REG_SZ 1.9.2.13

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.6.13\bin
PathToExe REG_SZ C:\Program Files (x86)\Mozilla Firefox\firefox.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.6.13\extensions
Components REG_SZ C:\Program Files (x86)\Mozilla Firefox\components
Plugins REG_SZ C:\Program Files (x86)\Mozilla Firefox\plugins



Shared Task Scheduler



SafeBoot



SafeBootMinimal


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}


SafeBootNetwork


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}


File Rename Operations - Session




Known DLLs - Session


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDlls
clbcatq REG_SZ clbcatq.dll
ole32 REG_SZ ole32.dll
advapi32 REG_SZ advapi32.dll
COMDLG32 REG_SZ COMDLG32.dll
DllDirectory REG_EXPAND_SZ %SystemRoot%\system32
DllDirectory32 REG_EXPAND_SZ %SystemRoot%\syswow64
gdi32 REG_SZ gdi32.dll
IERTUTIL REG_SZ IERTUTIL.dll
IMAGEHLP REG_SZ IMAGEHLP.dll
IMM32 REG_SZ IMM32.dll
kernel32 REG_SZ kernel32.dll
LPK REG_SZ LPK.dll
MSCTF REG_SZ MSCTF.dll
MSVCRT REG_SZ MSVCRT.dll
NORMALIZ REG_SZ NORMALIZ.dll
NSI REG_SZ NSI.dll
OLEAUT32 REG_SZ OLEAUT32.dll
PSAPI REG_SZ PSAPI.DLL
rpcrt4 REG_SZ rpcrt4.dll
sechost REG_SZ sechost.dll
Setupapi REG_SZ Setupapi.dll
SHELL32 REG_SZ SHELL32.dll
SHLWAPI REG_SZ SHLWAPI.dll
URLMON REG_SZ URLMON.dll
user32 REG_SZ user32.dll
USP10 REG_SZ USP10.dll
WININET REG_SZ WININET.dll
WLDAP32 REG_SZ WLDAP32.dll
WS2_32 REG_SZ WS2_32.dll
DifxApi REG_SZ difxapi.dll



Downloaded program files (ActiveX)


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

PATH: C:\windows\Downloaded Program Files

CONFLICT.1
FP_AX_CAB_INSTALLER.exe
MSDCode.DLL


Mountpoints


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09aa0eff-43ce-11df-a299-c417fe1dde4c}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4e1ea30-177d-11df-a80e-806e6f6e6963}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4e1ea31-177d-11df-a80e-806e6f6e6963}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4e1ea32-177d-11df-a80e-806e6f6e6963}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4e1ea40-177d-11df-a80e-806e6f6e6963}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa608119-2615-11df-8641-ba26340e1abb}


Winlogon


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
ReportBootOk REG_SZ 1
Shell REG_SZ explorer.exe
PreCreateKnownFolders REG_SZ {A520A1A4-1780-4FF6-BD18-167343C5AF16}
DefaultDomainName REG_SZ
DefaultUserName REG_SZ
Userinit REG_SZ C:\Windows\system32\userinit.exe,
VMApplet REG_SZ SystemPropertiesPerformance.exe /pagefile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify


Windows Update



Security Software Information

*Note*: Some security software does not store itself in the WMI.

Antispyware: SUPERAntiSpyware *Scanner disabled* (Up to date) {222A897C-5018-402e-943F-7E7AC8560DA7}


{END OF FILE}

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5544

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

1/18/2011 7:28:11 AM
mbam-log-2011-01-18 (07-28-11).txt

Scan type: Quick scan
Objects scanned: 155846
Time elapsed: 2 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

I downloaded the Combofix. I received a pop-up message stating the file was corrupted. Then, it notified me that it was going to run, so I let it do its thing. When it finished, it directed me to the log, which was not where it was supposed to be....I could not locate the log at all.

Download OTL.exe by OldTimer to your Desktop.

• Close all windows and double click OTL.exe.
  
• Click Run Scan and let the program run uninterrupted.
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
• You may need to use two posts to get it all.
  

OTL logfile created on: 1/19/2011 4:41:24 PM - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Tricia\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 67.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.65 Gb Total Space | 379.91 Gb Free Space | 84.68% Space Free | Partition Type: NTFS
Drive D: | 16.82 Gb Total Space | 2.74 Gb Free Space | 16.28% Space Free | Partition Type: NTFS
Drive E: | 99.02 Mb Total Space | 95.56 Mb Free Space | 96.51% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TRICIA-PC
Current User Name: Tricia
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/10/01 22:21:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Tricia\Desktop\OTL.exe
PRC - [2010/07/20 20:24:38 | 002,434,568 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
PRC - [2010/07/20 20:22:56 | 001,038,848 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/05/21 00:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 00:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2009/10/06 02:08:42 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/08/25 21:34:30 | 000,015,544 | R--- | M] () -- C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
PRC - [2007/07/24 14:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe


