Moviepass infection remove help!

[fireboy]

I have recently discovered that moviepass.tv is installed on my computer. The usual way of add/remove program on the control panel doesnt work to remove this program.
enclosed is a copy of HijackThis note.
kindly advise me how to remove moviepass.
 
Logfile of HijackThis v1.99.1
Scan saved at 9:23:04 AM, on 5/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Szipbgt\Mtem.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Media Gateway\MediaGateway.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Encarta\Encarta Premium 2006\EDICT.EXE
C:\Program Files\License_Manager\license_manager.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NetAssistant\bin\mpbtn.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://global.acer.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no
file)
R3 - URLSearchHook: (no name) -  - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1
\SEARCH~1\SEARCH~2.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program
Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-
8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web
Companion\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} -
C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program
Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} -
C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [ElbyCheckRegKill] "C:\Program Files\Elaborate Bytes\DVD Region
Killer\ElbyCheck.exe" /L RegKill
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet
1160_1320 series\SetConfig.exe -c Direct -p DOT4_002 -pn "hp LaserJet 1320 PCL 6"
-n 1 -l 1033 -sl 120000
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP
Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Etocuhln] C:\Program Files\Szipbgt\Mtem.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program
Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MW1HelperStartUp] C:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE /partner
MW1
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\mmtask.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06
\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [E06ADXRC_94025] "C:\Program Files\Microsoft Encarta\Encarta
Premium 2006\EDICT.EXE" -m
O4 - HKCU\..\Run: [License Manager] "C:\Program
Files\License_Manager\license_manager.exe " /silent
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0
\Distillr\acrotray.exe
O4 - Global Startup: NetAssistant.lnk = C:\Program
Files\NetAssistant\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital
Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital
Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program
Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program
files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1
\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program
files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program
Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://static.windupdates.com/cab/MusicUnlimited/ie/Bridge-c106.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32
\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program
Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec
Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony
Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program
Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

[tschrock]

Hi,

You can remove Moviepass.tv manually. Try going to http://www.removespyfalcon.com

[gosi]

Thank you for posting your HJT log.  There are many strains of the Movie Pass spyware infection around the web, so rather than picking apart your file line by line, I am going to direct you to a free universal removal tutorial at http://www.schrockinnovations.com/removemoviepass.php.
 
It is 100% free and up to date with the most recent Movie Pass information.  Whatever you do, make sure you cancel your Movie Pass account before you remove their software from your computer.  To do this you must call them and give them a number from the software while it is still installed.
 
Good luck!

[fireboy]

hi,
i have followed hc4 suggestion to remove moviepass.tv by manual process thru symantec circular using registry editor.
i have successfully deleted all mentioned registry entries except the following 3 subkeys:
1.)HKEY_LOCAL MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    "Notification Utility" = "%ProgramFiles%\Notify\notify.exe /silent
2.)HKEY_LOCAL MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\notify
3.)HKEY_LOCAL MACHINE\SOFTWARE\notify

the registry of my computer does not contain the above 3  items. is there any other version/strain/mutation for the above 3 items that i have to further remove?

On my windows task/process manager- a "license manager.exe" is still working-is this exe file related to Movipass.tv?

[fireboy]

Okay so here's the deal:

moviepass.tv software/whatever somehow made it's way onto my computer. Apparantly, a 3-day trial was agreed to without my consent. Of course, however, I never knew about this agreement until it was after the 3-day agreement, thus too late to cancel. I got this annoying popup for sometime about being legally obligated to pay a $99.00 annual subscription or a $29 monthly subscription. I went onto the moviepass.tv website and looked at what they call "customer support". There, I was told that I was responsible for the moviepass.tv software that was installed; even if it wasn't me that did it. Seeing as I know that I'm the only one that uses this computer, I find it impossible for anyone else to have installed this scandalous software. I know that I didn't install this software either. "Moviepass.tv customer service page" insures me that I MUST HAVE installed this software willingly due to their "four-step installation" process. I know I NEVER agreed for this installation.

I know for a fact that the "four-step installation" process NEVER popped up on my screen. When I look to see when my account was apparantly installed, it says around 3:00 on Wednesday afternoon. I don't get out of school until 3:25; let alone home until 4:00ish, so I find it impossible for me to have installed this software.

Now the threatening part about all of this is that I am being forced to pay for this software. I haven't yet, but "customer service" says that if I fail to pay this obligated fee, I will be charged and have bad marks on my credit.

So really, I have some questions about all of this:
1. Do I have to pay for this software that unwillingly made it's way onto my computer?
2. How are the people at moviepass.tv supposed to find me and report me to collection agencies when:

a. I never gave the company any personal information (SS#, credit card#, home address, phone number, etc.) except the software collected my computer IP.
AND
b. I don't even have a freaking credit card yet!!!

3. Should I take this threat seriously, or is it just some kind of scandel?

This thing is stressing me out like you wouldn't believe. I need help guys.... FAST. Please help me.

[tschrock]

Gosi
 
the simplest/safest thing for you to do is get your (alleged) account  [or customer ID] number [which should be displayed in their popup ad], then phone them, and formally "cancel" with them.    if you do so, give them the account number only... do NOT let them talk you into revealing any more information to them.
 
you wrote "I don't even have a freaking credit card yet!!!"... does that mean you're a "minor"?  if so, that may be another reason why the alleged contract should not be binding on you.
 
good luck

[gosi]

Thank you so much!!! I just called, and the customer representive cancelled the account for me. But now that it's cancelled, I am no longer obligated to pay the fee to moviepass.tv, correct?

Whenever I go to the site again (just to check to see if my account really was cancelled), it appears that my account is still active because it has the same customer ID# and everything.

And is there anymore software that I need to uninstall?

[gosi]

MoviePass.tv has somehow installed itself on my PC and I have tried everything to remove it. It's a popup that will not go away, and that tells you that you owe a fee, b/c you went through 4 installation steps to install the product. Most people I have talked with never even went to their website, me included.
I have used Ad-Aware SE to scan/remove all objects at risk (I have included my latest quarantine list), and it is still on my system. After searching on this horrible adware, I have found that many people have been infected with it, and are having the same problem. I have gone through every set of directions from many different postings I have found, but nothing has worked.
Can anyone help me get this off my PC?

ArchiveData(auto-quarantine- 2006-05-08 07-45-08.bckp)
Referencefile : SE1R105 26.04.2006
======================================================

MRU LIST
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=MRU FileReference : C:\Documents and Settings\Beth\Application Data\microsoft\office\recent\01129456.dot.LNK
obj[1]=MRU FileReference : C:\Documents and Settings\Beth\recent\01129456.dot.lnk
obj[2]=MRU FileReference : C:\Documents and Settings\Beth\recent\0409.lnk
obj[3]=MRU FileReference : C:\Documents and Settings\Beth\recent\2004_Christmas_Card_List.xls.lnk
obj[4]=MRU FileReference : C:\Documents and Settings\Beth\recent\2005-09 (Sep).lnk
obj[5]=MRU FileReference : C:\Documents and Settings\Beth\recent\9-25 BW Kids.jpg.lnk
obj[6]=MRU FileReference : C:\Documents and Settings\Beth\recent\Address from Bureau Report for IVR apps.doc.lnk
obj[7]=MRU FileReference : C:\Documents and Settings\Beth\recent\adobe.doc.lnk
obj[8]=MRU FileReference : C:\Documents and Settings\Beth\recent\Beach Trip Availability-06.doc.lnk
obj[9]=MRU FileReference : C:\Documents and Settings\Beth\recent\BHarrodResume.doc.lnk
obj[10]=MRU FileReference : C:\Documents and Settings\Beth\recent\BHarrodResume2004.doc.lnk
obj[11]=MRU FileReference : C:\Documents and Settings\Beth\recent\Brunswick Weather.bmp.lnk
obj[12]=MRU FileReference : C:\Documents and Settings\Beth\recent\BUNCO_LIST[1].doc.lnk
obj[13]=MRU FileReference : C:\Documents and Settings\Beth\recent\Bunco_Schedule_2006.doc.lnk
obj[14]=MRU FileReference : C:\Documents and Settings\Beth\recent\CC 4.x-5.1 MF Upgrade Guide.book.lnk
obj[15]=MRU FileReference : C:\Documents and Settings\Beth\recent\CC 5.1 AS400 User Guide.book.lnk
obj[16]=MRU FileReference : C:\Documents and Settings\Beth\recent\CC 5.1 AS400 User Guide.pdf.lnk
obj[17]=MRU FileReference : C:\Documents and Settings\Beth\recent\CC 5.1 Data Provider Access Guide.book.lnk
obj[18]=MRU FileReference : C:\Documents and Settings\Beth\recent\CC 5.1 Data Provider Access Guide.pdf.lnk
obj[19]=MRU FileReference : C:\Documents and Settings\Beth\recent\CC 5.1 DPAG.book.lnk
obj[20]=MRU RegReference : S-1-5-21-3125719873-2189246704-3068007056-1005\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\*
obj[21]=MRU RegReference : S-1-5-21-3125719873-2189246704-3068007056-1005\software\microsoft\windows\currentversion\explorer\recentdocs\.bmp
obj[22]=MRU RegReference : S-1-5-21-3125719873-2189246704-3068007056-1005\software\microsoft\windows\currentversion\explorer\recentdocs\.book
obj[23]=MRU RegReference : S-1-5-21-3125719873-2189246704-3068007056-1005\software\microsoft\windows\currentversion\explorer\recentdocs\.chm
obj[24]=MRU RegReference : S-1-5-21-3125719873-2189246704-3068007056-1005\software\microsoft\windows\currentversion\explorer\recentdocs\.doc
obj[25]=MRU RegReference : S-1-5-21-3125719873-2189246704-3068007056-1005\software\microsoft\windows\currentversion\explorer\recentdocs\.dot
obj[26]=MRU RegReference : S-1-5-21-3125719873-2189246704-3068007056-1005\software\microsoft\windows\currentversion\explorer\recentdocs\.fm
obj[27]=MRU RegReference : S-1-5-21-3125719873-2189246704-3068007056-1005\software\microsoft\windows\currentversion\explorer\recentdocs\.gif
obj[28]=MRU RegReference : S-1-5-21-3125719873-2189246704-3068007056-1005\software\microsoft\windows\currentversion\explorer\recentdocs\.hta
obj[29]=MRU RegReference : S-1-5-21-3125719873-2189246704-3068007056-1005\software\microsoft\windows\currentversion\explorer\recentdocs\.htm
obj[30]=MRU RegReference : S-1-5-21-3125719873-2189246704-3068007056-1005\software\microsoft\windows\currentversion\explorer\recentdocs\.ini
obj[31]=MRU RegReference : S-1-5-21-3125719873-2189246704-3068007056-1005\software\microsoft\windows\currentversion\explorer\recentdocs\.joboptions
obj[32]=MRU RegReference : S-1-5-21-3125719873-2189246704-3068007056-1005\software\microsoft\windows\currentversion\explorer\recentdocs\.jpg
obj[33]=MRU RegReference : S-1-5-21-3125719873-2189246704-3068007056-1005\software\microsoft\windows\currentversion\explorer\recentdocs\.pdf
obj[34]=MRU RegReference : S-1-5-21-3125719873-2189246704-3068007056-1005\software\microsoft\windows\currentversion\explorer\recentdocs\.ppt