========== Modules (SafeList) ==========

MOD - [2010/10/01 22:21:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Tricia\Desktop\OTL.exe
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010/06/15 06:09:52 | 000,640,488 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll
MOD - [2010/06/15 06:09:44 | 000,562,664 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\WOW64\AK\icsak.dll
MOD - [2009/12/29 01:55:34 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll
MOD - [2009/07/13 20:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/06/10 16:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll
MOD - [2009/06/10 16:23:11 | 000,554,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcp80.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/21 13:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2010/07/16 15:03:58 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/06/15 06:10:02 | 000,823,272 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV:64bit: - [2010/06/08 14:17:27 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/06/08 14:17:26 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2009/09/04 16:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/07/20 20:24:38 | 002,434,568 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/03/29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/03/18 13:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/01/21 15:00:54 | 000,065,536 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe -- (BRA_Scheduler)
SRV - [2007/07/24 14:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/07/16 15:04:04 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2010/07/16 15:03:48 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2010/06/15 06:09:42 | 000,033,008 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV:64bit: - [2010/06/15 06:09:40 | 000,044,784 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys -- (icsak)
DRV:64bit: - [2010/06/09 18:16:08 | 000,456,280 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2010/06/08 14:17:27 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/06/08 14:11:23 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/05/27 22:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/10/13 11:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/10/12 22:00:52 | 000,151,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/12 17:15:26 | 000,351,248 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2009/10/12 17:15:26 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2009/10/09 21:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/10/02 22:58:12 | 000,258,560 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/09/17 15:56:24 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/09/17 15:56:16 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/09/17 15:56:14 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/09/17 15:56:10 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/08/22 04:54:04 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/07/20 22:39:22 | 000,140,712 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/29 13:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/29 11:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2010/06/09 18:16:08 | 000,456,280 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2010/01/05 07:56:06 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/05 07:56:04 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/05 07:56:02 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.152.10
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/11 14:29:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2010/08/03 07:11:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/31 17:56:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/15 13:17:06 | 000,000,000 | ---D | M]