obj[35]=MRU RegReference : S-1-5-21-3125719873-2189246704-3068007056-1005\software\microsoft\windows\currentversion\explorer\recentdocs\.rtf
obj[36]=MRU RegReference : S-1-5-21-3125719873-2189246704-3068007056-1005\software\microsoft\windows\currentversion\explorer\recentdocs\.xls
obj[37]=MRU RegReference : S-1-5-21-3125719873-2189246704-3068007056-1005\software\microsoft\windows\currentversion\explorer\recentdocs\.xpj
obj[38]=MRU RegReference : S-1-5-21-3125719873-2189246704-3068007056-1005\software\microsoft\windows\currentversion\explorer\recentdocs\Folder
obj[39]=MRU FileReference : C:\Documents and Settings\Beth\recent\DA 3.0 MF-Tandem Host Reference Guide.book.lnk
obj[40]=MRU RegReference : software\musicmatch\musicmatch jukebox\4.0\fileconv
obj[41]=MRU RegReference : .DEFAULT\software\microsoft\windows media\wmsdk\general computername
obj[42]=MRU RegReference : S-1-5-18\software\microsoft\windows media\wmsdk\general computername
obj[43]=MRU RegReference : S-1-5-21-3125719873-2189246704-3068007056-1005\software\microsoft\windows media\wmsdk\general computername
obj[44]=MRU FileReference : C:\Documents and Settings\Beth\recent\Design Doc Spec for Alt Score POC v1.0_Feb17.doc.lnk
obj[45]=MRU FileReference : C:\Documents and Settings\Beth\recent\Desktop.ini
obj[46]=MRU FileReference : C:\Documents and Settings\Beth\recent\Doc Test.lnk
obj[47]=MRU FileReference : C:\Documents and Settings\Beth\recent\EX-GND-APPL-DOB.doc.lnk
obj[48]=MRU FileReference : C:\Documents and Settings\Beth\recent\EX-GND-APPL-NAME.doc.lnk
obj[49]=MRU FileReference : C:\Documents and Settings\Beth\recent\EX-GND-SPOUSE-DOB.doc.lnk
obj[50]=MRU FileReference : C:\Documents and Settings\Beth\recent\EX-GND-SPOUSE-NAME.doc.lnk
obj[51]=MRU FileReference : C:\Documents and Settings\Beth\recent\EX-INQ-MEMBER-NUMBER-1-3.doc.lnk
obj[52]=MRU FileReference : C:\Documents and Settings\Beth\recent\EX-TRD-ALPHA-DUAL.doc.lnk
obj[53]=MRU FileReference : C:\Documents and Settings\Beth\recent\EX-TRD-BANK-REVOLVING.doc.lnk
obj[54]=MRU FileReference : C:\Documents and Settings\Beth\recent\EX-TRD-DISPUTE-DUAL-FLG.doc.lnk
obj[55]=MRU FileReference : C:\Documents and Settings\Beth\recent\FICO Score Information.doc.lnk
obj[56]=MRU FileReference : C:\Documents and Settings\Beth\recent\Flynn.doc.lnk
obj[57]=MRU FileReference : C:\Documents and Settings\Beth\recent\Flynn_Birth_Announcment_Address_List.xls.lnk
obj[58]=MRU FileReference : C:\Documents and Settings\Beth\recent\FrameMaker Files.lnk
obj[59]=MRU FileReference : C:\Documents and Settings\Beth\recent\FrameMaker.lnk
obj[60]=MRU FileReference : C:\Documents and Settings\Beth\recent\Fraud-App-CBR Age Difference.doc.lnk
obj[61]=MRU FileReference : C:\Documents and Settings\Beth\recent\GE Attribute Specifications.doc.lnk
obj[62]=MRU FileReference : C:\Documents and Settings\Beth\recent\Harrod, B. 010606.pdf.lnk
obj[63]=MRU FileReference : C:\Documents and Settings\Beth\recent\Installing RapUP PC 2.2.pdf.lnk
obj[64]=MRU FileReference : C:\Documents and Settings\Beth\recent\Jan 2006 kid pics 007.jpg.lnk
obj[65]=MRU FileReference : C:\Documents and Settings\Beth\recent\Jan 2006 kid pics 011.jpg.lnk
obj[66]=MRU FileReference : C:\Documents and Settings\Beth\recent\Jan 2006 kid pics 013.jpg.lnk
obj[67]=MRU FileReference : C:\Documents and Settings\Beth\recent\Jan 2006 kid pics 017.jpg.lnk
obj[68]=MRU FileReference : C:\Documents and Settings\Beth\recent\Jan 2006 kid pics 024.jpg.lnk
obj[69]=MRU FileReference : C:\Documents and Settings\Beth\recent\Jan 2006 kid pics 049.jpg.lnk
obj[70]=MRU FileReference : C:\Documents and Settings\Beth\recent\Jan 2006 kid pics 053.jpg.lnk
obj[71]=MRU FileReference : C:\Documents and Settings\Beth\recent\Jan 2006 kid pics 069.jpg.lnk
obj[72]=MRU FileReference : C:\Documents and Settings\Beth\recent\Jan 2006 kid pics 075.jpg.lnk
obj[73]=MRU FileReference : C:\Documents and Settings\Beth\recent\Jan 2006 kid pics 077.jpg.lnk
obj[74]=MRU FileReference : C:\Documents and Settings\Beth\recent\Jan 2006 kid pics 087.jpg.lnk
obj[75]=MRU FileReference : C:\Documents and Settings\Beth\recent\Jan 2006 kid pics.lnk
obj[76]=MRU FileReference : C:\Documents and Settings\Beth\recent\List of New Variables.doc.lnk
obj[77]=MRU FileReference : C:\Documents and Settings\Beth\recent\local GE Attribute Specifications.doc.lnk
obj[78]=MRU FileReference : C:\Documents and Settings\Beth\recent\Magnum doc for MISMO.doc.lnk
obj[79]=MRU FileReference : C:\Documents and Settings\Beth\recent\Master Specs.lnk
obj[80]=MRU FileReference : C:\Documents and Settings\Beth\recent\MISC.lnk
obj[81]=MRU FileReference : C:\Documents and Settings\Beth\recent\moviemk.chm.lnk
obj[82]=MRU FileReference : C:\Documents and Settings\Beth\recent\OPTION 1 SPECIFICATIONS.pdf.lnk
obj[83]=MRU FileReference : C:\Documents and Settings\Beth\recent\Option One Attribute Specifications.lnk

[gosi]

Continued...

obj[84]=MRU FileReference : C:\Documents and Settings\Beth\recent\Option One Attribute Specs.book.lnk
obj[85]=MRU FileReference : C:\Documents and Settings\Beth\recent\Option One Attribute Specs.fm.lnk
obj[86]=MRU FileReference : C:\Documents and Settings\Beth\recent\Option One Attribute Specs.pdf.lnk
obj[87]=MRU FileReference : C:\Documents and Settings\Beth\recent\Option One Attribute Specs_Cover.fm.lnk
obj[88]=MRU FileReference : C:\Documents and Settings\Beth\recent\OPTION ONE Output File_v14.doc.lnk
obj[89]=MRU FileReference : C:\Documents and Settings\Beth\recent\OPTION ONE Output File_v14.pdf.lnk
obj[90]=MRU FileReference : C:\Documents and Settings\Beth\recent\OPTION ONE SPECIFICATIONS.doc.lnk
obj[91]=MRU FileReference : C:\Documents and Settings\Beth\recent\OPTION ONE SPECIFICATIONS_v14.pdf.lnk
obj[92]=MRU FileReference : C:\Documents and Settings\Beth\recent\Option One Specs.book.lnk
obj[93]=MRU FileReference : C:\Documents and Settings\Beth\recent\Option One Specs.fm.lnk
obj[94]=MRU FileReference : C:\Documents and Settings\Beth\recent\OPTION1 SPECIFICATIONS.doc.lnk
obj[95]=MRU FileReference : C:\Documents and Settings\Beth\recent\OPTION1 SPECIFICATIONS.pdf.lnk
obj[96]=MRU FileReference : C:\Documents and Settings\Beth\recent\Original GE Master.lnk
obj[97]=MRU FileReference : C:\Documents and Settings\Beth\recent\P0121004.rtf.lnk
obj[98]=MRU FileReference : C:\Documents and Settings\Beth\recent\P0211688 Transaction Class Status.doc.lnk
obj[99]=MRU FileReference : C:\Documents and Settings\Beth\recent\PDF.lnk
obj[100]=MRU FileReference : C:\Documents and Settings\Beth\recent\Press.joboptions.1.joboptions.lnk
obj[101]=MRU FileReference : C:\Documents and Settings\Beth\recent\RapUP 2.2 1st QTR 2006 Updates.fm.lnk
obj[102]=MRU FileReference : C:\Documents and Settings\Beth\recent\RapUP 2.2 1st QTR 2006 Updates.lnk
obj[103]=MRU FileReference : C:\Documents and Settings\Beth\recent\RapUP 2.2 1st QTR 2006 Updates.pdf.lnk
obj[104]=MRU FileReference : C:\Documents and Settings\Beth\recent\RapUP 2.2 Build 20060131.1.fm.lnk
obj[105]=MRU FileReference : C:\Documents and Settings\Beth\recent\RapUP 2.2 Build 20060131.1.pdf.lnk
obj[106]=MRU FileReference : C:\Documents and Settings\Beth\recent\RAPUP 2.2.lnk
obj[107]=MRU FileReference : C:\Documents and Settings\Beth\recent\RapUP 22.xpj.lnk
obj[108]=MRU FileReference : C:\Documents and Settings\Beth\recent\RapUP API User Information.pdf.lnk
obj[109]=MRU FileReference : C:\Documents and Settings\Beth\recent\RapUP API.book.lnk
obj[110]=MRU FileReference : C:\Documents and Settings\Beth\recent\RapUP Batch Utility MF-Tandem Product Guide_2.1.book.lnk
obj[111]=MRU FileReference : C:\Documents and Settings\Beth\recent\RapUP Batch Utility MF-Tandem Product Guide_2.3-DRAFT.pdf.lnk
obj[112]=MRU FileReference : C:\Documents and Settings\Beth\recent\RapUP Batch Utility MF-Tandem Product Guide_2.3.book.lnk
obj[113]=MRU FileReference : C:\Documents and Settings\Beth\recent\RapUP New Functionality Summary.lnk
obj[114]=MRU FileReference : C:\Documents and Settings\Beth\recent\RapUP PC 2.2 Export Updates.lnk
obj[115]=MRU FileReference : C:\Documents and Settings\Beth\recent\RapUP PC 2.2 Release Letter.doc.lnk
obj[116]=MRU FileReference : C:\Documents and Settings\Beth\recent\RapUP PC 2.2 Upgrade Instructions CH_1.fm.lnk
obj[117]=MRU FileReference : C:\Documents and Settings\Beth\recent\RapUP PC Upgrade Guide 2.0.x-2.2.book.lnk
obj[118]=MRU FileReference : C:\Documents and Settings\Beth\recent\RapUP PC Upgrade Guide-2.0.x to 2.2.pdf.lnk
obj[119]=MRU FileReference : C:\Documents and Settings\Beth\recent\RapUPAPI DocChanges-DV050106.doc.lnk
obj[120]=MRU FileReference : C:\Documents and Settings\Beth\recent\RapUPTSQ.rtf.lnk
obj[121]=MRU FileReference : C:\Documents and Settings\Beth\recent\Redo_RUPC InstallGuide.doc.lnk
obj[122]=MRU FileReference : C:\Documents and Settings\Beth\recent\Rename SBE to ECIS and add 2.1.7 P0211658.doc.lnk
obj[123]=MRU FileReference : C:\Documents and Settings\Beth\recent\RU 2.2 Host Mainframe-Tandem User Guide.book.lnk
obj[124]=MRU FileReference : C:\Documents and Settings\Beth\recent\RU 2.2 Host Mainframe-Tandem User Guide.pdf.lnk
obj[125]=MRU FileReference : C:\Documents and Settings\Beth\recent\RU 2.2 Mainframe-Tandem User_Ch_6.fm.lnk
obj[126]=MRU FileReference : C:\Documents and Settings\Beth\recent\RU 2.2 User Guide.book.lnk
obj[127]=MRU FileReference : C:\Documents and Settings\Beth\recent\RU 2.2 User_CH_02.fm.lnk
obj[128]=MRU FileReference : C:\Documents and Settings\Beth\recent\RU 2.2 User_CH_14.fm.lnk