[2010/02/13 22:39:19 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\Mozilla\Extensions
[2010/02/12 22:51:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tricia\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/01/18 21:19:44 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\Mozilla\Firefox\Profiles\co6rdodu.default\extensions
[2010/10/14 07:25:21 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Tricia\AppData\Roaming\Mozilla\Firefox\Profiles\co6rdodu.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/10/21 07:01:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/21 07:43:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/15 20:07:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/21 07:01:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\SysWow64\StikyNot.exe File not found
O4 - Startup: C:\Users\Tricia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/19 08:44:18 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/01/19 08:31:27 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/01/19 08:31:27 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/01/19 08:31:27 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/01/19 08:31:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/01/19 08:30:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/19 08:29:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/01/18 07:18:22 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Tricia\Desktop\TFC.exe
[2011/01/18 07:13:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/01/18 07:11:03 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Tricia\Desktop\erunt-setup.exe
[2011/01/18 00:31:32 | 000,000,000 | ---D | C] -- C:\Users\Tricia\Desktop\misc genealogy
[2011/01/18 00:26:49 | 000,000,000 | ---D | C] -- C:\Users\Tricia\Desktop\walker
[2011/01/18 00:25:46 | 000,000,000 | ---D | C] -- C:\Users\Tricia\Desktop\unknown
[2011/01/18 00:23:52 | 000,000,000 | ---D | C] -- C:\Users\Tricia\Desktop\misc counties
[2011/01/18 00:23:32 | 000,000,000 | ---D | C] -- C:\Users\Tricia\Desktop\Monroe
[2011/01/18 00:20:47 | 000,000,000 | ---D | C] -- C:\Users\Tricia\Desktop\sydney
[2011/01/18 00:20:29 | 000,000,000 | ---D | C] -- C:\Users\Tricia\Desktop\computer
[2011/01/16 12:14:12 | 000,000,000 | ---D | C] -- C:\Users\Tricia\Desktop\Steele
[2011/01/12 13:00:26 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011/01/12 13:00:25 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/01/12 13:00:25 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2011/01/12 13:00:25 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011/01/12 13:00:25 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/01/12 13:00:25 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011/01/12 13:00:25 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/01/12 13:00:24 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/01/12 13:00:24 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/01/12 13:00:23 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011/01/12 13:00:23 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011/01/12 13:00:23 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011/01/12 13:00:23 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/01/12 13:00:23 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011/01/12 13:00:23 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011/01/12 13:00:23 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2011/01/12 13:00:23 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011/01/12 13:00:23 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011/01/12 13:00:23 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/01/12 13:00:23 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011/01/12 13:00:17 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2011/01/12 13:00:17 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2011/01/07 14:01:12 | 000,000,000 | ---D | C] -- C:\Users\Tricia\Desktop\Census & documents with multiple individuals
[2011/01/07 14:00:38 | 000,000,000 | ---D | C] -- C:\Users\Tricia\Desktop\Bradley
[2011/01/07 13:57:55 | 000,000,000 | ---D | C] -- C:\Users\Tricia\Desktop\Misc. WV photos
[2011/01/07 13:56:36 | 000,000,000 | ---D | C] -- C:\Users\Tricia\Desktop\John Neel
[2011/01/07 13:55:11 | 000,000,000 | ---D | C] -- C:\Users\Tricia\Desktop\Robert Neel
[2011/01/07 13:54:05 | 000,000,000 | ---D | C] -- C:\Users\Tricia\Desktop\Owen Neel
[2011/01/07 13:53:32 | 000,000,000 | ---D | C] -- C:\Users\Tricia\Desktop\random interesting
[2011/01/07 13:53:10 | 000,000,000 | ---D | C] -- C:\Users\Tricia\Desktop\Thomas Alexander Neal
[2011/01/07 13:52:37 | 000,000,000 | ---D | C] -- C:\Users\Tricia\Desktop\Patton
[2011/01/07 13:49:55 | 000,000,000 | ---D | C] -- C:\Users\Tricia\Desktop\Lancaster, PA
[2011/01/07 13:49:31 | 000,000,000 | ---D | C] -- C:\Users\Tricia\Desktop\Stodgehill
[2011/01/07 13:49:11 | 000,000,000 | ---D | C] -- C:\Users\Tricia\Desktop\Vanstavern
[2011/01/07 13:48:04 | 000,000,000 | ---D | C] -- C:\Users\Tricia\Desktop\Felix Neel
[2011/01/07 13:47:24 | 000,000,000 | ---D | C] -- C:\Users\Tricia\Desktop\Zebina Neel
[2011/01/07 13:44:43 | 000,000,000 | ---D | C] -- C:\Users\Tricia\Desktop\Lamberts
[2011/01/05 16:42:49 | 000,000,000 | ---D | C] -- C:\Users\Tricia\Desktop\Bank statements USAA 2175
[2011/01/04 09:42:10 | 000,000,000 | ---D | C] -- C:\Users\Tricia\Desktop\Need to adjust color
[2010/12/31 17:15:58 | 000,000,000 | ---D | C] -- C:\Users\Tricia\Desktop\need to be printed
[2010/12/31 16:28:58 | 000,000,000 | ---D | C] -- C:\Users\Tricia\Desktop\Need to research these
[2010/12/31 15:23:12 | 000,000,000 | ---D | C] -- C:\Users\Tricia\Desktop\Misc photos
[2010/12/31 15:00:20 | 000,000,000 | ---D | C] -- C:\Users\Tricia\Desktop\orvals emails
[2010/12/31 14:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2010/12/30 23:56:34 | 000,000,000 | ---D | C] -- C:\Users\Tricia\Desktop\Roland
[2010/12/30 23:52:50 | 000,000,000 | ---D | C] -- C:\Users\Tricia\Desktop\Census
[2010/12/30 22:28:44 | 000,000,000 | ---D | C] -- C:\Users\Tricia\Desktop\PRINTED
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/19 16:43:42 | 003,932,160 | -HS- | M] () -- C:\Users\Tricia\NTUSER.DAT
[2011/01/19 16:38:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/19 08:39:21 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2011/01/19 08:29:35 | 004,157,687 | R--- | M] () -- C:\Users\Tricia\Desktop\ComboFix.exe
[2011/01/19 08:23:24 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/19 08:23:24 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/19 08:16:34 | 000,000,144 | ---- | M] () -- C:\Windows\SysWow64\pdfl.dat
[2011/01/19 08:16:22 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2011/01/19 08:16:16 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2011/01/19 08:16:02 | 3163,709,440 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/18 23:29:36 | 012,573,206 | -H-- | M] () -- C:\Users\Tricia\AppData\Local\IconCache.db
[2011/01/18 23:01:29 | 001,094,890 | ---- | M] () -- C:\Users\Tricia\Desktop\tristram patton census 1870 eliza
[2011/01/18 23:00:19 | 001,094,890 | ---- | M] () -- C:\Users\Tricia\Desktop\Tristram patton monroe 1870 census
[2011/01/18 22:14:27 | 000,130,013 | ---- | M] () -- C:\Users\Tricia\Desktop\Tristram Patton & eliza Hogshead 1828.jpg
[2011/01/18 22:12:21 | 000,632,153 | ---- | M] () -- C:\Users\Tricia\Desktop\Isaac Campbell Monroe Census 1850
[2011/01/18 20:07:58 | 000,236,763 | ---- | M] () -- C:\Users\Tricia\Desktop\Robert D. Campbell & Mary C. Johnson 1850.jpg
[2011/01/18 16:26:15 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/01/18 16:26:15 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/01/18 16:26:15 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/01/18 14:58:16 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2011/01/18 14:58:05 | 000,000,848 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011/01/18 08:06:44 | 000,184,832 | ---- | M] () -- C:\Users\Tricia\Desktop\mss.exe
[2011/01/18 07:18:22 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Tricia\Desktop\TFC.exe
[2011/01/18 07:13:29 | 000,000,884 | ---- | M] () -- C:\Users\Tricia\Desktop\NTREGOPT.lnk
[2011/01/18 07:13:29 | 000,000,865 | ---- | M] () -- C:\Users\Tricia\Desktop\ERUNT.lnk
[2011/01/18 07:11:03 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Tricia\Desktop\erunt-setup.exe
[2011/01/17 19:21:48 | 505,446,692 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/01/17 12:19:36 | 000,000,117 | -H-- | M] () -- C:\Users\Tricia\Desktop\.~lock.School teachers 1820 18.35 Monroe cnty WV.odt#
[2011/01/17 11:59:25 | 000,000,117 | -H-- | M] () -- C:\Users\Tricia\Desktop\.~lock.newsletter 1-14-11.odt#
[2011/01/17 11:57:17 | 000,000,117 | -H-- | M] () -- C:\Users\Tricia\Desktop\.~lock.Cumulative Vocabulary Homework 2nd Quarter.odt#
[2011/01/15 14:37:28 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/06 21:48:29 | 003,357,172 | ---- | M] () -- C:\Users\Tricia\AppData\Local\tmpIMG_8329.JPG
[2011/01/04 09:57:58 | 001,756,089 | ---- | M] () -- C:\Users\Tricia\AppData\Local\tmpISABELLA NEAL & BENJAMIN F. MINTER 1871 DO JOHN & SARAH.JPG
[2011/01/01 22:44:45 | 002,508,428 | ---- | M] () -- C:\Users\Tricia\AppData\Local\tmpISABELLA, MARY, ISABELLA CHILDREN OF JACOB,WILLIAM, JOHN.JPG
[2011/01/01 22:32:56 | 000,273,658 | ---- | M] () -- C:\Users\Tricia\Documents\Isabella M. Neal & Judson Poole cert.jpg
[2011/01/01 18:55:04 | 000,547,627 | ---- | M] () -- C:\Users\Tricia\AppData\Local\tmp004206369_00343.JPG
[2010/12/31 17:14:44 | 002,384,195 | ---- | M] () -- C:\Users\Tricia\AppData\Local\tmpJAMES MILLER, JACOB NEAL.JPG
[2010/12/31 16:13:04 | 001,421,405 | ---- | M] () -- C:\Users\Tricia\AppData\Local\tmp00047.JPG
[2010/12/31 15:28:35 | 001,559,602 | ---- | M] () -- C:\Users\Tricia\AppData\Local\tmp00050.JPG
[2010/12/30 23:51:03 | 000,945,568 | ---- | M] () -- C:\Users\Tricia\AppData\Local\tmp01191.JPG
[2010/12/30 23:30:16 | 001,782,489 | ---- | M] () -- C:\Users\Tricia\AppData\Local\tmp00037.JPG
[2010/12/30 23:22:56 | 000,116,919 | ---- | M] () -- C:\Users\Tricia\AppData\Local\tmp00290.JPG
[2010/12/30 23:05:06 | 000,439,811 | ---- | M] () -- C:\Users\Tricia\AppData\Local\tmp01953.JPG
[2010/12/30 22:41:18 | 000,147,631 | ---- | M] () -- C:\Users\Tricia\AppData\Local\tmp00473.JPG
[2010/12/30 21:28:36 | 000,190,016 | ---- | M] () -- C:\Users\Tricia\AppData\Local\tmpWALTER NEELE &.JPG
[2010/12/30 21:18:43 | 000,104,165 | ---- | M] () -- C:\Users\Tricia\AppData\Local\tmpOBEDIAH NEAL AND SARAH MILLER JACOB & AGNES MILLER 1800.JPG
[2010/12/30 21:00:28 | 001,006,564 | ---- | M] () -- C:\Users\Tricia\AppData\Local\tmp01183.JPG
[2010/12/30 20:44:08 | 001,269,227 | ---- | M] () -- C:\Users\Tricia\AppData\Local\tmp00119.JPG
[2010/12/30 20:39:15 | 001,341,136 | ---- | M] () -- C:\Users\Tricia\AppData\Local\tmp00189.JPG
[2010/12/30 19:18:56 | 002,559,570 | ---- | M] () -- C:\Users\Tricia\Documents\Ardelia Lambert Neel death record wife of Rbt Mathias Neel_crop.jpg
[2010/12/30 19:18:28 | 001,360,866 | ---- | M] () -- C:\Users\Tricia\AppData\Local\tmpARDELIA LAMBERT NEEL DEATH RECORD WIFE OF RBT MATHIAS NEEL.JPG
[2010/12/30 18:46:02 | 001,543,353 | ---- | M] () -- C:\Users\Tricia\AppData\Local\tmpLEFTWICH C. NEEL DEATH RECORD SON OF HENDERSON.JPG
[2010/12/30 18:38:20 | 002,404,732 | ---- | M] () -- C:\Users\Tricia\AppData\Local\tmpROBERT EVERTON NEAL SON OF JAMES HENRY NEAL&SINTHIA-CYNTHIA.JPG
[2010/12/30 18:36:40 | 001,684,864 | ---- | M] () -- C:\Users\Tricia\AppData\Local\tmpVARIOUS NEELS DEATH RECORDS,ELVIRA ELIZ,OAKLEY STONEWALL,MARY B.,.JPG
[2010/12/30 18:12:39 | 000,723,390 | ---- | M] () -- C:\Users\Tricia\Documents\ALLEN GEORGE NEEL AND MARY SUSAN PATTON M. 1869_crop.jpg
[2010/12/30 18:03:29 | 003,130,347 | ---- | M] () -- C:\Users\Tricia\Documents\James Miller, Jacob Neal_crop.jpg
[2010/12/30 17:24:51 | 002,787,190 | ---- | M] () -- C:\Users\Tricia\Documents\CORA NEEL & SAM WALKER MARRIAGE_crop.jpg
[2010/12/30 17:23:22 | 001,681,691 | ---- | M] () -- C:\Users\Tricia\AppData\Local\tmpCORA NEEL & SAM WALKER MARRIAGE.JPG
[2010/12/30 17:01:07 | 000,013,355 | ---- | M] () -- C:\Users\Tricia\Documents\test patton brides monroe wv.odb
[2010/12/30 16:25:43 | 000,230,992 | ---- | M] () -- C:\Users\Tricia\AppData\Local\tmpRICHARD SHIRES & AMELIA NEEL.JPG
[2010/12/30 16:15:52 | 000,227,435 | ---- | M] () -- C:\Users\Tricia\AppData\Local\tmpGEORGE GILCHRIST & ISABELLA JULIA NEEL.JPG
[2010/12/30 15:10:53 | 000,104,235 | ---- | M] () -- C:\Users\Tricia\AppData\Local\tmpARDELIA LAMBERT ROBERT MATHIA.JPG
[2010/12/26 20:56:31 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTricia.job
[2010/12/23 17:28:28 | 000,247,199 | ---- | M] () -- C:\Users\Tricia\Documents\photo worksheet 001.odg
[2010/12/23 15:09:21 | 005,495,046 | ---- | M] () -- C:\Users\Tricia\AppData\Local\tmpANCESTRY CHART 001.JPG
[2010/12/23 15:09:15 | 005,429,617 | ---- | M] () -- C:\Users\Tricia\AppData\Local\tmpANCESTRY CHART 001.2
[2010/12/23 15:09:13 | 005,455,956 | ---- | M] () -- C:\Users\Tricia\AppData\Local\tmpANCESTRY CHART 001.1
[2010/12/23 15:09:12 | 005,451,797 | ---- | M] () -- C:\Users\Tricia\AppData\Local\tmpANCESTRY CHART 001.0