obj[129]=MRU FileReference : C:\Documents and Settings\Beth\recent\RU PC 2.2 Release Letter.doc.lnk
obj[130]=MRU FileReference : C:\Documents and Settings\Beth\recent\RU PC 2.2 User Guide.pdf.lnk
obj[131]=MRU FileReference : C:\Documents and Settings\Beth\recent\RUB22 Doc Change.doc.lnk
obj[132]=MRU FileReference : C:\Documents and Settings\Beth\recent\Ryan-Cover Letter.doc.lnk
obj[133]=MRU FileReference : C:\Documents and Settings\Beth\recent\RYAN_HARROD.rtf.lnk
obj[134]=MRU FileReference : C:\Documents and Settings\Beth\recent\salesperson.doc.lnk
obj[135]=MRU FileReference : C:\Documents and Settings\Beth\recent\salesperson.pdf.lnk
obj[136]=MRU FileReference : C:\Documents and Settings\Beth\recent\Schedule.fm.lnk
obj[137]=MRU FileReference : C:\Documents and Settings\Beth\recent\Scoring Brochure - Small Business 010506.ppt.lnk
obj[138]=MRU FileReference : C:\Documents and Settings\Beth\recent\SCREENS.lnk
obj[139]=MRU FileReference : C:\Documents and Settings\Beth\recent\Settings.lnk
obj[140]=MRU FileReference : C:\Documents and Settings\Beth\recent\Specs OK.lnk
obj[141]=MRU FileReference : C:\Documents and Settings\Beth\recent\STAGG Select P0211654.doc.lnk
obj[142]=MRU FileReference : C:\Documents and Settings\Beth\recent\Start RapUP option and move CB707 call P0211687.doc.lnk
obj[143]=MRU FileReference : C:\Documents and Settings\Beth\recent\TIME OFF REQ-040606.doc.lnk
obj[144]=MRU FileReference : C:\Documents and Settings\Beth\recent\Time Off Request Form.dot.lnk
obj[145]=MRU FileReference : C:\Documents and Settings\Beth\recent\Tranclass.rtf.lnk
obj[146]=MRU FileReference : C:\Documents and Settings\Beth\recent\Update text.bmp.lnk
obj[147]=MRU FileReference : C:\Documents and Settings\Beth\recent\UPDATE to CC 6.doc.lnk
obj[148]=MRU FileReference : C:\Documents and Settings\Beth\recent\Updates for Vol_Test Doc.doc.lnk
obj[149]=MRU FileReference : C:\Documents and Settings\Beth\recent\Volume Test Comparison of Attribute Results-GENASYS to RapUP.pdf.lnk
obj[150]=MRU FileReference : C:\Documents and Settings\Beth\recent\Volume Testing for Genasys to RapUP Comparison.book.lnk
obj[151]=MRU FileReference : C:\Documents and Settings\Beth\recent\WebHelp_Pro.lnk
obj[152]=MRU FileReference : C:\Documents and Settings\Beth\recent\Word.lnk
obj[154]=MRU RegReference : S-1-5-21-3125719873-2189246704-3068007056-1005\software\microsoft\direct3d\mostrecentapplication name
obj[155]=MRU RegReference : software\microsoft\direct3d\mostrecentapplication name
obj[156]=MRU RegReference : S-1-5-21-3125719873-2189246704-3068007056-1005\software\microsoft\direct3d\mostrecentapplication name
obj[157]=MRU RegReference : software\microsoft\direct3d\mostrecentapplication name
obj[158]=MRU RegReference : software\microsoft\directdraw\mostrecentapplication name
obj[159]=MRU RegReference : S-1-5-21-3125719873-2189246704-3068007056-1005\software\microsoft\internet explorer download directory
obj[160]=MRU RegReference : S-1-5-21-3125719873-2189246704-3068007056-1005\software\microsoft\internet explorer\typedurls
obj[161]=MRU RegReference : S-1-5-21-3125719873-2189246704-3068007056-1005\software\microsoft\mediaplayer\player\recentfilelist
obj[162]=MRU RegReference : S-1-5-21-3125719873-2189246704-3068007056-1005\software\microsoft\mediaplayer\preferences lastplaylistindex
obj[163]=MRU RegReference : S-1-5-21-3125719873-2189246704-3068007056-1005\software\microsoft\mediaplayer\preferences lastplaylist
obj[164]=MRU RegReference : S-1-5-21-3125719873-2189246704-3068007056-1005\software\microsoft\office\10.0\common\open find\microsoft powerpoint\settings\save as\file name mru value
obj[165]=MRU RegReference : S-1-5-21-3125719873-2189246704-3068007056-1005\software\microsoft\office\10.0\common\open find\microsoft word\settings\open\file name mru value
obj[166]=MRU RegReference : S-1-5-21-3125719873-2189246704-3068007056-1005\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru value
obj[167]=MRU RegReference : S-1-5-21-3125719873-2189246704-3068007056-1005\software\microsoft\office\10.0\excel\recent files
obj[168]=MRU RegReference : S-1-5-21-3125719873-2189246704-3068007056-1005\software\microsoft\office\10.0\powerpoint\recent file list
obj[169]=MRU RegReference : S-1-5-21-3125719873-2189246704-3068007056-1005\software\microsoft\windows\currentversion\applets\regedit lastkey
obj[170]=MRU RegReference : S-1-5-21-3125719873-2189246704-3068007056-1005\software\microsoft\windows\currentversion\applets\wordpad\recent file list
obj[171]=MRU RegReference : S-1-5-21-3125719873-2189246704-3068007056-1005\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru

TRACKING COOKIE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[26]=IECache Entry : Cookie:beth@doubleclick.net/
obj[27]=IECache Entry : Cookie:beth@statcounter.com/
obj[28]=IECache Entry : Cookie:beth@realmedia.com/
obj[29]=IECache Entry : Cookie:beth@ehg-comcast.hitbox.com/
obj[30]=IECache Entry : Cookie:beth@z1.adserver.com/
obj[31]=IECache Entry : Cookie:beth@atdmt.com/
obj[32]=IECache Entry : Cookie:beth@2o7.net/
obj[33]=IECache Entry : Cookie:beth@questionmarket.com/
obj[34]=IECache Entry : Cookie:beth@advertising.com/
obj[35]=IECache Entry : Cookie:beth@twci.coremetrics.com/
obj[36]=IECache Entry : Cookie:beth@www.movieland.com/
obj[37]=IECache Entry : Cookie:beth@ads.vitalix.net/
obj[38]=IECache Entry : Cookie:beth@clickbank.net/
obj[39]=IECache Entry : Cookie:beth@data.coremetrics.com/
obj[40]=IECache Entry : Cookie:beth@adtech.de/

[fireboy]

Here's my AdAware log too:

I am having the same problem with moviepass.tv and I followed you directions. Here is my last log:

Ad-Aware SE Build 1.05
Logfile Created on:Tuesday, May 09, 2006 11:23:45 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R107 09.05.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
IBIS Toolbar(TAC index:5):2 total references
MRU List(TAC index:0):82 total references
Tracking Cookie(TAC index:3):22 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5-9-2006 11:23:45 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Bill\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\Bill\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1006\software\adobe\photoshop\7.0\visiteddirs
Description : adobe photoshop 7 recent work folders


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1004\software\creative tech\creative wavestudio\settings
Description : list of recently used directories in creative wavestudio


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1006\software\jasc\animation shop 3\fileopendialog
Description : list of recently opened files in jasc animation shop


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1006\software\jasc\animation shop 3\recent file list
Description : list of recently used files in jasc animation shop


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1006\software\jasc\animation shop 3\saveasdialog
Description : list of recently saved files in jasc animation shop


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1004\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1006\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1007\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1004\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1006\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1007\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1007\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1007\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1004\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1006\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1007\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1007\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1006\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1007\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1006\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1007\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1004\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1007\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1006\software\microsoft\mediaplayer\player\settings
Description : last save as directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1006\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1004\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1006\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1007\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1004\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1006\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1007\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1004\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1006\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1004\software\microsoft\office\10.0\clip organizer\search\last query
Description : last query in microsoft clip organizer


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1007\software\microsoft\office\10.0\clip organizer\search\last query
Description : last query in microsoft clip organizer


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1004\software\microsoft\office\10.0\common\general
Description : list of recently used symbols in microsoft office


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1007\software\microsoft\office\10.0\common\open find\microsoft powerpoint\settings\save as\file name mru
Description : list of recent documents saved by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1004\software\microsoft\office\10.0\common\open find\microsoft word\settings\open\file name mru
Description : list of recent documents opened by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1006\software\microsoft\office\10.0\common\open find\microsoft word\settings\open\file name mru
Description : list of recent documents opened by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1007\software\microsoft\office\10.0\common\open find\microsoft word\settings\open\file name mru
Description : list of recent documents opened by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1004\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1006\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1007\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1006\software\microsoft\office\10.0\excel\recent files
Description : list of recent files used by microsoft excel


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1007\software\microsoft\office\10.0\excel\recent files
Description : list of recent files used by microsoft excel


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1007\software\microsoft\office\10.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1004\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1006\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1007\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1004\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1006\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1007\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1006\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1007\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1007\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1004\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1006\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1007\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1006\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1004\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1006\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1004\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1006\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1007\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1004\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1006\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1007\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1006\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1004\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1006\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-1482476501-1454471165-725345543-1007\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 572
ThreadCreationTime : 5-7-2006 9:29:31 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 636
ThreadCreationTime : 5-7-2006 9:29:32 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 660
ThreadCreationTime : 5-7-2006 9:29:33 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 704
ThreadCreationTime : 5-7-2006 9:29:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 716
ThreadCreationTime : 5-7-2006 9:29:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 868
ThreadCreationTime : 5-7-2006 9:29:34 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 944
ThreadCreationTime : 5-7-2006 9:29:34 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1036
ThreadCreationTime : 5-7-2006 9:29:35 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1092
ThreadCreationTime : 5-7-2006 9:29:35 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1228
ThreadCreationTime : 5-7-2006 9:29:35 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1388
ThreadCreationTime : 5-7-2006 9:29:37 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1552
ThreadCreationTime : 5-7-2006 9:30:12 PM
BasePriority : Normal
FileVersion : 7,1,0,365
ProductVersion : 7.1.0.365
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:13 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1568
ThreadCreationTime : 5-7-2006 9:30:12 PM
BasePriority : Normal
FileVersion : 7,1,0,349
ProductVersion : 7.1.0.349
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:14 [ctsvccda.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1580
ThreadCreationTime : 5-7-2006 9:30:12 PM
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
ProductName : Creative Service for CDROM Access
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.
OriginalFilename : CTsvcCDA.EXE

#:15 [nvsvc32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1656
ThreadCreationTime : 5-7-2006 9:30:12 PM
BasePriority : Normal
FileVersion : 6.14.10.5216
ProductVersion : 6.14.10.5216
ProductName : NVIDIA Driver Helper Service, Version 52.16
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 52.16
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:16 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1812
ThreadCreationTime : 5-7-2006 9:30:16 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:17 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1832
ThreadCreationTime : 5-7-2006 9:30:16 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:18 [mspmspsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1888
ThreadCreationTime : 5-7-2006 9:30:16 PM
BasePriority : Normal
FileVersion : 7.00.00.1954
ProductVersion : 7.00.00.1954
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE