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/19 08:31:27 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/01/19 08:31:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/01/19 08:31:27 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/01/19 08:31:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/01/19 08:31:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/01/19 08:29:35 | 004,157,687 | R--- | C] () -- C:\Users\Tricia\Desktop\ComboFix.exe
[2011/01/18 23:01:29 | 001,094,890 | ---- | C] () -- C:\Users\Tricia\Desktop\tristram patton census 1870 eliza
[2011/01/18 23:00:17 | 001,094,890 | ---- | C] () -- C:\Users\Tricia\Desktop\Tristram patton monroe 1870 census
[2011/01/18 22:14:27 | 000,130,013 | ---- | C] () -- C:\Users\Tricia\Desktop\Tristram Patton & eliza Hogshead 1828.jpg
[2011/01/18 22:12:20 | 000,632,153 | ---- | C] () -- C:\Users\Tricia\Desktop\Isaac Campbell Monroe Census 1850
[2011/01/18 20:07:57 | 000,236,763 | ---- | C] () -- C:\Users\Tricia\Desktop\Robert D. Campbell & Mary C. Johnson 1850.jpg
[2011/01/18 08:06:44 | 000,184,832 | ---- | C] () -- C:\Users\Tricia\Desktop\mss.exe
[2011/01/18 07:13:29 | 000,000,884 | ---- | C] () -- C:\Users\Tricia\Desktop\NTREGOPT.lnk
[2011/01/18 07:13:29 | 000,000,865 | ---- | C] () -- C:\Users\Tricia\Desktop\ERUNT.lnk
[2011/01/17 12:19:36 | 000,000,117 | -H-- | C] () -- C:\Users\Tricia\Desktop\.~lock.School teachers 1820 18.35 Monroe cnty WV.odt#
[2011/01/17 11:59:25 | 000,000,117 | -H-- | C] () -- C:\Users\Tricia\Desktop\.~lock.newsletter 1-14-11.odt#
[2011/01/17 11:57:17 | 000,000,117 | -H-- | C] () -- C:\Users\Tricia\Desktop\.~lock.Cumulative Vocabulary Homework 2nd Quarter.odt#
[2011/01/06 21:48:29 | 003,357,172 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_8329.JPG
[2011/01/04 09:57:58 | 001,756,089 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpISABELLA NEAL & BENJAMIN F. MINTER 1871 DO JOHN & SARAH.JPG
[2011/01/04 09:47:00 | 000,273,658 | ---- | C] () -- C:\Users\Tricia\Documents\Isabella M. Neal & Judson Poole cert.jpg
[2011/01/01 22:44:45 | 002,508,428 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpISABELLA, MARY, ISABELLA CHILDREN OF JACOB,WILLIAM, JOHN.JPG
[2011/01/01 18:21:52 | 000,547,627 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmp004206369_00343.JPG
[2010/12/31 17:14:44 | 002,384,195 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpJAMES MILLER, JACOB NEAL.JPG
[2010/12/31 16:13:04 | 001,421,405 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmp00047.JPG
[2010/12/30 23:51:03 | 000,945,568 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmp01191.JPG
[2010/12/30 23:30:16 | 001,782,489 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmp00037.JPG
[2010/12/30 23:22:56 | 000,116,919 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmp00290.JPG
[2010/12/30 23:05:06 | 000,439,811 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmp01953.JPG
[2010/12/30 22:41:18 | 000,147,631 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmp00473.JPG
[2010/12/30 22:24:49 | 001,559,602 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmp00050.JPG
[2010/12/30 21:28:36 | 000,190,016 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpWALTER NEELE &.JPG
[2010/12/30 21:18:43 | 000,104,165 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpOBEDIAH NEAL AND SARAH MILLER JACOB & AGNES MILLER 1800.JPG
[2010/12/30 20:44:08 | 001,269,227 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmp00119.JPG
[2010/12/30 20:39:15 | 001,341,136 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmp00189.JPG
[2010/12/30 19:18:55 | 002,559,570 | ---- | C] () -- C:\Users\Tricia\Documents\Ardelia Lambert Neel death record wife of Rbt Mathias Neel_crop.jpg
[2010/12/30 19:18:28 | 001,360,866 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpARDELIA LAMBERT NEEL DEATH RECORD WIFE OF RBT MATHIAS NEEL.JPG
[2010/12/30 18:46:02 | 001,543,353 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpLEFTWICH C. NEEL DEATH RECORD SON OF HENDERSON.JPG
[2010/12/30 18:36:40 | 001,684,864 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpVARIOUS NEELS DEATH RECORDS,ELVIRA ELIZ,OAKLEY STONEWALL,MARY B.,.JPG
[2010/12/30 18:35:32 | 002,404,732 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpROBERT EVERTON NEAL SON OF JAMES HENRY NEAL&SINTHIA-CYNTHIA.JPG
[2010/12/30 18:12:39 | 000,723,390 | ---- | C] () -- C:\Users\Tricia\Documents\ALLEN GEORGE NEEL AND MARY SUSAN PATTON M. 1869_crop.jpg
[2010/12/30 17:44:21 | 003,130,347 | ---- | C] () -- C:\Users\Tricia\Documents\James Miller, Jacob Neal_crop.jpg
[2010/12/30 17:24:50 | 002,787,190 | ---- | C] () -- C:\Users\Tricia\Documents\CORA NEEL & SAM WALKER MARRIAGE_crop.jpg
[2010/12/30 17:23:22 | 001,681,691 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpCORA NEEL & SAM WALKER MARRIAGE.JPG
[2010/12/30 16:25:43 | 000,230,992 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpRICHARD SHIRES & AMELIA NEEL.JPG
[2010/12/30 16:15:52 | 000,227,435 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpGEORGE GILCHRIST & ISABELLA JULIA NEEL.JPG
[2010/12/30 15:10:53 | 000,104,235 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpARDELIA LAMBERT ROBERT MATHIA.JPG
[2010/12/23 17:28:26 | 000,247,199 | ---- | C] () -- C:\Users\Tricia\Documents\photo worksheet 001.odg
[2010/12/23 15:09:20 | 005,429,617 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpANCESTRY CHART 001.2
[2010/12/23 15:09:14 | 005,455,956 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpANCESTRY CHART 001.1
[2010/12/23 15:09:13 | 005,495,046 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpANCESTRY CHART 001.JPG
[2010/12/23 15:09:12 | 005,451,797 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpANCESTRY CHART 001.0
[2010/12/21 23:21:19 | 001,006,564 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmp01183.JPG
[2010/12/20 23:33:36 | 505,446,692 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/11/26 19:37:05 | 000,645,882 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_7439.JPG
[2010/11/26 19:37:05 | 000,606,684 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_7439.0
[2010/11/15 13:01:03 | 000,213,807 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_3651.JPG
[2010/11/15 13:01:03 | 000,210,693 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_3651.0
[2010/11/15 12:59:34 | 000,207,405 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_3641.0
[2010/11/15 12:59:34 | 000,206,996 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_3641.JPG
[2010/11/15 12:58:02 | 000,144,152 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_3627.0
[2010/11/15 12:58:02 | 000,141,660 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_3627.JPG
[2010/11/15 12:57:02 | 000,212,998 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_3631.0
[2010/11/15 12:57:02 | 000,200,420 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_3631.JPG
[2010/11/15 12:57:02 | 000,198,569 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_3631.1
[2010/10/29 00:52:42 | 000,065,548 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpTRICIA FLA TRIP.JPG
[2010/10/29 00:52:30 | 000,065,561 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpTRICIA FLA TRIP.1
[2010/10/29 00:52:25 | 000,115,510 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpTRICIA FLA TRIP.0
[2010/10/26 19:35:26 | 005,152,274 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_7076.JPG
[2010/10/26 19:33:17 | 003,872,213 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_7071.JPG
[2010/10/26 19:32:05 | 004,118,370 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_7073.JPG
[2010/10/26 19:26:42 | 003,480,326 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_7149.0
[2010/10/26 19:26:35 | 000,831,035 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_7149.JPG
[2010/10/22 10:12:00 | 004,141,292 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_7169.JPG
[2010/10/22 10:10:38 | 004,110,922 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_7164.JPG
[2010/10/12 13:34:55 | 001,180,536 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpUNK699.JPG
[2010/10/11 09:41:25 | 005,973,196 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_6897.JPG
[2010/10/09 21:02:30 | 001,584,501 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpUNK566.JPG
[2010/10/05 11:54:40 | 000,108,833 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpSCAN0003.JPG
[2010/10/03 20:05:41 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\WBCustomizer.dll
[2010/09/18 07:48:48 | 000,024,993 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpBRADLEY FIREMAN_CROP.6
[2010/09/18 07:48:46 | 000,025,170 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpBRADLEY FIREMAN_CROP.5
[2010/09/18 07:48:44 | 000,025,047 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpBRADLEY FIREMAN_CROP.4
[2010/09/18 07:48:43 | 000,025,250 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpBRADLEY FIREMAN_CROP.3
[2010/09/18 07:48:39 | 000,025,351 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpBRADLEY FIREMAN_CROP.2
[2010/09/18 07:48:36 | 000,025,236 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpBRADLEY FIREMAN_CROP.1
[2010/09/18 07:48:34 | 000,032,015 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpBRADLEY FIREMAN_CROP.JPG
[2010/09/18 07:48:34 | 000,025,104 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpBRADLEY FIREMAN_CROP.0
[2010/09/17 17:14:49 | 003,744,227 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_6799.JPG
[2010/09/14 09:16:18 | 003,898,080 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_6805.JPG
[2010/09/13 20:18:08 | 003,014,337 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_6614.JPG
[2010/09/13 20:13:40 | 008,697,628 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_6559.JPG
[2010/09/13 20:01:32 | 008,364,449 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_6723.JPG
[2010/09/12 08:08:36 | 001,758,607 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpUNK636.JPG
[2010/09/09 15:07:44 | 001,139,767 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpUNK632.JPG
[2010/09/07 00:04:05 | 000,050,976 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpBRADLEY FIREMAN.JPG
[2010/09/04 01:18:33 | 007,103,948 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpUNK621.JPG
[2010/07/16 15:17:43 | 000,054,518 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpSCAN0013.JPG
[2010/07/05 12:27:19 | 000,049,227 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpSCAN0019.1
[2010/07/05 12:27:18 | 000,150,694 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpSCAN0019.0
[2010/07/05 12:27:18 | 000,049,342 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpSCAN0019.JPG
[2010/07/05 12:26:50 | 000,367,719 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpSCAN0018.0
[2010/07/05 12:26:50 | 000,108,340 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpSCAN0018.JPG
[2010/07/05 12:26:50 | 000,106,833 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpSCAN0018.1
[2010/07/05 12:26:28 | 000,031,767 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpSCAN0017.1
[2010/07/05 12:26:27 | 000,102,401 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpSCAN0017.0
[2010/07/05 12:26:27 | 000,032,345 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpSCAN0017.JPG
[2010/07/05 12:25:55 | 000,070,260 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpSCAN0016.1
[2010/07/05 12:25:54 | 000,212,630 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpSCAN0016.0
[2010/07/05 12:25:54 | 000,070,154 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpSCAN0016.JPG
[2010/07/05 12:25:20 | 000,053,339 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpSCAN0013.1
[2010/07/05 12:24:57 | 000,165,946 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpSCAN0013.0
[2010/07/05 12:24:07 | 000,146,234 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpSCAN0014.1
[2010/07/05 12:24:06 | 000,447,687 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpSCAN0014.0
[2010/07/05 12:24:06 | 000,145,435 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpSCAN0014.JPG
[2010/07/05 12:23:46 | 000,025,540 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpSCAN0012.1
[2010/07/05 12:23:43 | 000,079,101 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpSCAN0012.0
[2010/07/05 12:23:43 | 000,026,060 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpSCAN0012.JPG
[2010/07/05 12:23:06 | 000,141,988 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpSCAN0011.1
[2010/07/05 12:23:05 | 000,436,982 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpSCAN0011.0
[2010/07/05 12:23:05 | 000,141,809 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpSCAN0011.JPG
[2010/07/05 12:21:28 | 000,365,359 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpSCAN0009.1
[2010/07/05 12:21:26 | 001,156,804 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpSCAN0009.0
[2010/07/05 12:21:26 | 000,367,617 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpSCAN0009.JPG
[2010/07/04 22:24:18 | 000,571,287 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpUNK276.JPG
[2010/07/04 22:23:58 | 000,675,149 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpUNK276.0
[2010/06/08 07:08:02 | 000,799,655 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_5373.JPG