#:19 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 228
ThreadCreationTime : 5-7-2006 9:30:16 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:20 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1344
ThreadCreationTime : 5-7-2006 9:34:03 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:21 [directcd.exe]
FilePath : C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\
ProcessID : 1620
ThreadCreationTime : 5-7-2006 9:34:06 PM
BasePriority : Normal
FileVersion : 5.3.4.21
ProductVersion : 5.3.4.21
ProductName : DirectCD
CompanyName : Roxio
FileDescription : DirectCD Application
InternalName : DirectCD
LegalCopyright : Copyright © 2001,2002, Roxio, Inc.
OriginalFilename : Directcd.exe

#:22 [avgcc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1756
ThreadCreationTime : 5-7-2006 9:34:07 PM
BasePriority : Normal
FileVersion : 7,1,0,381
ProductVersion : 7.1.0.381
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2006, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:23 [avgemc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 164
ThreadCreationTime : 5-7-2006 9:34:07 PM
BasePriority : Normal
FileVersion : 7,1,0,371
ProductVersion : 7.1.0.371
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:24 [aolsoftware.exe]
FilePath : C:\Program Files\Common Files\AOL\1132885810\ee\
ProcessID : 280
ThreadCreationTime : 5-7-2006 9:34:08 PM
BasePriority : Normal
FileVersion : 1.4.9.1
ProductVersion : 1.4.9.1
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOL
InternalName : AOLSoftware
LegalCopyright : © 2005 America Online, Inc.
OriginalFilename : AOLSoftware.exe

#:25 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 288
ThreadCreationTime : 5-7-2006 9:34:08 PM
BasePriority : Normal
FileVersion : 7.0.4
ProductVersion : QuickTime 7.0.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2006
OriginalFilename : QTTask.exe

#:26 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 296
ThreadCreationTime : 5-7-2006 9:34:08 PM
BasePriority : Normal
FileVersion : 6.0.4.2
ProductVersion : 6.0.4.2
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:27 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 308
ThreadCreationTime : 5-7-2006 9:34:08 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:28 [aim.exe]
FilePath : C:\Program Files\AIM\
ProcessID : 428
ThreadCreationTime : 5-7-2006 9:34:09 PM
BasePriority : Normal
FileVersion : 5.9.3861
ProductVersion : 5.9.3861
ProductName : AOL Instant Messenger
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
LegalCopyright : Copyright © 1996-2005 America Online, Inc.
OriginalFilename : AIM.EXE

#:29 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 1612
ThreadCreationTime : 5-7-2006 9:34:10 PM
BasePriority : Normal
FileVersion : 6.0.4.2
ProductVersion : 6.0.4.2
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:30 [wzqkpick.exe]
FilePath : C:\Program Files\WinZip\
ProcessID : 1244
ThreadCreationTime : 5-7-2006 9:34:13 PM
BasePriority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 9.0 (6224)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright © WinZip Computing, Inc. 1991-2004 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English

#:31 [diagent.exe]
FilePath : C:\Program Files\Creative\SBLive\Diagnostics\
ProcessID : 884
ThreadCreationTime : 5-7-2006 9:34:14 PM
BasePriority : Normal
FileVersion : 1, 1, 4, 0
ProductVersion : 1.01.04
ProductName : Creative Diagnostics Agent
CompanyName : Creative Technology Ltd
FileDescription : Creative Diagnostics Agent
InternalName : Creative Diagnostics Agent
LegalCopyright : Copyright © 2002 Creative Technology Ltd
OriginalFilename : diagent.exe

#:32 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 2016
ThreadCreationTime : 5-7-2006 11:22:27 PM
BasePriority : Normal


#:33 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 504
ThreadCreationTime : 5-7-2006 11:22:27 PM
BasePriority : High


#:34 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 592
ThreadCreationTime : 5-7-2006 11:22:32 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:35 [directcd.exe]
FilePath : C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\
ProcessID : 1416
ThreadCreationTime : 5-7-2006 11:22:35 PM
BasePriority : Normal
FileVersion : 5.3.4.21
ProductVersion : 5.3.4.21
ProductName : DirectCD
CompanyName : Roxio
FileDescription : DirectCD Application
InternalName : DirectCD
LegalCopyright : Copyright © 2001,2002, Roxio, Inc.
OriginalFilename : Directcd.exe

#:36 [avgcc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 3960
ThreadCreationTime : 5-7-2006 11:22:35 PM
BasePriority : Normal
FileVersion : 7,1,0,381
ProductVersion : 7.1.0.381
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2006, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:37 [avgemc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 2440
ThreadCreationTime : 5-7-2006 11:22:35 PM
BasePriority : Normal
FileVersion : 7,1,0,371
ProductVersion : 7.1.0.371
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:38 [aolsoftware.exe]
FilePath : C:\Program Files\Common Files\AOL\1132885810\ee\
ProcessID : 2364
ThreadCreationTime : 5-7-2006 11:22:35 PM
BasePriority : Normal
FileVersion : 1.4.9.1
ProductVersion : 1.4.9.1
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOL
InternalName : AOLSoftware
LegalCopyright : © 2005 America Online, Inc.
OriginalFilename : AOLSoftware.exe

#:39 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 1548
ThreadCreationTime : 5-7-2006 11:22:35 PM
BasePriority : Normal
FileVersion : 7.0.4
ProductVersion : QuickTime 7.0.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2006
OriginalFilename : QTTask.exe