[2010/06/08 07:08:01 | 003,465,760 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_5373.0
[2010/05/08 08:49:28 | 000,828,582 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_4982.JPG
[2010/05/08 08:48:47 | 000,900,772 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_4988.JPG
[2010/05/08 08:48:46 | 004,111,663 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_4988.0
[2010/05/08 08:48:22 | 003,913,371 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_4986.0
[2010/05/08 08:48:22 | 000,830,900 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_4986.JPG
[2010/05/08 08:47:50 | 003,920,646 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_4982.0
[2010/05/08 08:47:00 | 004,288,830 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_4979.0
[2010/05/08 08:47:00 | 000,936,029 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_4979.JPG
[2010/05/08 08:46:40 | 000,918,924 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_4978.JPG
[2010/05/08 08:46:39 | 004,192,296 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_4978.0
[2010/05/08 08:46:19 | 003,618,080 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_4977.0
[2010/05/08 08:46:19 | 000,810,220 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_4977.JPG
[2010/05/08 08:41:46 | 002,845,530 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_4814.0
[2010/05/08 08:41:46 | 000,588,884 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_4814.JPG
[2010/05/08 08:41:26 | 002,880,509 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_4809.0
[2010/05/08 08:41:26 | 000,592,951 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_4809.JPG
[2010/05/08 08:41:08 | 003,633,443 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_4808.0
[2010/05/08 08:41:08 | 000,835,747 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_4808.JPG
[2010/05/08 08:40:02 | 000,709,576 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_4987.JPG
[2010/05/08 08:40:01 | 003,594,743 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_4987.0
[2010/04/26 17:01:07 | 000,349,967 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_4756.JPG
[2010/04/26 17:01:06 | 002,280,186 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_4756.0
[2010/04/26 10:44:32 | 000,489,191 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_4289.JPG
[2010/04/26 10:44:31 | 002,596,450 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpIMG_4289.0
[2010/04/07 00:51:55 | 002,969,224 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpUNK103.JPG
[2010/04/02 16:35:23 | 003,078,080 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpUNK041.JPG
[2010/04/02 16:35:22 | 002,886,326 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpUNK041.0
[2010/04/01 23:28:08 | 000,397,650 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpUNK022.1
[2010/04/01 23:28:07 | 000,545,970 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpUNK022.0
[2010/04/01 23:28:07 | 000,407,620 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpUNK022.JPG
[2010/04/01 23:17:48 | 000,312,944 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpUNK021.1
[2010/04/01 23:17:47 | 000,436,515 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpUNK021.0
[2010/04/01 23:17:47 | 000,313,953 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpUNK021.JPG
[2010/04/01 23:08:49 | 000,278,802 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpUNK020.1
[2010/04/01 23:08:48 | 000,378,091 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpUNK020.0
[2010/04/01 23:08:48 | 000,276,845 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpUNK020.JPG
[2010/04/01 22:57:48 | 000,466,406 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpUNK019.1
[2010/04/01 22:57:47 | 000,569,894 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpUNK019.0
[2010/04/01 22:57:47 | 000,464,183 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpUNK019.JPG
[2010/03/30 12:16:27 | 000,146,340 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmp001.0
[2010/03/30 12:16:27 | 000,109,877 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmp001.JPG
[2010/03/14 16:06:35 | 001,345,272 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpSCAN0002.0
[2010/03/14 16:06:35 | 000,425,764 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpSCAN0002.JPG
[2010/03/01 13:30:51 | 000,049,216 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpSNAPSHOT_20100227_2.0
[2010/03/01 13:30:51 | 000,039,362 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpSNAPSHOT_20100227_2.JPG
[2010/02/15 15:06:45 | 000,467,680 | ---- | C] () -- C:\Users\Tricia\AppData\Local\tmpOLD MAN.JPG
[2010/02/14 17:15:05 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/02/11 14:29:36 | 000,000,364 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/02/11 13:38:35 | 000,000,000 | ---- | C] () -- C:\Users\Tricia\AppData\Local\QSwitch.txt
[2010/02/11 13:38:35 | 000,000,000 | ---- | C] () -- C:\Users\Tricia\AppData\Local\DSwitch.txt
[2010/02/11 13:38:35 | 000,000,000 | ---- | C] () -- C:\Users\Tricia\AppData\Local\AtStart.txt
[2010/02/11 13:38:33 | 000,000,284 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2010/01/20 05:01:14 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2010/01/20 05:01:09 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2010/01/20 05:00:58 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2010/01/20 05:00:42 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2010/01/20 05:00:08 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2010/01/20 04:57:02 | 000,209,040 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2010/01/20 04:57:02 | 000,204,944 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2010/01/20 04:57:02 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2010/01/20 04:57:02 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2010/01/20 04:57:02 | 000,192,656 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2010/01/20 04:57:02 | 000,024,720 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2010/01/20 04:30:25 | 000,000,283 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/01/20 04:30:25 | 000,000,224 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/01/09 13:38:47 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2010/01/09 13:35:36 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2010/01/09 13:34:39 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2010/01/09 13:34:11 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009/09/29 18:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
< End of report >