#:40 [aim.exe]
FilePath : C:\Program Files\AIM\
ProcessID : 172
ThreadCreationTime : 5-7-2006 11:22:35 PM
BasePriority : Normal
FileVersion : 5.9.3861
ProductVersion : 5.9.3861
ProductName : AOL Instant Messenger
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
LegalCopyright : Copyright © 1996-2005 America Online, Inc.
OriginalFilename : AIM.EXE

#:41 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 2496
ThreadCreationTime : 5-7-2006 11:22:35 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:42 [wzqkpick.exe]
FilePath : C:\Program Files\WinZip\
ProcessID : 536
ThreadCreationTime : 5-7-2006 11:22:39 PM
BasePriority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 9.0 (6224)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright © WinZip Computing, Inc. 1991-2004 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English

#:43 [hotsync.exe]
FilePath : C:\Program Files\palmOne\
ProcessID : 2708
ThreadCreationTime : 5-7-2006 11:22:39 PM
BasePriority : Normal
FileVersion : 4.0.4
ProductVersion : 4.1.0
ProductName : HotSync® Manager, Palm Desktop
CompanyName : Palm, Inc.
FileDescription : HotSync® Manager Application
InternalName : HotSync®
LegalCopyright : Copyright © 1995-2001 Palm, Inc.
LegalTrademarks : HotSync® is a registered trademark of Palm, Inc.
OriginalFilename : Hotsync.exe

#:44 [diagent.exe]
FilePath : C:\Program Files\Creative\SBLive\Diagnostics\
ProcessID : 2892
ThreadCreationTime : 5-7-2006 11:22:40 PM
BasePriority : Normal
FileVersion : 1, 1, 4, 0
ProductVersion : 1.01.04
ProductName : Creative Diagnostics Agent
CompanyName : Creative Technology Ltd
FileDescription : Creative Diagnostics Agent
InternalName : Creative Diagnostics Agent
LegalCopyright : Copyright © 2002 Creative Technology Ltd
OriginalFilename : diagent.exe

#:45 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 3736
ThreadCreationTime : 5-8-2006 1:38:54 AM
BasePriority : Normal


#:46 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 3544
ThreadCreationTime : 5-8-2006 1:38:55 AM
BasePriority : High


#:47 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 3172
ThreadCreationTime : 5-8-2006 1:39:01 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:48 [directcd.exe]
FilePath : C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\
ProcessID : 3948
ThreadCreationTime : 5-8-2006 1:39:06 AM
BasePriority : Normal
FileVersion : 5.3.4.21
ProductVersion : 5.3.4.21
ProductName : DirectCD
CompanyName : Roxio
FileDescription : DirectCD Application
InternalName : DirectCD
LegalCopyright : Copyright © 2001,2002, Roxio, Inc.
OriginalFilename : Directcd.exe

#:49 [avgcc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 3608
ThreadCreationTime : 5-8-2006 1:39:07 AM
BasePriority : Normal
FileVersion : 7,1,0,381
ProductVersion : 7.1.0.381
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2006, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:50 [avgemc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1424
ThreadCreationTime : 5-8-2006 1:39:07 AM
BasePriority : Normal
FileVersion : 7,1,0,371
ProductVersion : 7.1.0.371
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:51 [aolsoftware.exe]
FilePath : C:\Program Files\Common Files\AOL\1132885810\ee\
ProcessID : 2136
ThreadCreationTime : 5-8-2006 1:39:09 AM
BasePriority : Normal
FileVersion : 1.4.9.1
ProductVersion : 1.4.9.1
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOL
InternalName : AOLSoftware
LegalCopyright : © 2005 America Online, Inc.
OriginalFilename : AOLSoftware.exe

#:52 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 444
ThreadCreationTime : 5-8-2006 1:39:09 AM
BasePriority : Normal
FileVersion : 7.0.4
ProductVersion : QuickTime 7.0.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2006
OriginalFilename : QTTask.exe

#:53 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 244
ThreadCreationTime : 5-8-2006 1:39:10 AM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:54 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1120
ThreadCreationTime : 5-8-2006 1:39:10 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:55 [camnotifier.exe]
FilePath : C:\Program Files\247Cams\
ProcessID : 2328
ThreadCreationTime : 5-8-2006 1:39:15 AM
BasePriority : Normal


#:56 [diagent.exe]
FilePath : C:\Program Files\Creative\SBLive\Diagnostics\
ProcessID : 1004
ThreadCreationTime : 5-8-2006 1:39:15 AM
BasePriority : Normal
FileVersion : 1, 1, 4, 0
ProductVersion : 1.01.04
ProductName : Creative Diagnostics Agent
CompanyName : Creative Technology Ltd
FileDescription : Creative Diagnostics Agent
InternalName : Creative Diagnostics Agent
LegalCopyright : Copyright © 2002 Creative Technology Ltd
OriginalFilename : diagent.exe

#:57 [license_manager.exe]
FilePath : C:\Program Files\License_Manager\
ProcessID : 208
ThreadCreationTime : 5-8-2006 1:39:16 AM
BasePriority : Normal
FileVersion : 20.464.0.19
ProductVersion : 20.464.0.19
ProductName : Notifier
FileDescription : Notifier
LegalCopyright : Copyright © 2004 Notifier

[fireboy]

Second half - someone help please

#:58 [wzqkpick.exe]
FilePath : C:\Program Files\WinZip\
ProcessID : 756
ThreadCreationTime : 5-8-2006 1:39:19 AM
BasePriority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 9.0 (6224)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright © WinZip Computing, Inc. 1991-2004 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English

#:59 [itunes.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 3832
ThreadCreationTime : 5-8-2006 7:11:15 PM
BasePriority : Normal
FileVersion : 6.0.4.2
ProductVersion : 6.0.4.2
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunes
InternalName : iTunes
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunes.exe

#:60 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1952
ThreadCreationTime : 5-10-2006 3:20:47 AM
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:61 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2228
ThreadCreationTime : 5-10-2006 3:23:07 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:62 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 860
ThreadCreationTime : 5-10-2006 3:23:25 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900