I am having trouble finding the extras.txt. I did a search and the only file with that title was one that I ran back in Oct. Also, my computer got the BSOD and restarted.

Ok, the EXTRAS.TXT that I mentioned above with the October date was found in a folder that I just created in the last month or so. I'm not sure what that was all about. I will rerun if needed, but I won't do anything until I hear back. Thanks !

I wanted to also add that I just noticed the event log and got the below "kernel power" 39 times since July 17. Also, this is the most current one, which seemed to coincide with my last BSOD mentioned above.

Log Name: System
Source: Microsoft-Windows-Kernel-Power
Date: 1/19/2011 5:15:58 PM
Event ID: 41
Task Category: (63)
Level: Critical
Keywords: (2)
User: SYSTEM
Computer: Tricia-PC
Description:
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Event Xml:



41
2
1
63
0
0x8000000000000002

116317


System
Tricia-PC



127
0x8
0x80050033
0x6f8
0xfffff8000308fec0
false
0




In the event log 34,127 errors, mostly related to this - Log Name: Application
Source: Microsoft-Windows-CAPI2
Date: 1/19/2011 8:27:59 PM
Event ID: 4107
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Tricia-PC
Description:
Failed extract of third-party root list from auto update cab at: with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Event Xml:



4107
0
2
0
0
0x8080000000000000

93545


Application
Tricia-PC



http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.





Log Name: System
Source: Microsoft-Windows-Kernel-Power
Date: 1/19/2011 5:15:58 PM
Event ID: 41
Task Category: (63)
Level: Critical
Keywords: (2)
User: SYSTEM
Computer: Tricia-PC
Description:
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Event Xml:



41
2
1
63
0
0x8000000000000002

116317


System
Tricia-PC



127
0x8
0x80050033
0x6f8
0xfffff8000308fec0
false
0

Download BlueScreenView (in Zip file)
No installation required.
Unzip downloaded file and double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit>Select All.
Go File>Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.